OpenVPN Problems after udating 7.15

bodsup · June 5, 2024, 11:12am

Hello,

we had a working openvpn setting in our mikrotik. After upgrading to the newest OS 7.15. We have trouble to connect via openvpn using mobile hotspots.
Client OS is Windows, Client Version OpenVPN-2.6.10-I003. If we connect using local wired ISP on the client-site the connection can be established. But if we make an hotspot via mobile phone (mobile workers), the connection can not be established.

In the Mikrotik log we see a lot of entries like this:
re-sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=0650ab23aadf1bf3 pid=0 DATA len=0
and after a while we see this:
<176.6.196.45>: disconnected <TLS error: handshake timed out (6)>

Client LOg shows only:
2024-06-05 13:04:23 Note: --data-ciphers-fallback with cipher ‘AES-256-CBC’ disables data channel offload.
2024-06-05 13:04:23 OpenVPN 2.6.10 [git:v2.6.10/ba0f62fb950c56a0] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on May 23 2024
2024-06-05 13:04:23 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-06-05 13:04:23 library versions: OpenSSL 3.2.1 30 Jan 2024, LZO 2.10
2024-06-05 13:04:23 DCO version: 1.2.1
2024-06-05 13:04:23 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25347
2024-06-05 13:04:23 Need hold release from management interface, waiting…
2024-06-05 13:04:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:54383
2024-06-05 13:04:23 MANAGEMENT: CMD ‘state on’
2024-06-05 13:04:23 MANAGEMENT: CMD ‘log on all’
2024-06-05 13:04:23 MANAGEMENT: CMD ‘echo on all’
2024-06-05 13:04:23 MANAGEMENT: CMD ‘bytecount 5’
2024-06-05 13:04:23 MANAGEMENT: CMD ‘state’
2024-06-05 13:04:23 MANAGEMENT: CMD ‘hold off’
2024-06-05 13:04:23 MANAGEMENT: CMD ‘hold release’
2024-06-05 13:04:25 MANAGEMENT: CMD ‘username “Auth” “tester”’
2024-06-05 13:04:25 MANAGEMENT: CMD ‘password […]’
2024-06-05 13:04:25 MANAGEMENT: CMD ‘password […]’
2024-06-05 13:04:25 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
2024-06-05 13:04:25 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.249.7:1194
2024-06-05 13:04:25 Socket Buffers: R=[65536->65536] S=[65536->65536]
2024-06-05 13:04:25 Attempting to establish TCP connection with [AF_INET]xxx.xxx.249.7:1194
2024-06-05 13:04:25 MANAGEMENT: >STATE:1717585465,TCP_CONNECT,

Other OpenVPN connections to other Locations do work from this client.

Any hints to this?

bodsup · June 5, 2024, 12:33pm

I’ve made an downgrade to 7.14.3 and it is working again.

bodsup · June 10, 2024, 12:40pm

UPDATE:

It only seemed to work. Sometimes the same error occured and the Client is not able to Connect. If it happens I see a lot o “fHARD-RESET” in the Log on Mikrotik:

connection established from 176.6.192.202, port: 59420 to 192.168.200.57
sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=8babbe579a02cc8c pid=0 DATA len=0
openvpn: sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=8babbe579a02cc8c pid=0 DATA len=0
rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=9b46c6b78c4c41af pid=0 DATA len=0
openvpn: rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=9b46c6b78c4c41af pid=0 DATA len=0
sent P_ACK kid=0 sid=8babbe579a02cc8c [0 sid=9b46c6b78c4c41af] DATA len=0
openvpn: sent P_ACK kid=0 sid=8babbe579a02cc8c [0 sid=9b46c6b78c4c41af] DATA len=0
re-sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=8babbe579a02cc8c pid=0 DATA len=0
openvpn: re-sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=8babbe579a02cc8c pid=0 DATA len=0
re-sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=8babbe579a02cc8c pid=0 DATA len=0
openvpn: re-sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=8babbe579a02cc8c pid=0 DATA len=0
re-sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=8babbe579a02cc8c pid=0 DATA len=0
<176.6.192.202>: disconnected <TLS error: handshake timed out (6)>

It’s strange, the connection works sometime but sometimes not. Any hints what’s maybe cousing that behavior?