Community discussions

MUM Europe 2020
 
a575606
just joined
Topic Author
Posts: 12
Joined: Tue Feb 26, 2019 8:00 pm

OpenVPN Server Setup with Windows 10 client - MANAGEMENT: >STATE: xxx,TCP_CONNECT

Sun Mar 03, 2019 8:28 pm

Hi, I'm new to Mikrotik and part of the reason I decided to get the RB4011 wifi router was to learn more about networking. I have a grasp of networking basics and I have a pretty solid IT background, but I'm finding a lot of things don't seem to work as expected in Router OS. I have strange wifi issues and often I follow a tutorial online and it doesn't work the same way... so I'm a bit stuck and was hoping someone might be willing to help.

I have an issue setting up OpenVPN server on the router and connecting via windows 10 client. Hear me out before saying this has already been discussed, and linking other threads. I've probably read all of them, and I've also run through this guide twice, and I'm stuck. (https://systemzone.net/mikrotik-openvpn ... ws-client/)

After setting everything up, when I try to connect the connection hangs at this point in the process:

Mon Mar 04 01:03:55 2019 MANAGEMENT: >STATE: xxxxx,TCP_CONNECT,,,,,,
Mon Mar 04 01:05:55 2019 TCP: connect to [AF_INET]x.x.x.x:1194 failed: Unknown error

The basic router configuration is working fine. I added and signed the ca, server and client certs, exported them. I followed the config template given in the link, but that didn't connect at all, so I had to tweak it a bit, but here's what I ended up with:
dev tun
proto tcp-client

remote x.x.x.x 1194

ca ca.crt
cert client.crt
key client.key

tls-client
port 1194

persist-tun
persist-key

nobind

remote-cert-tls server

verb 3
mute-replay-warnings

cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache
pull
It's the server config where things get a bit hazy for me. Under PPP -> Interface, I have OVPN Server enabled, port 1194, Mode: ip, Netmask 24 and Certificate set to the server cert and all the right Auth options checked.

For Default Profile I have default-encryption selected, but that's when it gets complicated. I'm not sure how much gets set up when you enable the OpenVPN server and what still needs to be manually set up. Some masquerade entries get added by themselves, but what about routes? And firewall rules? There is also the option to add an "Open VPN Server Binding" interface which isn't talked about much in docs or the tutorial.

The instructions from the link say to use an ip in the same lan subnet for the vpn connections, but the settings pages seem to point to using a separate vpn address pool, which is what I'm familiar with from most OVPN setups. So I'm not quite sure where to go next and I've already had to factory reset once trying to track down the problem and locking myself out of the router settings. If anyone is willing to help, it would be much appreciated.
 
blackmamba
just joined
Posts: 6
Joined: Tue Feb 26, 2019 8:35 pm

Re: OpenVPN Server Setup with Windows 10 client - MANAGEMENT: >STATE: xxx,TCP_CONNECT

Sun Mar 03, 2019 10:46 pm

Before fixing the routes, the client should connect to the server. The error you get is before routes are in discussion.

One possible problem could be the IP class you use in the VPN server assignments. Does that somehow conflict with the IP address the Windows 10 client has?

Increase verb from 3 to 20 and see if you get more info.

[AF_INET]x.x.x.x:1194 failed: Unknown error error usually appears when you try to connect from a LAN interface (NAT IP address) to a WAN interface. Can you try to connect from a different, separate network with public access? Or you are already trying this ? because this is not mentioned in your initial post, that's why I am asking so we can eliminate this.
 
a575606
just joined
Topic Author
Posts: 12
Joined: Tue Feb 26, 2019 8:00 pm

Re: OpenVPN Server Setup with Windows 10 client - MANAGEMENT: >STATE: xxx,TCP_CONNECT

Mon Mar 04, 2019 3:56 pm

Thanks for the reply. Well, when you said that I was hoping that was the issue. Because, yes, when I was trying to set OpenVPN up, I was doing test connects from the same LAN, which shouldn't have worked. And fyi, my lan is on the x.x.2.0/24 subnet and what I'm going for is to use x.x.3.1-10 ips for openvpn connections, but have the x.x.2.x accessible.

I'm now away from home and I'm hanging on the same error message. So I'm guessing that's not the issue. Unfortunately I can't get in to try anything else, but if you have any suggestions for what to look at, or what to try when I'm back, that would be great. Or if there's anything wrong in the client config, I can always tweak that.
Last edited by a575606 on Mon Mar 04, 2019 4:09 pm, edited 1 time in total.
 
a575606
just joined
Topic Author
Posts: 12
Joined: Tue Feb 26, 2019 8:00 pm

Re: OpenVPN Server Setup with Windows 10 client - MANAGEMENT: >STATE: xxx,TCP_CONNECT

Mon Mar 04, 2019 3:58 pm

Actually, strike that. Luckily I have OpenVPN running on my server on a different port and that still works fine, so it gives me access to my lan, including Mikrotik. I could just use that, but I guess I feel this service really belongs on the router more than the server. So, I'm happy to try anything else you can recommend. Thanks again.

Who is online

Users browsing this forum: No registered users and 29 guests