Hi,
I have an Ubuntu OpenVPN Server running and Mikrotik wAPGR-5HacD2HnD as the client.
I’m trying to use the OpenVPN server with the
topology subnet
configuration so that IPs are assigned from a large pool to the Mikrotik clients. However, the Mikrotik will briefly connect and then disconnect & reconnect/disconnect continually with this option set.
When I remove the
topology subnet
option, the router successfully connects however causes me some other issues with IP allocations which I’m trying to avoid.
Here are the relevant logs from the server & client. I have read about others having this issue, and that it might’ve been fixed in 7.2.2 (I am running 7.19rc3). I’m using RADIUS to assign IPs to openvpn.
Server Logs:
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: FOREGROUND: OPENVPN_PLUGIN_CLIENT_CONNECT is called.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: FOREGROUND: Key: 101.119.130.240:1776.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP (10.80.0.50) OpenVPN assigned to the user ovpn-client
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: FOREGROUND: Add user for accounting: username: ovpn-client, commonname: ovpn-client
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: BACKGROUND ACCT: Get a command.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: BACKGROUND ACCT: New User.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: BACKGROUND ACCT: New user acct: username: ovpn-client, interval: 0, calling station: 101.119.130.240, commonname: ovpn-client, framed ip: 10.80.0.50.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: BACKGROUND-ACCT: Get ACCOUNTING_RESPONSE-Packet.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: BACKGROUND ACCT: Start packet was send.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: BACKGROUND ACCT: User was added to accounting scheduler.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: BACKGROUND-ACCT: No routes for user.
Sun May 25 22:34:19 2025 RADIUS-PLUGIN: FOREGROUND: Accouting succeeded!
ovpn-client/101.119.130.240:1776 PLUGIN_CALL: POST /usr/lib/openvpn/radiusplugin.so/PLUGIN_CLIENT_CONNECT status=0
ovpn-client/101.119.130.240:1776 OPTIONS IMPORT: reading client specific options from: /tmp/openvpn_cc_71269c69d04f0be720d1bc7d0dc51b49.tmp
ovpn-client/101.119.130.240:1776 MULTI: Learn: 10.80.0.50 → ovpn-client/101.119.130.240:1776
ovpn-client/101.119.130.240:1776 MULTI: primary virtual IP for ovpn-client/101.119.130.240:1776: 10.80.0.50
ovpn-client/101.119.130.240:1776 Data Channel MTU parms [ mss_fix:1267 max_frag:0 tun_mtu:1370 tun_max_mtu:1600 headroom:136 payload:1768 tailroom:562 ET:0 ]
ovpn-client/101.119.130.240:1776 Outgoing Data Channel: Cipher ‘AES-128-CBC’ initialized with 128 bit key
ovpn-client/101.119.130.240:1776 Outgoing Data Channel: Using 160 bit message hash ‘SHA1’ for HMAC authentication
ovpn-client/101.119.130.240:1776 Incoming Data Channel: Cipher ‘AES-128-CBC’ initialized with 128 bit key
ovpn-client/101.119.130.240:1776 Incoming Data Channel: Using 160 bit message hash ‘SHA1’ for HMAC authentication
Rovpn-client/101.119.130.240:1776 PUSH: Received control message: ‘PUSH_REQUEST’
ovpn-client/101.119.130.240:1776 SENT CONTROL [ovpn-client]: ‘PUSH_REPLY,route-gateway 10.80.0.1,topology subnet,ping 10,ping-restart 120,ifconfig 10.80.0.50 10.80.0.51,peer-id 0’ (status=1)
WWRrWovpn-client/101.119.130.240:1776 Connection reset, restarting [-1]
ovpn-client/101.119.130.240:1776 SIGUSR1[soft,connection-reset] received, client-instance restarting
Sun May 25 22:34:19 2025
Mikrotik Client Logs:
2025-05-25 22:41:12 ovpn,info ovpn-out1: initializing…
2025-05-25 22:41:12 ovpn,info ovpn-out1: connecting…
2025-05-25 22:41:12 ovpn,info ovpn-out1: using encoding - AES-128-CBC/SHA1
2025-05-25 22:41:12 ovpn,info ovpn-out1: connected
2025-05-25 22:41:12 ovpn,info ovpn-out1: disconnected <could not add address: netmask cannot be /0 (6)>
2025-05-25 22:41:12 ovpn,info ovpn-out1: terminating… - could not add address: netmask cannot be /0 (6)
2025-05-25 22:41:13 ovpn,info ovpn-out1: disconnected
2025-05-25 22:41:23 ovpn,info ovpn-out1: initializing…
2025-05-25 22:41:23 ovpn,info ovpn-out1: connecting…
2025-05-25 22:41:23 ovpn,info ovpn-out1: using encoding - AES-128-CBC/SHA1
2025-05-25 22:41:23 ovpn,info ovpn-out1: connected
2025-05-25 22:41:23 ovpn,info ovpn-out1: disconnected <could not add address: netmask cannot be /0 (6)>
2025-05-25 22:41:23 ovpn,info ovpn-out1: terminating… - could not add address: netmask cannot be /0 (6)
2025-05-25 22:41:24 ovpn,info ovpn-out1: disconnected
EDIT: I temporarily removed RADIUS from teh configuration and instead used OpenVPN to assign from within the application, and this works. So I believe it’s an issue with the way RADIUS is passing the Framed-IP-Address attribute.
I would still appreciate if anyone has any ideas.