I am using webfig 6.20, just updated from 6.19 today and I have a Mikrotik CRS125-24G-1S-2HnD-IN.
This is for my home with most devices connected over the wifi and two devices connected to the switch. I need to be able to connect a single remote device to this nextwork using openvpn. The client is a Linux machine.
I have used the wiki for articles on setting up openvpn server, but none of them have worked. I notice that there are many documents describing the openvpn server setup with slightly different information in each. Is there a new one that is the definitive guide?
Here is the client output when I try to connect:
Fri Oct 24 20:21:21 2014 Connection reset, restarting [0]
Fri Oct 24 20:21:21 2014 SIGUSR1[soft,connection-reset] received, process restarting
Fri Oct 24 20:21:21 2014 Restart pause, 5 second(s)
Fri Oct 24 20:21:26 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 24 20:21:26 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Fri Oct 24 20:21:26 2014 Attempting to establish TCP connection with [AF_INET]homeip:1194 [nonblock]
Fri Oct 24 20:21:27 2014 TCP connection established with [AF_INET]homeip:1194
Fri Oct 24 20:21:27 2014 TCPv4_CLIENT link local: [undef]
Fri Oct 24 20:21:27 2014 TCPv4_CLIENT link remote: [AF_INET]homeip:1194
Fri Oct 24 20:21:27 2014 TLS: Initial packet from [AF_INET]homeip:1194, sid=caf7e9a9 d91a043f
Fri Oct 24 20:21:28 2014 Connection reset, restarting [0]
Fri Oct 24 20:21:28 2014 SIGUSR1[soft,connection-reset] received, process restarting
Fri Oct 24 20:21:28 2014 Restart pause, 5 second(s)
Fri Oct 24 20:21:33 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 24 20:21:33 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Fri Oct 24 20:21:33 2014 Attempting to establish TCP connection with [AF_INET]homeip:1194 [nonblock]
Fri Oct 24 20:21:34 2014 TCP connection established with [AF_INET]homeip:1194
Fri Oct 24 20:21:34 2014 TCPv4_CLIENT link local: [undef]
Fri Oct 24 20:21:34 2014 TCPv4_CLIENT link remote: [AF_INET]homeip:1194
Fri Oct 24 20:21:34 2014 TLS: Initial packet from [AF_INET]homeip:1194, sid=0888521d b84e19d7
Fri Oct 24 20:21:34 2014 Connection reset, restarting [0]
Fri Oct 24 20:21:34 2014 SIGUSR1[soft,connection-reset] received, process restarting
Fri Oct 24 20:21:34 2014 Restart pause, 5 second(s)
Fri Oct 24 20:21:39 2014 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Fri Oct 24 20:21:39 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
Fri Oct 24 20:21:39 2014 Attempting to establish TCP connection with [AF_INET]homeip:1194 [nonblock]
Fri Oct 24 20:21:40 2014 TCP connection established with [AF_INET]homeip:1194
Fri Oct 24 20:21:40 2014 TCPv4_CLIENT link local: [undef]
Fri Oct 24 20:21:40 2014 TCPv4_CLIENT link remote: [AF_INET]homeip:1194
Fri Oct 24 20:21:40 2014 TLS: Initial packet from [AF_INET]homeip:1194, sid=caad7077 7d2aacec
Fri Oct 24 20:21:40 2014 Connection reset, restarting [0]
Fri Oct 24 20:21:40 2014 SIGUSR1[soft,connection-reset] received, process restarting
Fri Oct 24 20:21:40 2014 Restart pause, 5 second(s)
^CFri Oct 24 20:21:44 2014 SIGINT[hard,init_instance] received, process exiting
[root@dallas ~]# ^C
Here is the client’s config:
client
dev tun
proto tcp-client
remote homeip 1194
ca key/ca.pem
#cert keys/client.crt
#key keys/client.key
tls-client
port 1194
#user nobody
#group nogroup
#comp-lzo # Do not use compression. It doesn't work with RouterOS (at least up to RouterOS 3.0rc9)
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
# Silence the output of replay warnings, which are a common false
# alarm on WiFi networks. This option preserves the security of
# the replay protection code without the verbosity associated with
# warnings about duplicate packets.
mute-replay-warnings
# Verbosity level.
# 0 = quiet, 1 = mostly quiet, 3 = medium output, 9 = verbose
verb 9
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass auth.cfg
Here is the ovpn configuration on the switch:
[admin@MikroTik] /interface ovpn-server> server print
enabled: yes
port: 1194
mode: ip
netmask: 24
mac-address: FE:98:E4:9D:FC:B6
max-mtu: 1500
keepalive-timeout: 60
default-profile: ovpn-profile
certificate: cert_1
require-client-certificate: no
auth: sha1,md5
cipher: blowfish128,aes128,aes192,aes256
Here is my firewall:
[admin@MikroTik] /ip firewall> export
# oct/24/2014 15:27:43 by RouterOS 6.20
# software id = ETZK-AWQC
#
/ip firewall filter
add chain=input comment="default configuration" protocol=icmp
add chain=input comment="default configuration" connection-state=established
add chain=input comment="default configuration" connection-state=related
add chain=input comment=OpenVPN dst-port=1194 protocol=tcp
add chain=input comment="allow l2tp" dst-port=1701 protocol=udp
add chain=input comment="allow pptp" dst-port=1723 protocol=tcp
add chain=input comment="allow sstp" dst-port=443 protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=ether1-gateway
add chain=forward comment="default configuration" connection-state=established
add chain=forward comment="default configuration" connection-state=related
add action=drop chain=forward comment="default configuration" connection-state=invalid
/ip firewall nat
add action=masquerade chain=srcnat comment="default configuration" out-interface=ether1-gateway
add action=redirect chain=dstnat dst-port=80 protocol=tcp to-ports=8080
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=192.168.89.0/24
I ordered it on Sept 24, so it is pretty new. I had the openvpn connection stuff working until last night when the router beeped a couple of times then rebooted. Any help or guidance is appreciated. I don’t know much about routeros, but am glad to provide any additional information necessary if I can figure out how to get that information.