Hi,
I have heard from other source that RouterOS 7.6 OVPN Client supports UDP, TLS and Compression. But when I try to connect to my Synology NAS OpenVPN Server, it shows “TLS failed”. Any idea? Thanks.
Here is my setting
Synology: see attached.
RouterOS 7.6:
/interface ovpn-client
add auth=sha512 certificate=server.crt cipher=aes256 connect-to=xxxxx.synology.me mac-address=\
XX:XX:XX:XX:XX:XX name="Peer" port=1194 profile=default-encryption protocol=udp use-peer-dns=no user=xxxxx
It appears that the issue may be related to the certificate being used. The error message “TLS failed” suggests that the client is unable to authenticate the server’s certificate.
One possible cause is that the client is using a certificate from a different authority than the one used by the server. To verify, check that the certificate being used by the RouterOS client is the same as the one being used by the Synology NAS server.
Another possible cause is that the client is using an outdated certificate. Ensure that the certificate being used by the RouterOS client is up-to-date and has not expired.
Also, make sure you are using the correct “server.crt” file on the RouterOS client.
You can also check the Synology NAS server logs to see if there is any more information about the error.
Yes, I do know why now. It is the issue I have not imported the private key.
But after that, I encountered another issue. Initiation packets are being resent without the link really established.
Here is the debug log
16:45:54 ovpn,info Peer: initializing...
16:45:54 ovpn,info Peer: connecting...
16:45:54 ovpn,debug,packet sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:45:54 system,info device changed by admin
16:45:54 ovpn,debug,packet sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:45:55 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:45:55 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:45:56 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:45:56 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:45:57 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:45:57 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:45:58 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:45:58 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:45:59 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:45:59 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:00 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:00 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:01 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:01 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:02 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:02 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:03 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:03 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:04 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:04 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:05 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:05 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:06 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:06 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:07 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:07 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:08 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:08 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
16:46:09 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=bfc32e3632ba228 pid=0 DATA len=0
16:46:09 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=bfc32e3632ba228 pid=1 DATA len=136
........
After a whlle, it shows
16:46:29 ovpn,info Peer: disconnected <TLS failed>
16:46:29 ovpn,info Peer: terminating... - TLS failed
16:46:29 ovpn,info Peer: disconnected
From packet sniffer, I can see the server returns packets, but I am not sure what they are understood by the router,
The .ovpn file exported from NAS
dev tun
tls-client
remote xxx 1194
pull
proto udp
script-security 2
comp-lzo
reneg-sec 0
cipher AES-256-CBC
auth SHA512
auth-user-pass
It seems that the packets are being repeatedly sent without being acknowledged by the server, which is preventing the link from being established.
Here are a few things you can try to troubleshoot this issue:
Check the server settings to make sure that the server is configured to accept connections from the RouterOS client.
Check the firewall settings on both the RouterOS client and the Synology NAS server to ensure that they are configured to allow the OpenVPN traffic.
Make sure that the RouterOS client is using the correct settings for the OpenVPN server on the Synology NAS.
Check your router settings if it is blocking some ports, this could prevent the connection from being established.
Try disabling the ‘Hard reset’ option on the RouterOS client configuration.
You can also try to use a different transport protocol (TCP instead of UDP) or try a different cipher algorithm.
Also, you can try to check the OpenVPN server logs on the Synology NAS to see if there are any errors or messages that could provide more information about the issue.
Thanks for your help. The connection works after modifying the following settings:
Change to tcp
Disable compression
Hi, I’m trying to do the same. How did you configure the certificate ? What part of it did you import ?
I imported the ca cert with the private key exported from the nas (I don’t know why private key is required🤔)
Yes, But how did you do that. I’m trying to but with no success.
You may export here. And import the CA pem files including the cert and key in RouterOS
