I’m trying to setup MikroTik as OpenVPN client but with no success. I have done everything as in Wiki, but nothing works. My problems is the same as here http://forum.mikrotik.com/t/openvpn-unknown-auth-alg/18413/1 No solutions so far. My server is DD-WRT on WRT350N router. Ok, you can tell me that wrong configuration in DD-WRT or I get no support here for DD-WRT, but by using OpenVPN client for Windows I have no problems to connect to DD-WRT. I use OpenVPN client with GUI on Windows. So I think it might be some problem in configuration or comatibility. Can you provide any help ?
Thank you very much for your reply. Its very important for me to start this VPN connection, but now it seems that it is just not possible
Ok, my password was longer than 7 symbols and I made it shorter - 4 symbols. Restarted MikroTik. Nothing helps. Firewall has rule for VPN and I can see counter running of accepted packets. Furthermore I log all dropped/rejected packets and I didn’t see any of VPN packets dropped.
So my config at RoS side is:
In the beginning there was no user/pass at the DD-WRT side, but later I implemented it and again had no problems connecting to it using OpenVPN GUI. Computer from which connect is behind the same MikroTik router and has no problems at all. Here what I get at DD-WRT side:
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: MULTI: multi_create_instance called
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: Re-using SSL/TLS context
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: Control Channel MTU parms ......
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: Data Channel MTU parms ....
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: TCP connection established with x.x.x.x:60200
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: Socket Buffers: R=[65534->65534] S=[65534->65534]
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: TCPv4_SERVER link local: [undef]
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: TCPv4_SERVER link remote: x.x.x.x:60200
Dec 23 22:23:25 xxx daemon.notice openvpn[790]: x.x.x.x:60200 TLS: Initial packet from x.x.x.x:60200, sid=c142180d 5752099f
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 VERIFY OK: depth=1, /C=LT/ST=LT/L=LT/O=home/CN=server/emailAddress=no@mail.com
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 VERIFY OK: depth=0, /C=LT/ST=LT/L=LT/O=home/CN=client/emailAddress=no@mail.com
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 TLS: Username/Password authentication succeeded for username 'user'
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Dec 23 22:23:26 xxx daemon.err openvpn[790]: x.x.x.x:60200 Connection reset, restarting [0]
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: x.x.x.x:60200 SIGUSR1[soft,connection-reset] received, client-instance restarting
Dec 23 22:23:26 xxx daemon.notice openvpn[790]: TCP/UDP: Closing socket
It seems that there is no problems with authentication. Connection just drops and the reason is not clear to me.
What I have tried:
Are you logging ovpn at debug level like so:
/system logging add action=memory disabled=no prefix=“” topics=ovpn,debug
Unfortunately I have noticed that the OVPN in MikroTik does not have very good debug output. It looks to me like the DD-WRT is proposing cypher and auth and MikroTik rejects it and disconnects.
FWIW, I have about 50 450G/433s connected to a PC/Linux OpenVPN 2.1 server using certificates/radius to authenticate/obtain config.
One thing that I noticed that is different between MT and other clients is how the route lines need to be worded. I cant remember what it was, but there was something different between windows clients connecting and MT clients connecting.
Adding debugging support gave me only one extra line which tells me the same that unknown auth alg. Not much help from this debug info…
Maybe MikroTik support team will also look at this topic and tell at least how to get more debugging information because now I get no clue what is going on.
What do you mean about that ? I have no problems to connect to server from Windows PC. Problem is only from MT. I think route lines in not a problem here. My connection is constantly dropping. It’s not about routes.
I have even changed Linksys router to newer model and installed the latest firmware with OpenVPN support. Problem is the same, the same error messages. From Windows is again everything ok. I’m totally lost.
Ensure that the MikroTik’s date & time is set correctly. Its best if you could use NTP to automatically obtain the date & time. Without the correct date, the certificates wouldn’t be valid.
Yes data and time are correct and I use NTP. If date and time is not correct error message is different. Anyway I gave up with this as for me its not possible to get even some debug information. Linksys resets connection and MikroTIK just say that auth algo is not supported. Thats just not too much info anyway.
I like mikrotik a lot but the openvpn is not stable and it is hard to get it to work with other openvpn daemons on other platforms. I have 2 mikrotiks with openvpn running. One of them is a server for ten users to vpn to the mikrotik router and the other is a mikrotik router that connects to a linux openvpn server. They work once you iron out the kinks but I have found that the mikrotik client disconnects and reconnects a lot because it seems to be ignoring the keep-alive packets from the server. The other issue is I have yet to see any mikrotik with openvpn work for more then a month. I usually have to reboot the router once a month for it to keep working. I would suggest using pptp if you don’t mind a little less security.
I can post my configuration but I’m not using dd-wrt so it may not help you at all.
I currently have 14 routers with over 60 days of uptime. Another 20ish with over 30 days as openvpn clients. Until today, they were connected to a linux openvpn server. Just switched them over to connect to a RB1000.
I find it to be completely stable once you finger it all out.
Yes, I think so. I have a lot of different configurations from working systems, but still with no luck. I solved my problem by making DD-WRT as OpenVPN server and all clients behind MikroTIK has their own OpenVPN client software. In my case it is ok I think.
@roadracer: I aggree that they work together with each other or with linux machines, but there is some really compatibility issues with OpenVPN implementation on DD-WRT.
alphalt, have you found any solution to the problem?
I am also trying to connect from dd-wrt box (ovpn client) to mikrotik (ovpn server) and got the same "
