Hi, Team,
i have a task to configure L2 OpenVPN between Mikrotik ( as a OpenVPN client ) and OpenVPN Server on Centos 7. The configuration of the server.conf is bellow and currently Mikrotik cannot connect to the server and i only see “could not connect” status in the log. Both of the devices are behind NAT with static 1 to 1 mapping, but i saw one strange thing: Mikrotik send ISAKMP packet on the private Centos server! How is it possible that Mikrotik knows about the Private address of the server?
Please help me with an advice:
#cat server.conf
proto tcp
dev tap
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
dh /etc/openvpn/keys/dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
server-bridge
client-to-client
keepalive 10 120
auth sha1
cipher aes256
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 9
interface ovpn-client
add certificate=mikrotik-###.crt_0 cipher=aes256 connect-to=#.#.#.# [Centos_Public_IP] mac-address=02:9D:C4:37:1E:7F mode=ethernet name=ovpn-out1 \
password=none port=1701 user=none
Logs:
time=00:51:06 topics=ovpn,info message="ovpn-out1: initializing..."
time=00:51:06 topics=ovpn,info message="ovpn-out1: connecting..."
time=00:51:06 topics=ovpn,debug message="ovpn-out1: disconnected "
time=00:51:06 topics=ovpn,info message="ovpn-out1: terminating... - could not connect"
time=00:51:06 topics=ovpn,info message="ovpn-out1: disconnected"
time=00:51:07 ipsec,debug 348 bytes from MIKROTIK_LOCAL_IP[500] to 192.168.254.1[500] [b]<-what's an address?[/b]
time=00:51:07 topics=ipsec,debug,packet message="460 bytes from [b]MIKROTIK_LOCAL_IP[/b][500] to [b]CENTOS_PRIVATE_IP[/b][500]"