Community discussions

MikroTik App
 
Caed
just joined
Topic Author
Posts: 5
Joined: Fri Aug 30, 2013 8:28 am

OpenVPN Server Config nightmares...

Sun Jan 05, 2014 3:31 am

I've tried to follow the tutorial in the http://wiki.mikrotik.com/wiki/OpenVPN_C ... ep_by_Step, but apparently something has changed because some of the screen shots and menus are different. I don't seem to be having problems with my certificates/keys.

I am running version 6.2 on x86. I have a cable modem at home coming into my router, so I have a permanent connection.

I am testing this from INSIDE my network (On my LAN), connecting out to my public IP and back in.

I want to setup a VPN *server* on my MikroTik router that I can connect with OpenVPN client on my Windows laptop or Android devices.

The problems I'm seeing are:

1) When I set protocol to TCP in client config file, connection fails, but if protocol is UDP I connect, but completely and get error UDPv4 link local: [undef]:
Sat Jan 04 16:39:05 2014 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Sat Jan 04 16:39:05 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jan 04 16:39:05 2014 Need hold release from management interface, waiting...
Sat Jan 04 16:39:06 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jan 04 16:39:06 2014 MANAGEMENT: CMD 'state on'
Sat Jan 04 16:39:06 2014 MANAGEMENT: CMD 'log all on'
Sat Jan 04 16:39:06 2014 MANAGEMENT: CMD 'hold off'
Sat Jan 04 16:39:06 2014 MANAGEMENT: CMD 'hold release'
Sat Jan 04 16:39:06 2014 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 04 16:39:12 2014 MANAGEMENT: CMD 'password [...]'
Sat Jan 04 16:39:12 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Sat Jan 04 16:39:12 2014 MANAGEMENT: >STATE:1388882352,RESOLVE,,,
Sat Jan 04 16:39:12 2014 UDPv4 link local: [undef]
Sat Jan 04 16:39:12 2014 UDPv4 link remote: [AF_INET]xx.xx.xx.xx:1194
Sat Jan 04 16:39:12 2014 MANAGEMENT: >STATE:1388882352,WAIT,,,
2) What is the story with MikroTik and UDP for VPN?? Is it broken for Client or Server? Why am I only able to connect using UDP as a client?

3) On Winbox if I go to Interface and try to add an interface there is no OVPN-Server, only OVPN-Server Binding. Actually everywhere I see "BINDING", is this the same as SERVER?

4) I'm not seeing anything in the MikroTik log file, the above log is from the client. It looks like I'm not getting an IP address, from the command line I see:
[MikroTik] /interface ovpn-server server> print
                     enabled: yes
                        port: 1194
                        mode: ip
                     netmask: 29
                 mac-address: FE:F1:54:F1:3E:37
                     max-mtu: 1500
           keepalive-timeout: disabled
             default-profile: ovpn
                 certificate: cert1
  require-client-certificate: no
                        auth: sha1,md5
                      cipher: blowfish128,aes128,aes192,aes256
My PPP profile shows this:
name="ovpn" local-address=10.0.100.1 remote-address=ovpn-pool remote-ipv6-prefix-pool=none use-ipv6=yes use-mpls=default use-compression=default 
     use-vj-compression=default use-encryption=default only-one=default change-tcp-mss=default address-list="" dns-server=8.8.8.8
add name=ovpn-pool ranges=10.0.100.1-10.1.100.10
5) Why is OpenVPN using the PPP interface and not some "VPN Server Binding" that appears on Interface in Winbox where my WAN & LAN interfaces are?

I love my Mikrotik router, but the documentation is inconsistent and doesn't say which version it is referring to which makes it frustrating.

Can anyone help? I was thinking there might be some issue the way I'm testing by looping out of my network and back in, but I'm not sure that explains all the problems.

I've been using RouterOS for less than a year, so be gentle :-) Answers to ANY of my questions will be appreciated!
 
Caed
just joined
Topic Author
Posts: 5
Joined: Fri Aug 30, 2013 8:28 am

Re: OpenVPN Server Config nightmares...

Tue Jan 07, 2014 8:11 am

Ok, it took a couple days for this post to make it out of the moderation queue and I've made some progress but still need help.

I've resolved the issue with connecting using UDP (strange that it would connect with UDP and not TCP), but now I am connected with TCP. I need help with setting the route from my windows client to my OpenVPN server (Mikrotik router).

My home network with MikroTik router is: 10.0.10.1/26
The OpenVPN server network is: 10.100.0.1/29

I need to be able to move files between the home network and the client (Windows 7).

What do I need to change on the router for home network to see client?

What info can I post to help?

Who is online

Users browsing this forum: anav, boocko, kolopeter, Michiganbroadband and 76 guests