Сервер OpenVPN не видит сеть за микротиком. Что не так?

Приветствую! Знаю, что тема заезжена - но перечитав множество мануалов решение не было найдено.
Удаленно поднят ovpn сервер

port 1194
proto tcp
dev tun
user ovpn
group ovpn
cd /etc/ovpn
persist-key
persist-tun
dh /etc/ovpn/dh1024.pem
ca /etc/ovpn/ca.crt
cert /etc/ovpn/vpn.crt
key /etc/ovpn/vpn.key
server 192.168.1.0 255.255.255.0
client-config-dir /etc/ovpn/ccd
auth SHA1
cipher AES-256-CBC
client-to-client
topology subnet
max-clients 5
push "dhcp-option DNS 8.8.8.8"
push "redirect-gateway def1"
route 192.168.1.0 255.255.255.0
route 192.168.2.0 255.255.255.0
keepalive 10 120
status /var/log/ovpn/openvpn-status.log 1
status-version 3
log-append /var/log/ovpn/openvpn-server.log
verb 3
mute 20

# iptables -L -t nat --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination

# sysctl -p
net.ipv4.ip_forward = 1

На микротике поднят ovpn клиент. Подключение есть, пинги из сети за микротиком (192.168.2.0 255.255.255.0) до ovpn серевера идут. Но вот с cервера сеть за микротиком не видно.

ip route print 
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          45.44.46.1                1
 1 ADC  45.44.46.0/22      45.44.46.72     ether1-gateway            0
 2 ADC  192.168.1.1/32     192.168.1.2     ovpn-out1                 0
 3 ADC  192.168.2.0/24     192.168.2.1    bridge-local               0

ip firewall filter  print   
Flags: X - disabled, I - invalid, D - dynamic 
 0  D ;;; special dummy rule to show fasttrack counters
      chain=forward 

 1    ;;; default configuration
      chain=input action=accept protocol=icmp log=no log-prefix="" 

 2    ;;; default configuration
      chain=input action=accept connection-state=established,related log=no 
      log-prefix="" 

 3    ;;; default configuration
      chain=input action=drop in-interface=ether1-gateway log=no log-prefix="" 

 4    ;;; default configuration
      chain=forward action=fasttrack-connection 
      connection-state=established,related log=no log-prefix="" 

 5    ;;; default configuration
      chain=forward action=accept connection-state=established,related log=no 
      log-prefix="" 

 6    ;;; default configuration
      chain=forward action=drop connection-state=invalid log=no log-prefix="" 

 7    ;;; default configuration
      chain=forward action=drop connection-state=new 
      connection-nat-state=!dstnat in-interface=ether1-gateway log=no 
      log-prefix="" 

 8    ;;; Deny invalid connections
      chain=input action=drop connection-state=invalid log=no log-prefix=""