Community discussions

MikroTik App
 
Lasto4kin
just joined
Topic Author
Posts: 2
Joined: Tue Apr 27, 2021 9:41 am

openvpn-as and mikrotik

Mon May 10, 2021 2:48 pm

how to connect openvpn-as and microtik?

i just install openvpn-as from this page(https://openvpn.net/vpn-software-packages/) to my vpn, disable TSL auth and everything perfect works on my android, ios, windows, linux clients but mikrotik doesn't work =\, the connection is established, but it is dead and the server closes it after 1-2 minutes,

if i just do 'apt install openvpn' and use default settings file(https://github.com/OpenVPN/openvpn/blob ... erver.conf) then openvpn on mikrotik works fine, but i have and want to use openvpn access server

how to make this openvpn-as and mikrotik work?

firmware, latest stable

mikrotik:
/interface ovpn-client
add certificate=client.ovpn_1 cipher=aes256 comment=openvpn-as \
    connect-to=192.168.75.34 mac-address=2E:AB:DC:42:CC:DB name=ovpn-out1 \
    password=mikrotik port=443 use-peer-dns=no user=mikrotik \
    verify-server-certificate=yes

openvpn-as.log
TCP connection established with (AF_INET)'
Socket flags: TCP_NODELAY=1 succeeded'
TLS: Initial packet from (AF_INET), sid='
VERIFY OK: depth=1, /CN=OpenVPN CA'
VERIFY OK: nsCertType=CLIENT'
VERIFY OK: depth=0, /CN=mikrotik'
TLS: Username/Password authentication deferred for username 'mikrotik' "
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1559'"
WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'"
Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key"
Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication"
Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key"
Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication"
AUTH SUCCESS {'status': 0, 'reason': 'local auth succeeded', 'serial_list': (), 'user': u'mikrotik', 'proplist': {u'prop_force_lzo': u'false', u'pvt_password_digest': '(redacted)', u'type': u'user_connect', u'prop_autogenerate': u'true'}, 'common_name': u'mikrotik', 'serial': '2'} cli=''/''/None
MANAGEMENT: CMD 'client-auth 13 0'"
Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA'
(mikrotik) Peer Connection Initiated with (AF_INET)'
OPTIONS IMPORT: compression parms modified'
MULTI: Learn: -> mikrotik'
MULTI: primary virtual IP for mikrotik'
PUSH: Received control message: 'PUSH_REQUEST'"
SENT CONTROL (mikrotik): 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,socket-flags TCP_NODELAY,comp-lzo no,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway ip,dhcp-option DNS 108.61.10.10,register-dns,block-ipv6,ifconfig,auth-tokenSESS_ID' (status=1)"
Bad compression stub decompression header byte: 42
Bad compression stub decompression header byte: 69
Bad compression stub decompression header byte: 69
Bad compression stub decompression header byte: 69

Who is online

Users browsing this forum: baragoon, menyarito and 83 guests