Community discussions

MikroTik App
  4. RouterOS
  5. General

[Resolved] OVPN s-t-s having cert issue ?

Post Reply
 
atakacs
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Mon Mar 07, 2016 5:39 pm

[Resolved] OVPN s-t-s having cert issue ?

Thu Mar 18, 2021 8:36 pm

Hello

Trying to setup a site to site OVPN but for some reason I can't seem to have both router connecting.

On server I see:
Code: Select all
18:55:52 ovpn,info TCP connection established from *.*.*.*
18:55:52 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=cb632957515156 pid=0 DATA len=0 
18:55:52 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=243b72a3d2465b86 pid=0 DATA len=0 
18:55:52 ovpn,debug,packet sent P_ACK kid=0 sid=cb632957515156 [0 sid=243b72a3d2465b86] DATA len=0 
18:55:52 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=243b72a3d2465b86 [0 sid=cb632957515156] pid=1 DATA len=0 
18:55:52 ovpn,debug,packet sent P_ACK kid=0 sid=cb632957515156 [1 sid=243b72a3d2465b86] DATA len=0 
18:55:52 ovpn,debug <*.*.*.*>: disconnected <peer disconnected>

On client I see:
Code: Select all
19:06:26 ovpn,info ovpn-out1: initializing... 
19:06:26 ovpn,info ovpn-out1: connecting... 
19:06:26 ovpn,debug,packet sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=3a4ac066c6d883b1 pid=0 DATA len=0 
19:06:26 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=0dee17d650ec7c70 pid=0 DATA len=0 
19:06:26 ovpn,debug,packet sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=3a4ac066c6d883b1 [0 sid=0dee17d650ec7c70] pid=1 DATA len=0 
19:06:26 ovpn,debug,packet rcvd P_ACK kid=0 sid=0dee17d650ec7c70 [0 sid=3a4ac066c6d883b1] DATA len=0 
19:06:26 ovpn,debug ovpn-out1: disconnected <TLS failed> 
19:06:26 ovpn,info ovpn-out1: terminating... - TLS failed 
19:06:26 ovpn,info ovpn-out1: disconnected
Certs have been generated on Mk. Tried with cert with CLR and without. Have tried tried with or without the "Require client certificate" and "verify server sert" option enabled. Nothing works, just that fairly generic message (Which I guess means I have a certs issue ?).

Any idea how I could obtain more info as of what is not working from the logs ?

ROS 6.48.1 on both end
Top
 
atakacs
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Mon Mar 07, 2016 5:39 pm

Re: [Resolved] OVPN s-t-s having cert issue ?

Sun Mar 21, 2021 3:00 pm

If anyone happens to have the same issue: I was somehow missing the matching private key on the client router (thought I had it transferred but turned out not to be the case).
Still wish we could have a more explicit log entry...
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], mquan1984 and 72 guests
  4. RouterOS
  5. General