Hello,
I’m trying to establish an OpenVPN connection between a linux box and RB951-2n.
RB951-2n is running RouterOS 5.24, linux box uses OpenVPN 2.1.4.
RB951-2n settings:
/ip pool
add name=ovpn-pool ranges=192.168.15.100-192.168.15.150
/ppp profile
add change-tcp-mss=default local-address=192.168.15.1 name=ovpn-profile only-one=default remote-address=ovpn-pool use-compression=default use-encryption=required
use-mpls=default use-vj-compression=default
/interface ovpn-server server
set auth=sha1,md5 certificate=cert1 cipher=blowfish128,aes128 default-profile=ovpn-profile enabled=yes keepalive-timeout=disabled mac-address=FE:11:DC:F2:22:93
max-mtu=1500 mode=ip netmask=29 port=1194 require-client-certificate=no
Client settings:
daemon
client
tls-client
verb 3
dev tun
proto tcp
remote 192.168.1.1 1194
port 1194
cd /etc/openvpn
ca certs/ca1.crt
cert certs/client1.crt
key keys/client1.key
dh dh1024.pem
nobind
persist-tun
persist-key
keepalive 10 60
status /var/log/openvpn-status.log
log /var/log/openvpn.log
user nobody
group nobody
The certificates were created with easy-rsa.
Log from linux box:
Wed Mar 6 13:25:39 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Mar 6 13:25:39 2013 NOTE: OpenVPN 2.1 requires ‘–script-security 2’ or higher to call user-defined scripts or executables
Wed Mar 6 13:25:39 2013 Re-using SSL/TLS context
Wed Mar 6 13:25:39 2013 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Wed Mar 6 13:25:39 2013 Socket Buffers: R=[87380->131072] S=[16384->131072]
Wed Mar 6 13:25:39 2013 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ]
Wed Mar 6 13:25:39 2013 Local Options hash (VER=V4): ‘db02a8f8’
Wed Mar 6 13:25:39 2013 Expected Remote Options hash (VER=V4): ‘7e068940’
Wed Mar 6 13:25:39 2013 Attempting to establish TCP connection with 192.168.1.1:1194 [nonblock]
Wed Mar 6 13:25:40 2013 TCP connection established with 192.168.1.1:1194
Wed Mar 6 13:25:40 2013 TCPv4_CLIENT link local: [undef]
Wed Mar 6 13:25:40 2013 TCPv4_CLIENT link remote: 192.168.1.1:1194
Wed Mar 6 13:25:40 2013 TLS: Initial packet from 192.168.1.1:1194, sid=08b9717d b751cdbf
Wed Mar 6 13:25:42 2013 VERIFY OK: depth=1, /C=RU/ST=MSK/L=Moscow/O=ORG/CN=ORG_CA/emailAddress=hostmaster@example.com
Wed Mar 6 13:25:42 2013 VERIFY OK: depth=0, /C=RU/ST=MSK/L=Moscow/O=ORG/CN=gate.example.com/emailAddress=hostmaster@example.com
Wed Mar 6 13:25:43 2013 Connection reset, restarting [0]
Wed Mar 6 13:25:43 2013 TCP/UDP: Closing socket
Wed Mar 6 13:25:43 2013 SIGUSR1[soft,connection-reset] received, process restarting
Wed Mar 6 13:25:43 2013 Restart pause, 5 second(s)
(every 5 seconds)
Log from RB951-2n:
Mar 6 13:13:35 192.168.1.1 ovpn,info MIKROTIK__: TCP connection established from 192.168.1.100
Mar 6 13:13:35 192.168.1.1 ovpn,info MIKROTIK__: : dialing…
Mar 6 13:13:38 192.168.1.1 ovpn,info MIKROTIK__: : using encoding - BF-128-CBC/SHA1
(every 5 seconds)
No OpenVPN-related debug messages show up.
What can be the problem with this setup?
PS:
I was following http://wiki.mikrotik.com/wiki/OpenVPN
It mentions adding a PPP secret, but it doesn’t seem to be used anywhere afterwards.
Adding it doesn’t change anything.