I am having hard time (two days spent trying things, googling and learning with little success) setting up OpenVPN server on my RB750 (just upgraded it from 5.2, and from some earlier bios).
I am trying to make OpenVPN server so clients can connect to a local file server (FS resides on 192.168.1.x network).
So here is what i did (omited some useless info):
Code: Select all
[admin@MikroTik] /interface bridge port> /ip pool print
# NAME RANGES
0 default-dhcp 192.168.1.10-192.168.1.254
1 VPN01 192.168.4.10-192.168.4.20
Code: Select all
[admin@MikroTik] /ppp profile> print
1 name="OpenVPN1-in" local-address=192.168.4.1 remote-address=VPN01
use-mpls=default use-compression=default use-vj-compression=default
use-encryption=required only-one=default change-tcp-mss=default
Code: Select all
[admin@MikroTik] > /ppp secret print
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
1 - ovpn - OpenVPN1-in
Code: Select all
[admin@MikroTik] /ppp> /interface ovpn-server server print
enabled: yes
port: 1194
mode: ethernet
netmask: 24
mac-address: FE:B5:6C:46:0F:00
max-mtu: 1500
keepalive-timeout: disabled
default-profile: OpenVPN1-in
certificate: ServerCert
require-client-certificate: no
auth: sha1,md5
cipher: blowfish128,aes128,aes192,aes256
Code: Select all
[admin@MikroTik] /ip firewall filter> print
4 ;;; OpenVPN
chain=input action=accept protocol=tcp dst-port=1194
client.ovpn content:
Code: Select all
dev tap
proto tcp-client
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
tls-client
ca ca.crt
cert client1.crt
key client1.key
auth-user-pass
verb 3
ping 10
cipher AES-256-CBC
auth SHA1
pull
auth-nocache
;script-security 2 system -- tried that, not much help
;route-up "route add 192.168.1.0 mask 255.255.255.0 192.168.4.1" -- tried that, not much help
Code: Select all
Sun Jun 10 20:42:25 2012 OpenVPN 2.2-beta3 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Sep 2 2010
Sun Jun 10 20:42:28 2012 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sun Jun 10 20:42:28 2012 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jun 10 20:42:28 2012 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Jun 10 20:42:28 2012 NOTE: --script-security method='system' is deprecated due to the fact that passed parameters will be subject to shell expansion
Sun Jun 10 20:42:28 2012 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Jun 10 20:42:28 2012 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sun Jun 10 20:42:28 2012 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Sun Jun 10 20:42:28 2012 Local Options hash (VER=V4): 'b60e7885'
Sun Jun 10 20:42:28 2012 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Sun Jun 10 20:42:28 2012 Attempting to establish TCP connection with xxx.xxx.xxx.xxx:1194
Sun Jun 10 20:42:28 2012 TCP connection established with xxx.xxx.xxx.xxx:1194
Sun Jun 10 20:42:28 2012 TCPv4_CLIENT link local: [undef]
Sun Jun 10 20:42:28 2012 TCPv4_CLIENT link remote: xxx.xxx.xxx.xxx:1194
Sun Jun 10 20:42:28 2012 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=404b35c7 eaf40f1d
Sun Jun 10 20:42:29 2012 VERIFY OK: depth=1, /C=_andsoon_
Sun Jun 10 20:42:29 2012 VERIFY OK: depth=0, /C=_andsoon_
Sun Jun 10 20:42:30 2012 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 10 20:42:30 2012 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 10 20:42:30 2012 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sun Jun 10 20:42:30 2012 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Sun Jun 10 20:42:30 2012 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Sun Jun 10 20:42:30 2012 [ovpn-server] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194
Sun Jun 10 20:42:33 2012 SENT CONTROL [ovpn-server]: 'PUSH_REQUEST' (status=1)
Sun Jun 10 20:42:38 2012 SENT CONTROL [ovpn-server]: 'PUSH_REQUEST' (status=1)
Sun Jun 10 20:42:43 2012 SENT CONTROL [ovpn-server]: 'PUSH_REQUEST' (status=1)
Sun Jun 10 20:42:43 2012 PUSH: Received control message: 'PUSH_REPLY,route-gateway 192.168.4.1,ifconfig 192.168.4.20 255.255.255.0'
Sun Jun 10 20:42:43 2012 OPTIONS IMPORT: --ifconfig/up options modified
Sun Jun 10 20:42:43 2012 OPTIONS IMPORT: route-related options modified
Sun Jun 10 20:42:43 2012 TAP-WIN32 device [Local Area Connection 2] opened: \\.\Global\{D72FDF0E-5635-4484-99E9-95C150E2345E}.tap
Sun Jun 10 20:42:43 2012 TAP-Win32 Driver Version 9.8
Sun Jun 10 20:42:43 2012 TAP-Win32 MTU=1500
Sun Jun 10 20:42:43 2012 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.4.20/255.255.255.0 on interface {D72FDF0E-5635-4484-99E9-95C150E2345E} [DHCP-serv: 192.168.4.0, lease-time: 31536000]
Sun Jun 10 20:42:43 2012 Successful ARP Flush on interface [16] {D72FDF0E-5635-4484-99E9-95C150E2345E}
Sun Jun 10 20:42:48 2012 TEST ROUTES: 0/0 succeeded len=-1 ret=1 a=0 u/d=up
Sun Jun 10 20:42:48 2012 Initialization Sequence Completed
Code: Select all
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.4.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 10. junij 2012 20:50:08
Lease Expires . . . . . . . . . . : 10. junij 2013 20:50:07
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.4.0
DHCPv6 IAID . . . . . . . . . . . : 469827543
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-44-FC-01-00-22-15-37-14-22
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
If you need any more info, i can post that too. As long as this thing finally gets working.
Any help would be usefull as i am at a loss...