Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN between pfSense server and Mikrotik client

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 353 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mguarientiM
      mguarienti
      last edited by

      Hi everyone!

      I configured a pfsense with openvpn server that receives connections from a mikrotik client. The settings are ok and mikrotik successfully connects to the pfsense server. I can access anything from mikrotik lan to pfsense lan but i can't access anything from pfsense lan to mikrotik lan.

      my pfsense openvpn server conf:

      dev ovpns1
      verb 3
      dev-type tun
      dev-node /dev/tun1
      writepid /var/run/openvpn_server1.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto tcp4-server
      auth SHA1
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      local 170.xx.xx.xx
      tls-server
      server 10.200.0.0 255.255.255.0
      client-config-dir /var/etc/openvpn/server1/csc
      ifconfig 10.200.0.1 10.200.0.2
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'pfsense.xxxx.com' 1"
      lport 1194
      management /var/etc/openvpn/server1/sock unix
      push "route 192.168.0.0 255.255.0.0"
      remote-cert-tls client
      route 192.168.1.0 255.255.255.0
      capath /var/etc/openvpn/server1/ca
      cert /var/etc/openvpn/server1/cert 
      key /var/etc/openvpn/server1/key 
      dh /etc/dh-parameters.2048
      ncp-disable
      cipher AES-256-CBC
      allow-compression asym
      topology subnet
      inactive 300
      

      where:

      Tunnel network: 10.200.0.0/24
      pfSense LAN: 192.168.0.0/16
      Mikrotik LAN: 192.168.1.0/24

      in client specific override, I added "iroute 192.168.1.0 255.255.255.0" in 'advanced' box (which is my lan on mikrotik's side)

      IPv4 routing table:
      a5b78bb7-4498-4daa-885e-b815acd499f2-image.png

      openvpn connection status:
      3adfb5bc-09e4-41e9-8b18-4cfbbf63337c-image.png

      on the mikrotik side I made a masquerade rule to work the connection from there to the pfsense lan.

      the most curious thing is that I can ping any host through the pfsense server to hosts on the mikrotik lan, but I can't from any host on the pfsense lan to the mikrotik lan:
      002dc55a-2164-4388-a130-2fd33e9a7a2a-image.png

      any suggestion? something that needs to be done and forgot?
      thank you very much in advance.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.