openvpn client push request

aleab · Sat Nov 09, 2019 11:03 am

Hello, i have a mikroitk as openvpn server.
and work fine but i noticed that initial connection it's a little slow...

in log on client i find...

Sat Nov 09 09:54:13 2019 [server] Peer Connection Initiated with [AF_INET]1.2.3.4:1194
Sat Nov 09 09:54:14 2019 MANAGEMENT: >STATE:1573289654,GET_CONFIG,,,,,,
Sat Nov 09 09:54:14 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Nov 09 09:54:19 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Nov 09 09:54:25 2019 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Nov 09 09:54:25 2019 PUSH: Received control message: 'PUSH_REPLY,ping 20,ping-restart 60,topology subnet,route-gateway 10.158.38.236,ifconfig 10.158.38.235 255.255.255.0'
Sat Nov 09 09:54:25 2019 OPTIONS IMPORT: timers and/or timeouts modified

so i think i waste 10 second for
SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

but i set route and other parameters in ovpn client config, i don't need to push directive from server.

can i disable or skip that directive ?

work all fine, but is to optimize all...

to create openvpn server i used this way
- create certificates
- create ip pool and dhcp for openvpn network
- create profile and openvpn server with cipher
- create secret for login
- open port on wan network

Thank you in advance
Ale

gramels · Fri Feb 21, 2020 11:59 am

same here.

Tunnel setup takes up to 40seconds

2020-02-21 10:56:22.006958 MANAGEMENT: >STATE:1582278982,GET_CONFIG,,,,,,
2020-02-21 10:56:22.022563 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2020-02-21 10:56:27.145280 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2020-02-21 10:56:32.645304 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
2020-02-21 10:56:32.725974 PUSH: Received control message ...

any ideas hoe to fix this?

gramels · Thu Apr 02, 2020 8:35 pm

fixed it, timeout was to strict

Zacharias · Fri Apr 03, 2020 12:18 am

Can you give a little more details so that we know as well ?

aleab · Sun May 31, 2020 12:29 am

i don't have find any solution.

can you post how do you solve?

i use this script to configure ovpn server

/certificate add name=CA country="IT" state="IT" locality="IT" organization="home" unit="mk" common-name="CA" key-size=4096 days-valid=3650 key-usage=crl-sign,key-cert-sign
/certificate sign CA ca-crl-host=127.0.0.1 name="CA"
:delay 60s
/certificate add name=server country="IT" state="IT" locality="IT" organization="home" unit="mk" common-name="server" key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
/certificate sign server ca="CA" name="server"
:delay 60s
/certificate add name=client country="IT" state="IT" locality="IT" organization="home" unit="mk" common-name="client" key-size=4096 days-valid=3650 key-usage=tls-client
/certificate sign client ca="CA" name="client"
:delay 60s
/certificate add name=client1 copy-from="client" common-name="client1"
/certificate sign client1 ca="CA" name="client1"
:delay 60s
/certificate export-certificate CA export-passphrase=""
/certificate export-certificate client1 export-passphrase="12345678"

/ip pool
add name=ovpn ranges=10.25.47.30-10.25.47.254
/ip dhcp-server network
add address=10.25.47.0/24 comment=vpn dns-server=192.168.88.1 gateway=192.168.88.1 netmask=24

/ppp profile
add bridge=bridge local-address=ovpn name=open_vpn \
remote-address=ovpn use-compression=no use-encryption=required
/interface ovpn-server server
set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=open_vpn enabled=yes \
require-client-certificate=yes port=443

/ppp secret
add name=client1 password=mysecretpassword profile=open_vpn service=ovpn

/ip firewall filter add action=accept chain=input disabled=no protocol=tcp src-address=10.25.47.0/24 place-before=1 comment="allow all from openvpn"

/ip firewall filter add chain=input comment="allow openvpn port" dst-port=443 protocol=tcp action=accept place-before=1

/ip firewall nat add chain=srcnat src-address=10.25.47.0/24 action=masquerade

and this is ovpn client config

client
dev tun
remote my.remote.address 443 tcp
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca CA.crt
cert client1.crt
key client1.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass login.txt
auth-nocache

route 192.168.88.0 255.255.255.0

thank you in advance

aleab · Fri Jun 26, 2020 12:47 pm

i think is a behavior of mikrotik openvpn server, because i see much tutorial on youtube and all of that have this behavior .
so is not a config can i manage.

i wait, is not a big problem...

thank you

vaskos · Mon Dec 28, 2020 6:08 pm

I have the same problem.

Mon Dec 28 16:19:50 2020 MANAGEMENT: >STATE:1609168790,GET_CONFIG,,,,,,
Mon Dec 28 16:19:50 2020 SENT CONTROL [xxx.sn.mynetname.net]: 'PUSH_REQUEST' (status=1)
Mon Dec 28 16:19:56 2020 SENT CONTROL [xxx.sn.mynetname.net]: 'PUSH_REQUEST' (status=1)
Mon Dec 28 16:20:01 2020 SENT CONTROL [xxx.sn.mynetname.net]: 'PUSH_REQUEST' (status=1)
Mon Dec 28 16:20:01 2020 PUSH: Received control message: 'PUSH_REPLY,ping 20,ping-restart 60,topology subnet,route-gateway 192.168.6.1,ifconfig 192.168.6.251 255.255.255.0'
Mon Dec 28 16:20:01 2020 OPTIONS IMPORT: timers and/or timeouts modified

There are three PUSH_REQUEST, but only last of them has received PUSH_REPLY - as a result for each connection "duplicate packet, dropping" event is logged and its send by email too. But then client is connected and VPN TUN works correctly.

Any suggestion ? Thanks !

openvpn client push request

openvpn client push request

Re: openvpn client push request

Re: openvpn client push request

Re: openvpn client push request

Re: openvpn client push request

Re: openvpn client push request

Re: openvpn client push request

Who is online