OpenVPN Server > client connect and restart

Chiara · January 24, 2019, 3:03pm

Dear Sirs,
just followed this tutorial:
https://www.medo64.com/2016/12/simple-openvpn-server-on-mikrotik/

This on the mikrotik server:

/certificate
add name=ca-template common-name=TB001 days-valid=7650 key-size=2048 key-usage=crl-sign,key-cert-sign
add name=server-TB001-template common-name=server-TB001 days-valid=7650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
add name=client-TB001-template common-name=client-TB001 days-valid=7650 key-size=2048 key-usage=tls-client

/certificate
sign ca-template name=ca-TB001-certificate
sign server-TB001-template name=server-TB001-certificate ca=ca-TB001-certificate
sign client-TB001-template name=client-TB001-certificate ca=ca-TB001-certificate

# export
/certificate
export-certificate ca-TB001-certificate export-passphrase=""
export-certificate client-TB001-certificate export-passphrase="ciccia"

/ip
pool add name="vpn-pool-TB001" ranges=10.168.101.10-10.168.101.99

/ppp
profile add name="vpn-profile-TB001" use-encryption=yes local-address=10.168.101.250 dns-server=10.168.101.250 remote-address=vpn-pool-TB001
secret add name=ciccia profile=vpn-profile-TB001 password="ciccia"

/interface ovpn-server server
set default-profile=vpn-profile-TB001 certificate=server-TB001-certificate require-client-certificate=yes auth=sha1 cipher=aes128,aes192,aes256 enabled=yes

/ip firewall filter
add chain=input protocol=tcp dst-port=1194 action=accept place-before=0 comment="Allow OpenVPN"

from Windows10 client config:

dev tun
persist-tun
persist-key
client
remote 10.7.208.201 1194 
resolv-retry infinite
proto tcp
nobind
remote-cert-tls server
auth SHA1
auth-user-pass pass.txt
verb 6
tls-cipher DEFAULT
comp-lzo no

verify-x509-name "server-TB001" name
ca cert_export_ca-TB001-certificate.crt
cert cert_export_client-TB001-certificate.crt
key cert_export_client-TB001-certificate.key

; domain name for home LAN
dhcp-option DOMAIN 10.168.101.1

# DNS server 
dhcp-option DNS 10.168.101.1

# SMB WINS name server if you have one
#dhcp-option WINS 10.168.101.1

# route to multiple networks
route 10.168.101.0 255.255.255.0

would result in this log:

Thu Jan 24 15:47:47 2019 us=133332 Current Parameter Settings:
Thu Jan 24 15:47:47 2019 us=133332 config = ‘test_TB001.ovpn’
Thu Jan 24 15:47:47 2019 us=133332 mode = 0
Thu Jan 24 15:47:47 2019 us=133332 show_ciphers = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 show_digests = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 show_engines = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 genkey = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 key_pass_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=133332 show_tls_ciphers = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 connect_retry_max = 0
Thu Jan 24 15:47:47 2019 us=133332 Connection profiles [0]:
Thu Jan 24 15:47:47 2019 us=133332 proto = tcp-client
Thu Jan 24 15:47:47 2019 us=133332 local = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=133332 local_port = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=133332 remote = ‘10.7.208.201’
Thu Jan 24 15:47:47 2019 us=133332 remote_port = ‘443’
Thu Jan 24 15:47:47 2019 us=133332 remote_float = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 bind_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 bind_local = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 bind_ipv6_only = DISABLED
Thu Jan 24 15:47:47 2019 us=133332 connect_retry_seconds = 5
Thu Jan 24 15:47:47 2019 us=133332 connect_timeout = 120
Thu Jan 24 15:47:47 2019 us=133332 socks_proxy_server = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=133332 socks_proxy_port = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=133332 tun_mtu = 1500
Thu Jan 24 15:47:47 2019 us=133332 tun_mtu_defined = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 link_mtu = 1500
Thu Jan 24 15:47:47 2019 us=134310 link_mtu_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 tun_mtu_extra = 0
Thu Jan 24 15:47:47 2019 us=134310 tun_mtu_extra_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 mtu_discover_type = -1
Thu Jan 24 15:47:47 2019 us=134310 fragment = 0
Thu Jan 24 15:47:47 2019 us=134310 mssfix = 1450
Thu Jan 24 15:47:47 2019 us=134310 explicit_exit_notification = 0
Thu Jan 24 15:47:47 2019 us=134310 Connection profiles END
Thu Jan 24 15:47:47 2019 us=134310 remote_random = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 ipchange = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 dev = ‘tun’
Thu Jan 24 15:47:47 2019 us=134310 dev_type = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 dev_node = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 lladdr = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 topology = 1
Thu Jan 24 15:47:47 2019 us=134310 ifconfig_local = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 ifconfig_remote_netmask = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 ifconfig_noexec = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 ifconfig_nowarn = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 ifconfig_ipv6_local = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 ifconfig_ipv6_netbits = 0
Thu Jan 24 15:47:47 2019 us=134310 ifconfig_ipv6_remote = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 shaper = 0
Thu Jan 24 15:47:47 2019 us=134310 mtu_test = 0
Thu Jan 24 15:47:47 2019 us=134310 mlock = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 keepalive_ping = 0
Thu Jan 24 15:47:47 2019 us=134310 keepalive_timeout = 0
Thu Jan 24 15:47:47 2019 us=134310 inactivity_timeout = 0
Thu Jan 24 15:47:47 2019 us=134310 ping_send_timeout = 0
Thu Jan 24 15:47:47 2019 us=134310 ping_rec_timeout = 0
Thu Jan 24 15:47:47 2019 us=134310 ping_rec_timeout_action = 0
Thu Jan 24 15:47:47 2019 us=134310 ping_timer_remote = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 remap_sigusr1 = 0
Thu Jan 24 15:47:47 2019 us=134310 persist_tun = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 persist_local_ip = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 persist_remote_ip = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 persist_key = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 passtos = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 resolve_retry_seconds = 1000000000
Thu Jan 24 15:47:47 2019 us=134310 resolve_in_advance = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 username = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 groupname = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 chroot_dir = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 cd_dir = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 writepid = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 up_script = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 down_script = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 down_pre = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 up_restart = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 up_delay = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 daemon = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 inetd = 0
Thu Jan 24 15:47:47 2019 us=134310 log = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 suppress_timestamps = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 machine_readable_output = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 nice = 0
Thu Jan 24 15:47:47 2019 us=134310 verbosity = 6
Thu Jan 24 15:47:47 2019 us=134310 mute = 0
Thu Jan 24 15:47:47 2019 us=134310 gremlin = 0
Thu Jan 24 15:47:47 2019 us=134310 status_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 status_file_version = 1
Thu Jan 24 15:47:47 2019 us=134310 status_file_update_freq = 60
Thu Jan 24 15:47:47 2019 us=134310 occ = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 rcvbuf = 0
Thu Jan 24 15:47:47 2019 us=134310 sndbuf = 0
Thu Jan 24 15:47:47 2019 us=134310 sockflags = 0
Thu Jan 24 15:47:47 2019 us=134310 fast_io = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 comp.alg = 1
Thu Jan 24 15:47:47 2019 us=134310 comp.flags = 0
Thu Jan 24 15:47:47 2019 us=134310 route_script = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 route_default_gateway = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 route_default_metric = 0
Thu Jan 24 15:47:47 2019 us=134310 route_noexec = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 route_delay = 5
Thu Jan 24 15:47:47 2019 us=134310 route_delay_window = 30
Thu Jan 24 15:47:47 2019 us=134310 route_delay_defined = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 route_nopull = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 route_gateway_via_dhcp = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 allow_pull_fqdn = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 [redirect_default_gateway local=0]
Thu Jan 24 15:47:47 2019 us=134310 route 10.168.101.0/255.255.255.0/default (not set)/default (not set)
Thu Jan 24 15:47:47 2019 us=134310 management_addr = ‘127.0.0.1’
Thu Jan 24 15:47:47 2019 us=134310 management_port = ‘25340’
Thu Jan 24 15:47:47 2019 us=134310 management_user_pass = ‘stdin’
Thu Jan 24 15:47:47 2019 us=134310 management_log_history_cache = 250
Thu Jan 24 15:47:47 2019 us=134310 management_echo_buffer_size = 100
Thu Jan 24 15:47:47 2019 us=134310 management_write_peer_info_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 management_client_user = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 management_client_group = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 management_flags = 6
Thu Jan 24 15:47:47 2019 us=134310 shared_secret_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 key_direction = not set
Thu Jan 24 15:47:47 2019 us=134310 ciphername = ‘BF-CBC’
Thu Jan 24 15:47:47 2019 us=134310 ncp_enabled = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 ncp_ciphers = ‘AES-256-GCM:AES-128-GCM’
Thu Jan 24 15:47:47 2019 us=134310 authname = ‘SHA1’
Thu Jan 24 15:47:47 2019 us=134310 prng_hash = ‘SHA1’
Thu Jan 24 15:47:47 2019 us=134310 prng_nonce_secret_len = 16
Thu Jan 24 15:47:47 2019 us=134310 keysize = 0
Thu Jan 24 15:47:47 2019 us=134310 engine = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 replay = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 mute_replay_warnings = DISABLED
Thu Jan 24 15:47:47 2019 us=134310 replay_window = 64
Thu Jan 24 15:47:47 2019 us=134310 replay_time = 15
Thu Jan 24 15:47:47 2019 us=134310 packet_id_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=134310 use_iv = ENABLED
Thu Jan 24 15:47:47 2019 us=134310 test_crypto = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 tls_server = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 tls_client = ENABLED
Thu Jan 24 15:47:47 2019 us=135283 key_method = 2
Thu Jan 24 15:47:47 2019 us=135283 ca_file = ‘cert_export_ca-TB001-certificate.crt’
Thu Jan 24 15:47:47 2019 us=135283 ca_path = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 dh_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 cert_file = ‘cert_export_client-TB001-certificate.crt’
Thu Jan 24 15:47:47 2019 us=135283 extra_certs_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 priv_key_file = ‘cert_export_client-TB001-certificate.key’
Thu Jan 24 15:47:47 2019 us=135283 pkcs12_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 cryptoapi_cert = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 cipher_list = ‘DEFAULT’
Thu Jan 24 15:47:47 2019 us=135283 tls_cert_profile = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 tls_verify = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 tls_export_cert = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 verify_x509_type = 2
Thu Jan 24 15:47:47 2019 us=135283 verify_x509_name = ‘server-TB001’
Thu Jan 24 15:47:47 2019 us=135283 crl_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 ns_cert_type = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 65535
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku > = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku[i] = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku[i] = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku[i] = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku[i] = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku[i] = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_ku[i] = 0
Thu Jan 24 15:47:47 2019 us=135283 remote_cert_eku = ‘TLS Web Server Authentication’
Thu Jan 24 15:47:47 2019 us=135283 ssl_flags = 0
Thu Jan 24 15:47:47 2019 us=135283 tls_timeout = 2
Thu Jan 24 15:47:47 2019 us=135283 renegotiate_bytes = -1
Thu Jan 24 15:47:47 2019 us=135283 renegotiate_packets = 0
Thu Jan 24 15:47:47 2019 us=135283 renegotiate_seconds = 3600
Thu Jan 24 15:47:47 2019 us=135283 handshake_window = 60
Thu Jan 24 15:47:47 2019 us=135283 transition_window = 3600
Thu Jan 24 15:47:47 2019 us=135283 single_session = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 push_peer_info = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 tls_exit = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 tls_auth_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 tls_crypt_file = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_protected_authentication = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_private_mode = 00000000
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_cert_private = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_pin_cache_period = -1
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_id = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 pkcs11_id_management = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 server_network = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 server_netmask = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 server_network_ipv6 = ::
Thu Jan 24 15:47:47 2019 us=135283 server_netbits_ipv6 = 0
Thu Jan 24 15:47:47 2019 us=135283 server_bridge_ip = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 server_bridge_netmask = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 server_bridge_pool_start = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 server_bridge_pool_end = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_pool_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_pool_start = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_pool_end = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_pool_netmask = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_pool_persist_filename = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_pool_persist_refresh_freq = 600
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_ipv6_pool_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_ipv6_pool_base = ::
Thu Jan 24 15:47:47 2019 us=135283 ifconfig_ipv6_pool_netbits = 0
Thu Jan 24 15:47:47 2019 us=135283 n_bcast_buf = 256
Thu Jan 24 15:47:47 2019 us=135283 tcp_queue_limit = 64
Thu Jan 24 15:47:47 2019 us=135283 real_hash_size = 256
Thu Jan 24 15:47:47 2019 us=135283 virtual_hash_size = 256
Thu Jan 24 15:47:47 2019 us=135283 client_connect_script = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=136263 learn_address_script = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=136263 client_disconnect_script = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=136263 client_config_dir = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=136263 ccd_exclusive = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 tmp_dir = 'C:\Users\Win10\AppData\Local\Temp'
Thu Jan 24 15:47:47 2019 us=136263 push_ifconfig_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 push_ifconfig_local = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=136263 push_ifconfig_remote_netmask = 0.0.0.0
Thu Jan 24 15:47:47 2019 us=136263 push_ifconfig_ipv6_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 push_ifconfig_ipv6_local = ::/0
Thu Jan 24 15:47:47 2019 us=136263 push_ifconfig_ipv6_remote = ::
Thu Jan 24 15:47:47 2019 us=136263 enable_c2c = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 duplicate_cn = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 cf_max = 0
Thu Jan 24 15:47:47 2019 us=136263 cf_per = 0
Thu Jan 24 15:47:47 2019 us=136263 max_clients = 1024
Thu Jan 24 15:47:47 2019 us=136263 max_routes_per_client = 256
Thu Jan 24 15:47:47 2019 us=136263 auth_user_pass_verify_script = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=136263 auth_user_pass_verify_script_via_file = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 auth_token_generate = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 auth_token_lifetime = 0
Thu Jan 24 15:47:47 2019 us=136263 client = ENABLED
Thu Jan 24 15:47:47 2019 us=136263 pull = ENABLED
Thu Jan 24 15:47:47 2019 us=136263 auth_user_pass_file = ‘TB001pass.txt’
Thu Jan 24 15:47:47 2019 us=136263 show_net_up = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 route_method = 3
Thu Jan 24 15:47:47 2019 us=136263 block_outside_dns = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 ip_win32_defined = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 ip_win32_type = 3
Thu Jan 24 15:47:47 2019 us=136263 dhcp_masq_offset = 0
Thu Jan 24 15:47:47 2019 us=136263 dhcp_lease_time = 31536000
Thu Jan 24 15:47:47 2019 us=136263 tap_sleep = 0
Thu Jan 24 15:47:47 2019 us=136263 dhcp_options = ENABLED
Thu Jan 24 15:47:47 2019 us=136263 dhcp_renew = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 dhcp_pre_release = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 domain = ‘10.168.101.1’
Thu Jan 24 15:47:47 2019 us=136263 netbios_scope = ‘[UNDEF]’
Thu Jan 24 15:47:47 2019 us=136263 netbios_node_type = 0
Thu Jan 24 15:47:47 2019 us=136263 disable_nbt = DISABLED
Thu Jan 24 15:47:47 2019 us=136263 DNS[0] = 10.168.101.1
Thu Jan 24 15:47:47 2019 us=136263 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 26 2018
Thu Jan 24 15:47:47 2019 us=136263 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jan 24 15:47:47 2019 us=136263 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Enter Management Password:
Thu Jan 24 15:47:47 2019 us=137241 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Thu Jan 24 15:47:47 2019 us=137241 Need hold release from management interface, waiting…
Thu Jan 24 15:47:47 2019 us=502007 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Thu Jan 24 15:47:47 2019 us=603582 MANAGEMENT: CMD ‘state on’
Thu Jan 24 15:47:47 2019 us=603582 MANAGEMENT: CMD ‘log all on’
Thu Jan 24 15:47:47 2019 us=799347 MANAGEMENT: CMD ‘echo all on’
Thu Jan 24 15:47:47 2019 us=801302 MANAGEMENT: CMD ‘bytecount 5’
Thu Jan 24 15:47:47 2019 us=804240 MANAGEMENT: CMD ‘hold off’
Thu Jan 24 15:47:47 2019 us=806194 MANAGEMENT: CMD ‘hold release’
Thu Jan 24 15:47:47 2019 us=815950 MANAGEMENT: CMD ‘password […]’
Thu Jan 24 15:47:47 2019 us=815950 WARNING: this configuration may cache passwords in memory – use the auth-nocache option to prevent this
Thu Jan 24 15:47:47 2019 us=828644 Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Thu Jan 24 15:47:47 2019 us=828644 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Thu Jan 24 15:47:47 2019 us=828644 Local Options String (VER=V4): ‘V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
Thu Jan 24 15:47:47 2019 us=828644 Expected Remote Options String (VER=V4): ‘V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
Thu Jan 24 15:47:47 2019 us=828644 TCP/UDP: Preserving recently used remote address: [AF_INET]10.7.208.201:443
Thu Jan 24 15:47:47 2019 us=830132 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 24 15:47:47 2019 us=830132 Attempting to establish TCP connection with [AF_INET]10.7.208.201:443 [nonblock]
Thu Jan 24 15:47:47 2019 us=830132 MANAGEMENT: >STATE:1548341267,TCP_CONNECT,
Thu Jan 24 15:47:48 2019 us=863898 TCP connection established with [AF_INET]10.7.208.201:443
Thu Jan 24 15:47:48 2019 us=863898 TCP_CLIENT link local: (not bound)
Thu Jan 24 15:47:48 2019 us=863898 TCP_CLIENT link remote: [AF_INET]10.7.208.201:443
Thu Jan 24 15:47:48 2019 us=864800 MANAGEMENT: >STATE:1548341268,WAIT,
Thu Jan 24 15:47:48 2019 us=864800 TCP_CLIENT WRITE [14] to [AF_INET]10.7.208.201:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Jan 24 15:47:48 2019 us=865779 TCP_CLIENT READ [14] from [AF_INET]10.7.208.201:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Thu Jan 24 15:47:48 2019 us=865779 MANAGEMENT: >STATE:1548341268,AUTH,
Thu Jan 24 15:47:48 2019 us=865779 TLS: Initial packet from [AF_INET]10.7.208.201:443, sid=5eab631c 8837cc32
Thu Jan 24 15:47:48 2019 us=865779 TCP_CLIENT WRITE [26] to [AF_INET]10.7.208.201:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu Jan 24 15:47:48 2019 us=865779 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 0 ]
Thu Jan 24 15:47:48 2019 us=866752 TCP_CLIENT WRITE [186] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=172
Thu Jan 24 15:47:48 2019 us=904821 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 1 ]
Thu Jan 24 15:47:49 2019 us=418621 TCP_CLIENT READ [1414] from [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=1400
Thu Jan 24 15:47:49 2019 us=420487 TCP_CLIENT WRITE [22] to [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 1 ]
Thu Jan 24 15:47:49 2019 us=421536 TCP_CLIENT READ [1169] from [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=1155
Thu Jan 24 15:47:49 2019 us=424867 VERIFY OK: depth=1, CN=TB001
Thu Jan 24 15:47:49 2019 us=424867 VERIFY KU OK
Thu Jan 24 15:47:49 2019 us=425851 Validating certificate extended key usage
Thu Jan 24 15:47:49 2019 us=425851 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jan 24 15:47:49 2019 us=425851 VERIFY EKU OK
Thu Jan 24 15:47:49 2019 us=425851 VERIFY X509NAME OK: CN=server-TB001
Thu Jan 24 15:47:49 2019 us=425851 VERIFY OK: depth=0, CN=server-TB001
Thu Jan 24 15:47:49 2019 us=455111 TCP_CLIENT WRITE [1196] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ 2 ] pid=2 DATA len=1170
Thu Jan 24 15:47:49 2019 us=455111 TCP_CLIENT WRITE [1041] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=1027
Thu Jan 24 15:47:49 2019 us=455111 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 2 ]
Thu Jan 24 15:47:49 2019 us=456090 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 3 ]
Thu Jan 24 15:47:49 2019 us=843318 TCP_CLIENT READ [65] from [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=51
Thu Jan 24 15:47:49 2019 us=844316 TCP_CLIENT WRITE [481] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ 3 ] pid=4 DATA len=455
Thu Jan 24 15:47:49 2019 us=845273 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 4 ]
Thu Jan 24 15:47:49 2019 us=845273 Connection reset, restarting [0]
Thu Jan 24 15:47:49 2019 us=847282 TCP/UDP: Closing socket
Thu Jan 24 15:47:49 2019 us=848696 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jan 24 15:47:49 2019 us=848696 MANAGEMENT: >STATE:1548341269,RECONNECTING,connection-reset,
Thu Jan 24 15:47:49 2019 us=848696 Restart pause, 5 second(s)
Thu Jan 24 15:47:54 2019 us=854100 Re-using SSL/TLS context
Thu Jan 24 15:47:54 2019 us=854100 Control Channel MTU parms [ L:1624 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Thu Jan 24 15:47:54 2019 us=854100 Data Channel MTU parms [ L:1624 D:1450 EF:124 EB:406 ET:0 EL:3 ]
Thu Jan 24 15:47:54 2019 us=854100 Local Options String (VER=V4): ‘V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client’
Thu Jan 24 15:47:54 2019 us=854100 Expected Remote Options String (VER=V4): ‘V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server’
Thu Jan 24 15:47:54 2019 us=854100 TCP/UDP: Preserving recently used remote address: [AF_INET]10.7.208.201:443
Thu Jan 24 15:47:54 2019 us=854100 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jan 24 15:47:54 2019 us=854100 Attempting to establish TCP connection with [AF_INET]10.7.208.201:443 [nonblock]
Thu Jan 24 15:47:54 2019 us=854100 MANAGEMENT: >STATE:1548341274,TCP_CONNECT,
Thu Jan 24 15:47:55 2019 us=854183 TCP connection established with [AF_INET]10.7.208.201:443
Thu Jan 24 15:47:55 2019 us=855538 TCP_CLIENT link local: (not bound)
Thu Jan 24 15:47:55 2019 us=856496 TCP_CLIENT link remote: [AF_INET]10.7.208.201:443
Thu Jan 24 15:47:55 2019 us=856496 MANAGEMENT: >STATE:1548341275,WAIT,
Thu Jan 24 15:47:55 2019 us=856496 TCP_CLIENT WRITE [14] to [AF_INET]10.7.208.201:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0
Thu Jan 24 15:47:55 2019 us=857484 TCP_CLIENT READ [14] from [AF_INET]10.7.208.201:443: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0
Thu Jan 24 15:47:55 2019 us=857484 MANAGEMENT: >STATE:1548341275,AUTH,
Thu Jan 24 15:47:55 2019 us=858466 TLS: Initial packet from [AF_INET]10.7.208.201:443, sid=f5f53086 a397a4c8
Thu Jan 24 15:47:55 2019 us=858466 TCP_CLIENT WRITE [26] to [AF_INET]10.7.208.201:443: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ 0 ] pid=0 DATA len=0
Thu Jan 24 15:47:55 2019 us=858466 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 0 ]
Thu Jan 24 15:47:55 2019 us=859440 TCP_CLIENT WRITE [186] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=172
Thu Jan 24 15:47:55 2019 us=895057 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 1 ]
Thu Jan 24 15:47:56 2019 us=419093 TCP_CLIENT READ [1414] from [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=1400
Thu Jan 24 15:47:56 2019 us=420043 TCP_CLIENT WRITE [22] to [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 1 ]
Thu Jan 24 15:47:56 2019 us=420986 TCP_CLIENT READ [1169] from [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=2 DATA len=1155
Thu Jan 24 15:47:56 2019 us=421944 VERIFY OK: depth=1, CN=TB001
Thu Jan 24 15:47:56 2019 us=421944 VERIFY KU OK
Thu Jan 24 15:47:56 2019 us=421944 Validating certificate extended key usage
Thu Jan 24 15:47:56 2019 us=423406 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jan 24 15:47:56 2019 us=423406 VERIFY EKU OK
Thu Jan 24 15:47:56 2019 us=423406 VERIFY X509NAME OK: CN=server-TB001
Thu Jan 24 15:47:56 2019 us=423406 VERIFY OK: depth=0, CN=server-TB001
Thu Jan 24 15:47:56 2019 us=451701 TCP_CLIENT WRITE [1196] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ 2 ] pid=2 DATA len=1170
Thu Jan 24 15:47:56 2019 us=451701 TCP_CLIENT WRITE [1041] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=1027
Thu Jan 24 15:47:56 2019 us=451701 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 2 ]
Thu Jan 24 15:47:56 2019 us=451701 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 3 ]
Thu Jan 24 15:47:56 2019 us=833678 TCP_CLIENT READ [65] from [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ ] pid=3 DATA len=51
Thu Jan 24 15:47:56 2019 us=835518 TCP_CLIENT WRITE [481] to [AF_INET]10.7.208.201:443: P_CONTROL_V1 kid=0 [ 3 ] pid=4 DATA len=455
Thu Jan 24 15:47:56 2019 us=836490 TCP_CLIENT READ [22] from [AF_INET]10.7.208.201:443: P_ACK_V1 kid=0 [ 4 ]
Thu Jan 24 15:47:56 2019 us=836490 Connection reset, restarting [0]
Thu Jan 24 15:47:56 2019 us=837491 TCP/UDP: Closing socket
Thu Jan 24 15:47:56 2019 us=837491 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jan 24 15:47:56 2019 us=837491 MANAGEMENT: >STATE:1548341276,RECONNECTING,connection-reset,
Thu Jan 24 15:47:56 2019 us=838448 Restart pause, 5 second(s)
Thu Jan 24 15:47:58 2019 us=839532 SIGTERM[hard,init_instance] received, process exiting
Thu Jan 24 15:47:58 2019 us=840893 MANAGEMENT: >STATE:1548341278,EXITING,init_instance,

What’s wrong?

Using RouterBOARD 962UiGS-5HacT2HnT as server with Routeros 6.43.8.

Chiara · January 28, 2019, 1:52pm

Tried with PPTP everything seems to works fine, why make Openvpn setup is sow complicate?