Hello everyone !
We have MikroTik CCR1016-12G with package version 6.37.1 and after we upgraded OpenVPN package to version 2.3.12 on several Linux hosts we are unable to connect to Mikrotik anymore.
I have found several workarounds for version 2.3.11, but they aren’t working with 2.3.12.
Maybe someone can shed light on this problem ?
Wed Oct 26 19:56:09 2016 OpenVPN 2.3.12 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Aug 23 2016
Wed Oct 26 19:56:09 2016 library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.06
Wed Oct 26 19:56:09 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Wed Oct 26 19:56:09 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 26 19:56:09 2016 Deprecated TLS cipher name 'DEFAULT', please use IANA name 'DEFAULT'
Wed Oct 26 19:56:09 2016 Socket Buffers: R=[87380->87380] S=[65536->65536]
Wed Oct 26 19:56:09 2016 Attempting to establish TCP connection with [AF_INET]:1194 [nonblock]
Wed Oct 26 19:56:10 2016 TCP connection established with [AF_INET]XX.XX.XX.XX:1194
Wed Oct 26 19:56:10 2016 TCPv4_CLIENT link local: [undef]
Wed Oct 26 19:56:10 2016 TCPv4_CLIENT link remote: [AF_INET]XX.XX.XX.XX:1194
Wed Oct 26 19:56:10 2016 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1194, sid=1214e8ec 816595d6
Wed Oct 26 19:56:10 2016 VERIFY OK: depth=1, C=RU, ST=MSK, L=Moscow, O=Iqmen, CN=IQmen-CA, name=IQmen-CA, emailAddress=admin@iqmen.ru
Wed Oct 26 19:56:10 2016 VERIFY ERROR: depth=0, error=certificate signature failure: C=RU, ST=MSK, L=Moscow, O=Iqmen, OU=Techsupport, CN=IQOVPN, name=IQOVPN, emailAddress=admin@iqmen.ru
Wed Oct 26 19:56:10 2016 OpenSSL: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Wed Oct 26 19:56:10 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Oct 26 19:56:10 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Oct 26 19:56:10 2016 TLS Error: TLS handshake failed