Community discussions

 
steinbergs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Fri Sep 09, 2016 4:20 pm
Location: Riga, Latvija

OVPN problem

Wed May 24, 2017 12:37 pm

HI! I configured OpenVPN on my Mikrotik ROS v6.39.1.
From my Linux PC everything works fine, but I can't connect from any windows machine.
Can someone help me with this?


I configured the server as in this tutorial: https://wiki.mikrotik.com/wiki/OpenVPN


OpenVPN config:
proto tcp-client

remote xxx.xxx.xxx.xxx 1194
dev tap

nobind
persist-key

tls-client
ca cert_export_myCa.crt
cert cert_export_client1.crt
key cert_export_client1.key
ping 10
verb 3

cipher AES-256-CBC
auth SHA1
pull

auth-user-pass auth.cfg
Windows OpenVPN error:
Wed May 24 12:23:29 2017 Re-using SSL/TLS context
Wed May 24 12:23:29 2017 Control Channel MTU parms [ L:1655 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Wed May 24 12:23:29 2017 Data Channel MTU parms [ L:1655 D:1450 EF:123 EB:411 ET:32 EL:3 ]
Wed May 24 12:23:29 2017 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Wed May 24 12:23:29 2017 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
Wed May 24 12:23:29 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 24 12:23:29 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed May 24 12:23:29 2017 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
Wed May 24 12:23:29 2017 MANAGEMENT: >STATE:1495617809,TCP_CONNECT,,,,,,
Wed May 24 12:23:30 2017 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 24 12:23:30 2017 TCP_CLIENT link local: (not bound)
Wed May 24 12:23:30 2017 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 24 12:23:30 2017 MANAGEMENT: >STATE:1495617810,WAIT,,,,,,
Wed May 24 12:23:30 2017 MANAGEMENT: >STATE:1495617810,AUTH,,,,,,
Wed May 24 12:23:30 2017 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=13a15ddb c66496d7
Wed May 24 12:23:31 2017 VERIFY OK: depth=1, CN=myCa
Wed May 24 12:23:31 2017 VERIFY KU OK
Wed May 24 12:23:31 2017 Validating certificate extended key usage
Wed May 24 12:23:31 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed May 24 12:23:31 2017 VERIFY EKU OK
Wed May 24 12:23:31 2017 VERIFY OK: depth=0, CN=server
Wed May 24 12:23:32 2017 Connection reset, restarting [0]
Wed May 24 12:23:32 2017 TCP/UDP: Closing socket
Wed May 24 12:23:32 2017 SIGUSR1[soft,connection-reset] received, process restarting
Wed May 24 12:23:32 2017 MANAGEMENT: >STATE:1495617812,RECONNECTING,connection-reset,,,,,
Wed May 24 12:23:32 2017 Restart pause, 5 second(s)
I shall read the manual/color]
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: OVPN problem

Wed May 24, 2017 12:54 pm

It would be good to know your OVPN settings on MikroTik...
 
steinbergs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Fri Sep 09, 2016 4:20 pm
Location: Riga, Latvija

Re: OVPN problem

Wed May 24, 2017 1:18 pm

/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 default-profile=default-encryption enabled=yes \
    require-client-certificate=yes
/ppp profile
set *0 change-tcp-mss=default use-encryption=required
set *FFFFFFFE local-address=192.168.99.55 remote-address=pool1
/ppp secret
add name=asdasd password=asdasd profile=default-encryption service=ovpn

Mikrotik error:
13:16:19 echo: ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
Last edited by steinbergs on Thu Feb 15, 2018 8:51 am, edited 1 time in total.
I shall read the manual/color]
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: OVPN problem

Wed May 24, 2017 2:20 pm

Your server settings seem to be fine. I have also set up:
port=1194
mode=ip
netmask=24
mac-address+my_real_mac_address
max-mtu=1500
keep-alive-timeout=60

Don't worry about the error - it appears even if everything works good.

Here are my settings on Windows 10 & OpenVPN GUI v10 (which version you use?).
You may try to change "tap" to "tun".
client
dev tun
proto tcp-client
remote xxx.xxx.xxx.xxx
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca CA.crt
cert cert.crt
key cert.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache
;redirect-gateway def1
 
steinbergs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Fri Sep 09, 2016 4:20 pm
Location: Riga, Latvija

Re: OVPN problem

Wed May 24, 2017 3:10 pm

I tried your config bur I get a Fatal TLS error (check_tls_errors_co), restarting
Wed May 24 14:59:17 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Wed May 24 14:59:17 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Wed May 24 14:59:17 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10
Wed May 24 14:59:18 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx
Wed May 24 14:59:18 2017 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
Wed May 24 14:59:19 2017 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 24 14:59:19 2017 TCP_CLIENT link local: (not bound)
Wed May 24 14:59:19 2017 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Wed May 24 15:00:19 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 24 15:00:19 2017 TLS Error: TLS handshake failed
Wed May 24 15:00:19 2017 Fatal TLS error (check_tls_errors_co), restarting
Wed May 24 15:00:19 2017 SIGUSR1[soft,tls-error] received, process restarting
I shall read the manual/color]
 
steinbergs
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 74
Joined: Fri Sep 09, 2016 4:20 pm
Location: Riga, Latvija

Re: OVPN problem

Wed May 24, 2017 3:38 pm

matiaszon
Problem solved! Your config helpt me, just had to add my 'secret' file!
client
dev tun
proto tcp-client
remote 1.2.3.4
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca cert_export_myCa.crt
cert cert_export_client1.crt
key cert_export_client1.key
[b]auth-user-pass auth.cfg[/b]
Last edited by steinbergs on Thu Feb 15, 2018 8:52 am, edited 1 time in total.
I shall read the manual/color]
 
User avatar
matiaszon
Member
Member
Posts: 305
Joined: Mon Jul 09, 2012 9:26 am

Re: OVPN problem

Fri May 26, 2017 1:14 am

You better hide your public IP and change your username and password...

Who is online

Users browsing this forum: MSN [Bot] and 33 guests