Hi all,
i have just set up a new router for our customer and I am unable to connect to OpenVPN server on routerboard - I get “Connection reset”
My setup:
RB2011iL-RM w/ RouterOS 6.7
OpenVPN profile settings:
name="openvpn" local-address=10.10.10.10 remote-address=OPENVPN_POOL
use-mpls=default use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=default
address-list="" dns-server=192.168.0.240
OpenVPN server settings:
enabled: yes
port: 65534
mode: ip
netmask: 24
mac-address: FE:C7:52:61:47:19
max-mtu: 1500
keepalive-timeout: disabled
default-profile: openvpn
certificate: cert_21
require-client-certificate: yes
auth: sha1,md5
cipher: blowfish128,aes128,aes192,aes256
OpenVPN Client (Windows 7) config file:
dev tun
proto tcp-client
remote 31.31.31.31
ca ca.crt
cert client.crt
key client.key
tls-client
port 65534
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 6
log logfile.txt
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
route 192.168.0.0 255.255.255.0 10.10.10.10
and finally OpenVPN logfile:
Tue Jan 20 16:23:36 2015 us=714179 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Jan 20 16:23:36 2015 us=714179 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Tue Jan 20 16:23:36 2015 us=714179 Re-using SSL/TLS context
Tue Jan 20 16:23:36 2015 us=714179 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Jan 20 16:23:36 2015 us=714179 Socket Buffers: R=[8192->8192] S=[8192->8192]
Tue Jan 20 16:23:36 2015 us=714179 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Tue Jan 20 16:23:36 2015 us=714179 Local Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Tue Jan 20 16:23:36 2015 us=714179 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Tue Jan 20 16:23:36 2015 us=714179 Local Options hash (VER=V4): '5cb3f8dc'
Tue Jan 20 16:23:36 2015 us=714179 Expected Remote Options hash (VER=V4): '898ae6c6'
Tue Jan 20 16:23:36 2015 us=714179 Attempting to establish TCP connection with [AF_INET]31.31.31.31:65534 [nonblock]
Tue Jan 20 16:23:36 2015 us=714179 MANAGEMENT: >STATE:1421767416,TCP_CONNECT,,,
Tue Jan 20 16:23:37 2015 us=727581 TCP connection established with [AF_INET]31.31.31.31:65534
Tue Jan 20 16:23:37 2015 us=727581 TCPv4_CLIENT link local: [undef]
Tue Jan 20 16:23:37 2015 us=727581 TCPv4_CLIENT link remote: [AF_INET]31.31.31.31:65534
Tue Jan 20 16:23:37 2015 us=727581 MANAGEMENT: >STATE:1421767417,WAIT,,,
Tue Jan 20 16:23:37 2015 us=727581 TCPv4_CLIENT WRITE [14] to [AF_INET]31.31.31.31:65534: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Tue Jan 20 16:23:37 2015 us=727581 Connection reset, restarting [0]
Tue Jan 20 16:23:37 2015 us=727581 TCP/UDP: Closing socket
Tue Jan 20 16:23:37 2015 us=727581 SIGUSR1[soft,connection-reset] received, process restarting
Tue Jan 20 16:23:37 2015 us=727581 MANAGEMENT: >STATE:1421767417,RECONNECTING,connection-reset,,
Tue Jan 20 16:23:37 2015 us=727581 Restart pause, 5 second(s)
This: “Tue Jan 20 16:23:37 2015 us=727581 Connection reset, restarting [0]” is what bothers me, because I am unable to make this work and already have spent a few hours trying different possibilites… Can someone help me please?
Thank you in advance.