OpenVPN configuration issues

tinka · December 27, 2009, 12:52pm

i have been trying for quite some time to get openvpn working. I have been following the wiki openvpn guide.

The situation i would like is to have is the server on my mikrotik 750g and a vista client.

I am at the point that a connection is made but an TLS error is thrown.

I have tried several things

installed openvpn on a different computer
different passwords
installing client certificates on server
at server side no client certificate needed
different ip ranges in ovpn pool
tap instead of tun (didn’t work)
changed log level at client side but not more relevant info
made sure time on both machines was the same
…

i think it is a certificate related problem but could use some help .

here is the log from the openvpn client

Sat Dec 26 22:29:05 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2006
Sat Dec 26 22:29:05 2009 IMPORTANT: OpenVPN’s default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Sat Dec 26 22:29:05 2009 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sat Dec 26 22:29:05 2009 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Sat Dec 26 22:29:05 2009 Local Options hash (VER=V4): ‘5cb3f8dc’
Sat Dec 26 22:29:05 2009 Expected Remote Options hash (VER=V4): ‘898ae6c6’
Sat Dec 26 22:29:05 2009 Attempting to establish TCP connection with 192.168.178.2:1194
Sat Dec 26 22:29:05 2009 TCP connection established with 192.168.178.2:1194
Sat Dec 26 22:29:05 2009 TCPv4_CLIENT link local: [undef]
Sat Dec 26 22:29:05 2009 TCPv4_CLIENT link remote: 192.168.178.2:1194
Sat Dec 26 22:29:05 2009 TLS: Initial packet from 192.168.178.2:1194, sid=f2cb9055 3dcc86cc
Sat Dec 26 22:29:06 2009 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=FortFunston/CN=openvpn/emailAddress=mail@host.domain
Sat Dec 26 22:29:06 2009 VERIFY OK: nsCertType=SERVER
Sat Dec 26 22:29:06 2009 VERIFY OK: depth=0, /C=US/ST=CA/O=FortFunston/CN=server/emailAddress=mail@host.domain
Sat Dec 26 22:30:05 2009 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat Dec 26 22:30:05 2009 TLS Error: TLS handshake failed
Sat Dec 26 22:30:05 2009 Fatal TLS error (check_tls_errors_co), restarting
Sat Dec 26 22:30:05 2009 TCP/UDP: Closing socket
Sat Dec 26 22:30:05 2009 SIGUSR1[soft,tls-error] received, process restarting
Sat Dec 26 22:30:05 2009 Restart pause, 5 second(s)

i have included a screenshot with all the relevant information. If more info is needed let me know.

tinka · January 10, 2010, 8:32pm

Nobody ?

Does anybody have a similar configuration working ?

butche · January 10, 2010, 10:54pm

You have the local and remote IP configuration on the MT screenshots using the same IP. That may not be the only problem, but that won’t work.

tinka · January 11, 2010, 7:19pm

thanks for pointing that out . I have restored an earlier version with ovpn_pool 10.15.32.34-10.15.32.38 and local adres 10.15.32.30 but it is still stuck at the same point.