Hi!
I’m trying to setup openVPN server.
When using login and password - connection is established.
When using the certificates - no (((
Please help configure openVPN server.
My HW
routerboard: yes
model: 750GL
serial-number: ----
current-firmware: 3.12
upgrade-firmware: 3.12
# NAME VERSION SCHEDULED
0 security 6.10
1 system 6.10
2 X ipv6 6.10
3 hotspot 6.10
4 routeros-mipsbe 6.10
5 advanced-tools 6.10
6 ppp 6.10
7 dhcp 6.10
8 mpls 6.10
9 routing 6.10
10 X wireless 6.10
ovpn client CFG
client
dev tun
proto tcp
remote ...... 1194
#link-mtu 1420
#tun-mtu 1400
#float
resolv-retry infinite
#nobind
persist-key
persist-tun
ca ca_voip1.crt
#auth-user-pass authfile.crd
cert client_voip1.crt
key client_voip1.key
ns-cert-type server
verb 3
ovpn client log
Thu Mar 20 09:35:35 2014 OpenVPN 2.3.0 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Jan 8 2013
Enter Management Password:
Thu Mar 20 09:35:35 2014 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25346
Thu Mar 20 09:35:35 2014 Need hold release from management interface, waiting...
Thu Mar 20 09:35:36 2014 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25346
Thu Mar 20 09:35:36 2014 MANAGEMENT: CMD 'state on'
Thu Mar 20 09:35:36 2014 MANAGEMENT: CMD 'log all on'
Thu Mar 20 09:35:36 2014 MANAGEMENT: CMD 'hold off'
Thu Mar 20 09:35:36 2014 MANAGEMENT: CMD 'hold release'
Thu Mar 20 09:35:36 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Mar 20 09:35:36 2014 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Mar 20 09:35:36 2014 MANAGEMENT: >STATE:1395293736,RESOLVE,,,
Thu Mar 20 09:35:36 2014 Attempting to establish TCP connection with [AF_INET]х.х.х.х:1194
Thu Mar 20 09:35:36 2014 MANAGEMENT: >STATE:1395293736,TCP_CONNECT,,,
Thu Mar 20 09:35:36 2014 TCP connection established with [AF_INET]х.х.х.х:1194
Thu Mar 20 09:35:36 2014 TCPv4_CLIENT link local: [undef]
Thu Mar 20 09:35:36 2014 TCPv4_CLIENT link remote: [AF_INET]х.х.х.х:1194
Thu Mar 20 09:35:36 2014 MANAGEMENT: >STATE:1395293736,WAIT,,,
Thu Mar 20 09:35:36 2014 MANAGEMENT: >STATE:1395293736,AUTH,,,
Thu Mar 20 09:35:36 2014 TLS: Initial packet from [AF_INET]46.38.37.99:1194, sid=c5f13737 5b60e30c
Thu Mar 20 09:35:36 2014 VERIFY OK: depth=1, C=RU, ST=CA, L=Moscow, O=Test, OU=DMTR, CN=CA, name=changeme, emailAddress=mail@host.domain
Thu Mar 20 09:35:36 2014 VERIFY OK: nsCertType=SERVER
Thu Mar 20 09:35:36 2014 VERIFY OK: depth=0, C=RU, ST=CA, L=Moscow, O=Test, OU=DMTR, CN=server, name=changeme, emailAddress=mail@host.domain
Thu Mar 20 09:36:36 2014 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 20 09:36:36 2014 TLS Error: TLS handshake failed
Thu Mar 20 09:36:36 2014 Fatal TLS error (check_tls_errors_co), restarting
Thu Mar 20 09:36:36 2014 SIGUSR1[soft,tls-error] received, process restarting
Thu Mar 20 09:36:36 2014 MANAGEMENT: >STATE:1395293796,RECONNECTING,tls-error,,
Thu Mar 20 09:36:36 2014 Restart pause, 5 second(s)
...
mikrotik log
09:35:32 ovpn,info TCP connection established from x.x.x.x
09:35:32 ovpn,info : using encoding - BF-128-CBC/SHA1
09:36:32 ovpn,debug <x.x.x.x>: disconnected <peer disconnected>
09:36:37 ovpn,info TCP connection established from x.x.x.x
09:36:37 ovpn,info : using encoding - BF-128-CBC/SHA1
09:36:37 ovpn,debug <x.x.x.x>: disconnected <peer disconnected>