When I install Viscosity it suggests to import the configuration from Tunnelblick (fine!) - so I did. However, no matter what I try I cannot get it to connect. I have tried the latest version 1.9.4 and now the beta version of the client (as that supports Ovpn 2.5). I have also updated RouterOS to version 6.48.4. But no luck so far
This is the log from the Viscosity client:
Code: Select all
2021-08-27 09:16:53: Viscosity Mac 1.10b4 (1580)
2021-08-27 09:16:53: Viscosity OpenVPN Engine Started
2021-08-27 09:16:53: Running on macOS 11.5.2
2021-08-27 09:16:53: ---------
2021-08-27 09:16:53: State changed to Connecting
2021-08-27 09:16:53: Checking reachability status of connection...
2021-08-27 09:16:53: Connection is reachable. Starting connection attempt.
2021-08-27 09:16:53: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-08-27 09:16:53: Current Parameter Settings:
2021-08-27 09:16:53: config = 'config.conf'
2021-08-27 09:16:53: mode = 0
2021-08-27 09:16:53: show_ciphers = DISABLED
2021-08-27 09:16:53: show_digests = DISABLED
2021-08-27 09:16:53: show_engines = DISABLED
2021-08-27 09:16:53: genkey = DISABLED
2021-08-27 09:16:53: genkey_filename = '[UNDEF]'
2021-08-27 09:16:53: key_pass_file = '[UNDEF]'
2021-08-27 09:16:53: show_tls_ciphers = DISABLED
2021-08-27 09:16:53: connect_retry_max = 0
2021-08-27 09:16:53: Connection profiles [0]:
2021-08-27 09:16:53: proto = tcp-client
2021-08-27 09:16:53: local = '[UNDEF]'
2021-08-27 09:16:53: local_port = '[UNDEF]'
2021-08-27 09:16:53: remote = 'myvpn.domain.com'
2021-08-27 09:16:53: remote_port = '1194'
2021-08-27 09:16:53: remote_float = DISABLED
2021-08-27 09:16:53: bind_defined = DISABLED
2021-08-27 09:16:53: bind_local = DISABLED
2021-08-27 09:16:53: bind_ipv6_only = DISABLED
2021-08-27 09:16:53: connect_retry_seconds = 5
2021-08-27 09:16:53: connect_timeout = 120
2021-08-27 09:16:53: socks_proxy_server = '[UNDEF]'
2021-08-27 09:16:53: socks_proxy_port = '[UNDEF]'
2021-08-27 09:16:53: tun_mtu = 1500
2021-08-27 09:16:53: tun_mtu_defined = ENABLED
2021-08-27 09:16:53: link_mtu = 1500
2021-08-27 09:16:53: link_mtu_defined = DISABLED
2021-08-27 09:16:53: tun_mtu_extra = 0
2021-08-27 09:16:53: tun_mtu_extra_defined = DISABLED
2021-08-27 09:16:53: mtu_discover_type = -1
2021-08-27 09:16:53: fragment = 0
2021-08-27 09:16:53: mssfix = 1450
2021-08-27 09:16:53: explicit_exit_notification = 0
2021-08-27 09:16:53: tls_auth_file = '[UNDEF]'
2021-08-27 09:16:53: key_direction = not set
2021-08-27 09:16:53: tls_crypt_file = '[UNDEF]'
2021-08-27 09:16:53: tls_crypt_v2_file = '[UNDEF]'
2021-08-27 09:16:53: Connection profiles END
2021-08-27 09:16:53: remote_random = DISABLED
2021-08-27 09:16:53: ipchange = '[UNDEF]'
2021-08-27 09:16:53: dev = 'tun'
2021-08-27 09:16:53: dev_type = '[UNDEF]'
2021-08-27 09:16:53: dev_node = 'utun'
2021-08-27 09:16:53: lladdr = '[UNDEF]'
2021-08-27 09:16:53: topology = 1
2021-08-27 09:16:53: ifconfig_local = '[UNDEF]'
2021-08-27 09:16:53: ifconfig_remote_netmask = '[UNDEF]'
2021-08-27 09:16:53: ifconfig_noexec = DISABLED
2021-08-27 09:16:53: ifconfig_nowarn = DISABLED
2021-08-27 09:16:53: ifconfig_ipv6_local = '[UNDEF]'
2021-08-27 09:16:53: ifconfig_ipv6_netbits = 0
2021-08-27 09:16:53: ifconfig_ipv6_remote = '[UNDEF]'
2021-08-27 09:16:53: shaper = 0
2021-08-27 09:16:53: mtu_test = 0
2021-08-27 09:16:53: mlock = DISABLED
2021-08-27 09:16:53: keepalive_ping = 0
2021-08-27 09:16:53: keepalive_timeout = 0
2021-08-27 09:16:53: inactivity_timeout = 0
2021-08-27 09:16:53: ping_send_timeout = 10
2021-08-27 09:16:53: ping_rec_timeout = 45
2021-08-27 09:16:53: ping_rec_timeout_action = 2
2021-08-27 09:16:53: ping_timer_remote = DISABLED
2021-08-27 09:16:53: remap_sigusr1 = 0
2021-08-27 09:16:53: persist_tun = DISABLED
2021-08-27 09:16:53: persist_local_ip = DISABLED
2021-08-27 09:16:53: persist_remote_ip = DISABLED
2021-08-27 09:16:53: persist_key = ENABLED
2021-08-27 09:16:53: passtos = DISABLED
2021-08-27 09:16:53: resolve_retry_seconds = 1000000000
2021-08-27 09:16:53: resolve_in_advance = DISABLED
2021-08-27 09:16:53: username = '[UNDEF]'
2021-08-27 09:16:53: groupname = '[UNDEF]'
2021-08-27 09:16:53: chroot_dir = '[UNDEF]'
2021-08-27 09:16:53: cd_dir = '[UNDEF]'
2021-08-27 09:16:53: writepid = '[UNDEF]'
2021-08-27 09:16:53: up_script = '[UNDEF]'
2021-08-27 09:16:53: down_script = '[UNDEF]'
2021-08-27 09:16:53: down_pre = DISABLED
2021-08-27 09:16:53: up_restart = DISABLED
2021-08-27 09:16:53: up_delay = DISABLED
2021-08-27 09:16:53: daemon = DISABLED
2021-08-27 09:16:53: inetd = 0
2021-08-27 09:16:53: log = DISABLED
2021-08-27 09:16:53: suppress_timestamps = DISABLED
2021-08-27 09:16:53: machine_readable_output = ENABLED
2021-08-27 09:16:53: nice = 0
2021-08-27 09:16:53: verbosity = 4
2021-08-27 09:16:53: mute = 100
2021-08-27 09:16:53: status_file = '[UNDEF]'
2021-08-27 09:16:53: status_file_version = 1
2021-08-27 09:16:53: status_file_update_freq = 60
2021-08-27 09:16:53: occ = ENABLED
2021-08-27 09:16:53: rcvbuf = 0
2021-08-27 09:16:53: sndbuf = 0
2021-08-27 09:16:53: sockflags = 0
2021-08-27 09:16:53: fast_io = DISABLED
2021-08-27 09:16:53: comp.alg = 0
2021-08-27 09:16:53: comp.flags = 0
2021-08-27 09:16:53: NOTE: --mute triggered...
2021-08-27 09:16:53: 187 variation(s) on previous 100 message(s) suppressed by --mute
2021-08-27 09:16:53: OpenVPN 2.5.3 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Aug 26 2021
2021-08-27 09:16:53: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021-08-27 09:16:53: Resolving address: myvpn.domain.com
2021-08-27 09:16:53: Valid endpoint found: 111.222.333.444:1194:tcp-client
2021-08-27 09:16:53: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-08-27 09:16:53: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-08-27 09:16:53: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-27 09:16:53: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-27 09:16:53: TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:53: Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2021-08-27 09:16:53: TCP connection established with [AF_INET]111.222.333.444:1194
2021-08-27 09:16:53: TCP_CLIENT link local: (not bound)
2021-08-27 09:16:53: TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:53: State changed to Authenticating
2021-08-27 09:16:53: TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=c1c66253 00fde63e
2021-08-27 09:16:56: VERIFY OK: depth=1, CN=ca
2021-08-27 09:16:56: VERIFY OK: depth=0, CN=server
2021-08-27 09:16:57: Connection reset, restarting [0]
2021-08-27 09:16:57: TCP/UDP: Closing socket
2021-08-27 09:16:57: SIGUSR1[soft,connection-reset] received, process restarting
2021-08-27 09:16:57: Viscosity Mac 1.10b4 (1580)
2021-08-27 09:16:57: Viscosity OpenVPN Engine Started
2021-08-27 09:16:57: Running on macOS 11.5.2
2021-08-27 09:16:57: ---------
2021-08-27 09:16:57: State changed to Connecting
2021-08-27 09:16:57: Resolving address: myvpn.domain.com
2021-08-27 09:16:57: Resolving address: myvpn.domain.com
2021-08-27 09:16:57: Valid endpoint found: 111.222.333.444:1194:tcp-client
2021-08-27 09:16:57: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-08-27 09:16:57: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-27 09:16:57: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-27 09:16:57: TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:57: Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2021-08-27 09:16:57: TCP connection established with [AF_INET]111.222.333.444:1194
2021-08-27 09:16:57: TCP_CLIENT link local: (not bound)
2021-08-27 09:16:57: TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:57: State changed to Authenticating
2021-08-27 09:16:57: TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=3fa42b08 7bd9de73
2021-08-27 09:16:58: VERIFY OK: depth=1, CN=ca
2021-08-27 09:16:58: VERIFY OK: depth=0, CN=server
2021-08-27 09:16:58: Connection reset, restarting [0]
2021-08-27 09:16:58: TCP/UDP: Closing socket
2021-08-27 09:16:58: SIGUSR1[soft,connection-reset] received, process restarting
2021-08-27 09:16:58: Viscosity Mac 1.10b4 (1580)
2021-08-27 09:16:58: Viscosity OpenVPN Engine Started
2021-08-27 09:16:58: Running on macOS 11.5.2
2021-08-27 09:16:58: ---------
2021-08-27 09:16:58: State changed to Connecting
2021-08-27 09:16:58: Resolving address: myvpn.domain.com
2021-08-27 09:16:59: Resolving address: myvpn.domain.com
2021-08-27 09:16:59: Valid endpoint found: 111.222.333.444:1194:tcp-client
2021-08-27 09:16:59: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021-08-27 09:16:59: Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2021-08-27 09:16:59: Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2021-08-27 09:16:59: TCP/UDP: Preserving recently used remote address: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:59: Attempting to establish TCP connection with [AF_INET]111.222.333.444:1194 [nonblock]
2021-08-27 09:16:59: TCP connection established with [AF_INET]111.222.333.444:1194
2021-08-27 09:16:59: TCP_CLIENT link local: (not bound)
2021-08-27 09:16:59: TCP_CLIENT link remote: [AF_INET]111.222.333.444:1194
2021-08-27 09:16:59: State changed to Authenticating
2021-08-27 09:16:59: TLS: Initial packet from [AF_INET]111.222.333.444:1194, sid=8fc919b9 163f76c5
2021-08-27 09:17:00: VERIFY OK: depth=1, CN=ca
2021-08-27 09:17:00: VERIFY OK: depth=0, CN=server
2021-08-27 09:17:01: State changed to Disconnecting (Manual)
2021-08-27 09:17:01: Connection reset, restarting [0]
2021-08-27 09:17:01: TCP/UDP: Closing socket
2021-08-27 09:17:01: SIGTERM[hard,connection-reset] received, process exiting
2021-08-27 09:17:01: State changed to Disconnected (Process Terminated)
On the MikroTik box the only log messages I see are:
Code: Select all
aug/25/2021 19:47:28 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping
aug/25/2021 19:47:30 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping
aug/25/2021 19:47:32 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping
aug/25/2021 19:47:34 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,error duplicate packet, dropping
This is the way I set up certificates and users:
Code: Select all
/certificate
add name=ca-template common-name=ca days-valid=3065 key-usage=key-cert-sign,crl-sign
add name=server-template common-name=server days-valid=3065
add name=client-template common-name=vpnclient days-valid=3065
sign ca-template name=ca
sign ca=ca server-template name=server
sign ca=ca client-template name=vpnclient
set ca trusted=yes
set server trusted=yes
export-certificate ca
export-certificate vpnclient export-passphrase=yyyyyyyyyyyyy
/ppp secret add caller-id="" comment="" disabled=no limit-bytes-in=0 limit-bytes-out=0 name="user1" password="xxxxxxxxx" routes="" service=ovpn
The Ovpn server is configured like this:
And this works fine with this Tunnelblick config (ovpn):
Code: Select all
remote myvpn.domain.com 1194
proto tcp-client
#client
tls-client
port 1194
ca cert_export_ca.crt
cert cert_export_vpnclient.crt
key cert_export_vpnclient.key
cipher AES-256-CBC
auth SHA1
dev tun
resolv-retry infinite
nobind
persist-key
ping 10
ping-restart 45
verb 4
auth-user-pass
#auth-nocache
route-method exe
route-delay 2
pull
#redirect-gateway def
route 192.168.42.0 255.255.255.0
When Viscosity imports the ovpn file it adds these extra commands under "Advanced":
Code: Select all
resolv-retry infinite
cipher AES-256-CBC
verb 4
route-delay 2
auth SHA1
What could I be missing here? I really would like to test if Viscosity can solve the VMs' problems of using the VPN connection.
Thanks in advance!
/John