Community discussions

MikroTik App
 
jda
just joined
Topic Author
Posts: 21
Joined: Thu Jun 04, 2015 11:34 am

Problems connecting via Ovpn using Viscosity VPN client

Fri Aug 27, 2021 10:32 am

I have been using Tunnelblick as my VPN client on Mac into our network which worked fine. However, there is a problem with VMs on my Mac not being able to use the VPN connection on MacOS 11.5 and VMware Fusion 12. This should be working Ok with Viscosity VPN client - so I'm trying to test this to see if we should change.

When I install Viscosity it suggests to import the configuration from Tunnelblick (fine!) - so I did. However, no matter what I try I cannot get it to connect. I have tried the latest version 1.9.4 and now the beta version of the client (as that supports Ovpn 2.5). I have also updated RouterOS to version 6.48.4. But no luck so far :-(

This is the log from the Viscosity client:
2021-08-27 09:16:53: Viscosity Mac 1.10b4 (1580)
2021-08-27 09:16:53: Viscosity OpenVPN Engine Started
2021-08-27 09:16:53: Running on macOS 11.5.2
2021-08-27 09:16:53: ---------
2021-08-27 09:16:53: State changed to Connecting
2021-08-27 09:16:53: Checking reachability status of connection...
2021-08-27 09:16:53: Connection is reachable. Starting connection attempt.
2021-08-27 09:16:53: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-08-27 09:16:53: Current Parameter Settings:
2021-08-27 09:16:53:   config = 'config.conf'
2021-08-27 09:16:53:   mode = 0
2021-08-27 09:16:53:   show_ciphers = DISABLED
2021-08-27 09:16:53:   show_digests = DISABLED
2021-08-27 09:16:53:   show_engines = DISABLED
2021-08-27 09:16:53:   genkey = DISABLED
2021-08-27 09:16:53:   genkey_filename = '[UNDEF]'
2021-08-27 09:16:53:   key_pass_file = '[UNDEF]'
2021-08-27 09:16:53:   show_tls_ciphers = DISABLED
2021-08-27 09:16:53:   connect_retry_max = 0
2021-08-27 09:16:53: Connection profiles [0]:
2021-08-27 09:16:53:   proto = tcp-client
2021-08-27 09:16:53:   local = '[UNDEF]'
2021-08-27 09:16:53:   local_port = '[UNDEF]'
2021-08-27 09:16:53:   remote = 'myvpn.domain.com'
2021-08-27 09:16:53:   remote_port = '1194'
2021-08-27 09:16:53:   remote_float = DISABLED
2021-08-27 09:16:53:   bind_defined = DISABLED
2021-08-27 09:16:53:   bind_local = DISABLED
2021-08-27 09:16:53:   bind_ipv6_only = DISABLED
2021-08-27 09:16:53:   connect_retry_seconds = 5
2021-08-27 09:16:53:   connect_timeout = 120
2021-08-27 09:16:53:   socks_proxy_server = '[UNDEF]'
2021-08-27 09:16:53:   socks_proxy_port = '[UNDEF]'
2021-08-27 09:16:53:   tun_mtu = 1500
2021-08-27 09:16:53:   tun_mtu_defined = ENABLED
2021-08-27 09:16:53:   link_mtu = 1500
2021-08-27 09:16:53:   link_mtu_defined = DISABLED
2021-08-27 09:16:53:   tun_mtu_extra = 0
2021-08-27 09:16:53:   tun_mtu_extra_defined = DISABLED
2021-08-27 09:16:53:   mtu_discover_type = -1
2021-08-27 09:16:53:   fragment = 0
2021-08-27 09:16:53:   mssfix = 1450
2021-08-27 09:16:53:   explicit_exit_notification = 0
2021-08-27 09:16:53:   tls_auth_file = '[UNDEF]'
2021-08-27 09:16:53:   key_direction = not set
2021-08-27 09:16:53:   tls_crypt_file = '[UNDEF]'
2021-08-27 09:16:53:   tls_crypt_v2_file = '[UNDEF]'
2021-08-27 09:16:53: Connection profiles END
2021-08-27 09:16:53:   remote_random = DISABLED
2021-08-27 09:16:53:   ipchange = '[UNDEF]'
2021-08-27 09:16:53:   dev = 'tun'
2021-08-27 09:16:53:   dev_type = '[UNDEF]'
2021-08-27 09:16:53:   dev_node = 'utun'
2021-08-27 09:16:53:   lladdr = '[UNDEF]'
2021-08-27 09:16:53:   topology = 1
2021-08-27 09:16:53:   ifconfig_local = '[UNDEF]'
2021-08-27 09:16:53:   ifconfig_remote_netmask = '[UNDEF]'
2021-08-27 09:16:53:   ifconfig_noexec = DISABLED
2021-08-27 09:16:53:   ifconfig_nowarn = DISABLED
2021-08-27 09:16:53:   ifconfig_ipv6_local = '[UNDEF]'
2021-08-27 09:16:53:   ifconfig_ipv6_netbits = 0
2021-08-27 09:16:53:   ifconfig_ipv6_remote = '[UNDEF]'
2021-08-27 09:16:53:   shaper = 0
2021-08-27 09:16:53:   mtu_test = 0
2021-08-27 09:16:53:   mlock = DISABLED
2021-08-27 09:16:53:   keepalive_ping = 0
2021-08-27 09:16:53:   keepalive_timeout = 0
2021-08-27 09:16:53:   inactivity_timeout = 0
2021-08-27 09:16:53:   ping_send_timeout = 10
2021-08-27 09:16:53:   ping_rec_timeout = 45
2021-08-27 09:16:53:   ping_rec_timeout_action = 2
2021-08-27 09:16:53:   ping_timer_remote = DISABLED
2021-08-27 09:16:53:   remap_sigusr1 = 0
2021-08-27 09:16:53:   persist_tun = DISABLED
2021-08-27 09:16:53:   persist_local_ip = DISABLED
2021-08-27 09:16:53:   persist_remote_ip = DISABLED
2021-08-27 09:16:53:   persist_key = ENABLED
2021-08-27 09:16:53:   passtos = DISABLED
2021-08-27 09:16:53:   resolve_retry_seconds = 1000000000
2021-08-27 09:16:53:   resolve_in_advance = DISABLED
2021-08-27 09:16:53:   username = '[UNDEF]'
2021-08-27 09:16:53:   groupname = '[UNDEF]'
2021-08-27 09:16:53:   chroot_dir = '[UNDEF]'
2021-08-27 09:16:53:   cd_dir = '[UNDEF]'
2021-08-27 09:16:53:   writepid = '[UNDEF]'
2021-08-27 09:16:53:   up_script = '[UNDEF]'
2021-08-27 09:16:53:   down_script = '[UNDEF]'
2021-08-27 09:16:53:   down_pre = DISABLED
2021-08-27 09:16:53:   up_restart = DISABLED
2021-08-27 09:16:53:   up_delay = DISABLED
2021-08-27 09:16:53:   daemon = DISABLED
2021-08-27 09:16:53:   inetd = 0
2021-08-27 09:16:53:   log = DISABLED
2021-08-27 09:16:53:   suppress_timestamps = DISABLED
2021-08-27 09:16:53:   machine_readable_output = ENABLED
2021-08-27 09:16:53:   nice = 0
2021-08-27 09:16:53:   verbosity = 4
2021-08-27 09:16:53:   mute = 100
2021-08-27 09:16:53:   status_file = '[UNDEF]'
2021-08-27 09:16:53:   status_file_version = 1
2021-08-27 09:16:53:   status_file_update_freq = 60
2021-08-27 09:16:53:   occ = ENABLED
2021-08-27 09:16:53:   rcvbuf = 0
2021-08-27 09:16:53:   sndbuf = 0
2021-08-27 09:16:53:   sockflags = 0
2021-08-27 09:16:53:   fast_io = DISABLED
2021-08-27 09:16:53:   comp.alg = 0
2021-08-27 09:16:53:   comp.flags = 0
2021-08-27 09:16:53: NOTE: --mute triggered...
2021-08-27 09:16:53: 187 variation(s) on previous 100 message(s) suppressed by --mute
2021-08-27 09:16:53: OpenVPN 2.5.3 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-08-27 09:16:53: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2021-08-27 09:16:53: Resolving address: myvpn.domain.com
2021-08-27 09:16:53: Valid endpoint found: 111.222.333.444:1194:tcp-client
2021-08-27 09:16:53: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-08-27 09:16:53: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-08-27 09:16:53: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-27 09:16:53: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-27 09:16:53: TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:53: Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2021-08-27 09:16:53: TCP connection established with [AF_INET]111.222.333.444:1194
2021-08-27 09:16:53: TCP_CLIENT link local: (not bound)
2021-08-27 09:16:53: TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:53: State changed to Authenticating
2021-08-27 09:16:53: TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=c1c66253 00fde63e
2021-08-27 09:16:56: VERIFY OK: depth=1, CN=ca
2021-08-27 09:16:56: VERIFY OK: depth=0, CN=server
2021-08-27 09:16:57: Connection reset, restarting [0]
2021-08-27 09:16:57: TCP/UDP: Closing socket
2021-08-27 09:16:57: SIGUSR1[soft,connection-reset] received, process restarting
2021-08-27 09:16:57: Viscosity Mac 1.10b4 (1580)
2021-08-27 09:16:57: Viscosity OpenVPN Engine Started
2021-08-27 09:16:57: Running on macOS 11.5.2
2021-08-27 09:16:57: ---------
2021-08-27 09:16:57: State changed to Connecting
2021-08-27 09:16:57: Resolving address: myvpn.domain.com
2021-08-27 09:16:57: Resolving address: myvpn.domain.com
2021-08-27 09:16:57: Valid endpoint found: 111.222.333.444:1194:tcp-client
2021-08-27 09:16:57: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-08-27 09:16:57: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-27 09:16:57: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-27 09:16:57: TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:57: Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2021-08-27 09:16:57: TCP connection established with [AF_INET]111.222.333.444:1194
2021-08-27 09:16:57: TCP_CLIENT link local: (not bound)
2021-08-27 09:16:57: TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:57: State changed to Authenticating
2021-08-27 09:16:57: TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=3fa42b08 7bd9de73
2021-08-27 09:16:58: VERIFY OK: depth=1, CN=ca
2021-08-27 09:16:58: VERIFY OK: depth=0, CN=server
2021-08-27 09:16:58: Connection reset, restarting [0]
2021-08-27 09:16:58: TCP/UDP: Closing socket
2021-08-27 09:16:58: SIGUSR1[soft,connection-reset] received, process restarting
2021-08-27 09:16:58: Viscosity Mac 1.10b4 (1580)
2021-08-27 09:16:58: Viscosity OpenVPN Engine Started
2021-08-27 09:16:58: Running on macOS 11.5.2
2021-08-27 09:16:58: ---------
2021-08-27 09:16:58: State changed to Connecting
2021-08-27 09:16:58: Resolving address: myvpn.domain.com
2021-08-27 09:16:59: Resolving address: myvpn.domain.com
2021-08-27 09:16:59: Valid endpoint found: 111.222.333.444:1194:tcp-client
2021-08-27 09:16:59: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-08-27 09:16:59: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-27 09:16:59: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-27 09:16:59: TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:59: Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2021-08-27 09:16:59: TCP connection established with [AF_INET]111.222.333.444:1194
2021-08-27 09:16:59: TCP_CLIENT link local: (not bound)
2021-08-27 09:16:59: TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:59: State changed to Authenticating
2021-08-27 09:16:59: TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=8fc919b9 163f76c5
2021-08-27 09:17:00: VERIFY OK: depth=1, CN=ca
2021-08-27 09:17:00: VERIFY OK: depth=0, CN=server
2021-08-27 09:17:01: State changed to Disconnecting (Manual)
2021-08-27 09:17:01: Connection reset, restarting [0]
2021-08-27 09:17:01: TCP/UDP: Closing socket
2021-08-27 09:17:01: SIGTERM[hard,connection-reset] received, process exiting
2021-08-27 09:17:01: State changed to Disconnected (Process Terminated)

On the MikroTik box the only log messages I see are:
aug/25/2021 19:47:28 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping
aug/25/2021 19:47:30 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping
aug/25/2021 19:47:32 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping
aug/25/2021 19:47:34 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping

This is the way I set up certificates and users:
/certificate 
 add name=ca-template common-name=ca days-valid=3065 key-usage=key-cert-sign,crl-sign 
 add name=server-template common-name=server days-valid=3065 
 add name=client-template common-name=vpnclient days-valid=3065 
 sign ca-template name=ca
 sign ca=ca server-template name=server
 sign ca=ca client-template name=vpnclient
 set ca trusted=yes
 set server trusted=yes
 export-certificate ca
 export-certificate vpnclient export-passphrase=yyyyyyyyyyyyy

/ppp secret add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name="user1" password="xxxxxxxxx" routes="" service=ovpn

The Ovpn server is configured like this:
Screenshot 2021-08-27 at 08.09.56.png

And this works fine with this Tunnelblick config (ovpn):
remote myvpn.domain.com 1194
proto tcp-client
#client
tls-client
port 1194
ca cert_export_ca.crt
cert cert_export_vpnclient.crt
key cert_export_vpnclient.key
cipher AES-256-CBC
auth SHA1
dev tun
resolv-retry infinite
nobind
persist-key
ping 10
ping-restart 45
verb 4
auth-user-pass
#auth-nocache
route-method exe
route-delay 2
pull
#redirect-gateway def
route 192.168.42.0 255.255.255.0

When Viscosity imports the ovpn file it adds these extra commands under "Advanced":
resolv-retry infinite
cipher AES-256-CBC
verb 4
route-delay 2
auth SHA1

What could I be missing here? I really would like to test if Viscosity can solve the VMs' problems of using the VPN connection.

Thanks in advance!

/John
You do not have the required permissions to view the files attached to this post.
 
jda
just joined
Topic Author
Posts: 21
Joined: Thu Jun 04, 2015 11:34 am

Re: Problems connecting via Ovpn using Viscosity VPN client

Thu Sep 09, 2021 4:36 pm

Anyone???

Thanks in advance!

Who is online

Users browsing this forum: Bing [Bot] and 49 guests