Updated my RB2011UiAS to ROS 7.1.5 to set up OVPN UDP server.
My ROS settings attached to the post.
My Mac OVPN client settings:
Code: Select all
client
dev tun
proto udp
remote x.x.x.x 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
</key>
auth-user-pass
remote-cert-tls server
;tls-auth ta.key 1
;cipher x
;comp-lzo
verb 3
;mute 20
route 192.168.88.0 255.255.255.0
ping 15
ping-restart 45
ping-timer-rem
;route-delay 5
;route-gateway 192.168.88.1
;redirect-gateway def1
In microtik log I found such error
Code: Select all
recvd P_DATA packet, dropping
After OVPN crashes:
Code: Select all
disconnected <TLS failed>
Code: Select all
[Jun 14, 2022, 18:02:23] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Jun 14, 2022, 18:02:23] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
13 [verb] [3]
17 [ping-timer-rem]
⏎[Jun 14, 2022, 18:02:23] EVENT: RESOLVE ⏎[Jun 14, 2022, 18:02:23] Contacting Х.Х.Х.Х:1194 via UDP
⏎[Jun 14, 2022, 18:02:23] EVENT: WAIT ⏎[Jun 14, 2022, 18:02:23] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "Х.Х.Х.Х",
"ipv6" : false,
"pid" : 3267
}
⏎[Jun 14, 2022, 18:02:23] Connecting to [Х.Х.Х.Х]:1194 (Х.Х.Х.Х) via UDPv4
⏎[Jun 14, 2022, 18:02:23] EVENT: CONNECTING ⏎[Jun 14, 2022, 18:02:23] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Jun 14, 2022, 18:02:23] Creds: Username/Password
⏎[Jun 14, 2022, 18:02:23] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCmacOS_3.3.6-4368
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
⏎[Jun 14, 2022, 18:02:28] SSL Handshake: peer certificate: CN=test-srv-OVPN, 4096 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
⏎[Jun 14, 2022, 18:02:28] Session is ACTIVE
⏎[Jun 14, 2022, 18:02:28] EVENT: GET_CONFIG ⏎[Jun 14, 2022, 18:02:28] Sending PUSH_REQUEST to server...
⏎[Jun 14, 2022, 18:02:29] Sending PUSH_REQUEST to server...
⏎[Jun 14, 2022, 18:02:31] Sending PUSH_REQUEST to server...
⏎[Jun 14, 2022, 18:02:31] OPTIONS:
0 [route] [192.168.88.0] [255.255.255.0]
1 [ping] [20]
2 [ping-restart] [60]
3 [topology] [subnet]
4 [route-gateway] [10.8.7.1]
5 [ifconfig] [10.8.7.7] [255.255.255.0]
⏎[Jun 14, 2022, 18:02:31] PROTOCOL OPTIONS:
cipher: BF-CBC
digest: SHA1
key-derivation: OpenVPN PRF
compress: NONE
peer ID: -1
⏎[Jun 14, 2022, 18:02:31] TunPersist: short-term connection scope
⏎[Jun 14, 2022, 18:02:31] TunPersist: new tun context
⏎[Jun 14, 2022, 18:02:31] EVENT: ASSIGN_IP ⏎[Jun 14, 2022, 18:02:31] CAPTURED OPTIONS:
Session Name: Х.Х.Х.Х
Layer: OSI_LAYER_3
MTU: 1500
Remote Address: Х.Х.Х.Х
Tunnel Addresses:
10.8.7.7/24 -> 10.8.7.1
Reroute Gateway: IPv4=0 IPv6=0 flags=[ IPv4 ]
Block IPv6: no
Add Routes:
192.168.88.0/24
Exclude Routes:
DNS Servers:
Search Domains:
⏎[Jun 14, 2022, 18:02:31] SetupClient: transmitting tun setup list to /var/run/agent_ovpnconnect.sock
{
"config" :
{
"iface_name" : "",
"layer" : "OSI_LAYER_3",
"tun_prefix" : false
},
"pid" : 3267,
"tun" :
{
"adapter_domain_suffix" : "",
"add_routes" :
[
{
"address" : "192.168.88.0",
"gateway" : "",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
],
"block_ipv6" : false,
"layer" : 3,
"mtu" : 1500,
"remote_address" :
{
"address" : "Х.Х.Х.Х",
"ipv6" : false
},
"reroute_gw" :
{
"flags" : 256,
"ipv4" : false,
"ipv6" : false
},
"route_metric_default" : -1,
"session_name" : "Х.Х.Х.Х",
"tunnel_address_index_ipv4" : 0,
"tunnel_address_index_ipv6" : -1,
"tunnel_addresses" :
[
{
"address" : "10.8.7.7",
"gateway" : "10.8.7.1",
"ipv6" : false,
"metric" : -1,
"net30" : false,
"prefix_length" : 24
}
]
}
}
POST unix://[/var/run/agent_ovpnconnect.sock]/tun-setup : 200 OK
{
"iface_name" : "utun3",
"layer" : "OSI_LAYER_3",
"tun_prefix" : true
}
/sbin/ifconfig utun3 down
/sbin/ifconfig utun3 10.8.7.7 10.8.7.1 netmask 255.255.255.0 mtu 1500 up
/sbin/route add -net 10.8.7.0 -netmask 255.255.255.0 10.8.7.7
add net 10.8.7.0: gateway 10.8.7.7
/sbin/route add -net 192.168.88.0 -netmask 255.255.255.0 10.8.7.1
add net 192.168.88.0: gateway 10.8.7.1
MacDNSAction: FLAGS=F RD=0 SO=5000 DNS= DOM= ADS=
open utun3 SUCCEEDED
⏎[Jun 14, 2022, 18:02:31] Connected via utun3
⏎[Jun 14, 2022, 18:02:31] Per-Key Data Limit: 48000000/48000000
⏎[Jun 14, 2022, 18:02:31] EVENT: CONNECTED admin@Х.Х.Х.Х:1194 (Х.Х.Х.Х) via /UDPv4 on utun3/10.8.7.7/ gw=[10.8.7.1/]⏎[Jun 14, 2022, 18:02:31] EVENT: WARN Proto: Using a 64-bit block cipher that is vulnerable to the SWEET32 attack. Please inform your admin to upgrade to a stronger algorithm. Support for 64-bit block cipher will be dropped in the future.⏎[Jun 14, 2022, 18:06:32] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Jun 14, 2022, 18:06:32] Creds: Username/Password
⏎[Jun 14, 2022, 18:06:32] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCmacOS_3.3.6-4368
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
⏎[Jun 14, 2022, 18:06:40] SSL Handshake: peer certificate: CN=test-srv-OVPN, 4096 bit RSA, cipher: ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
⏎[Jun 14, 2022, 18:06:40] Per-Key Data Limit: 48000000/48000000
⏎[Jun 14, 2022, 18:06:45] TUN write error: cannot identify IP version for prefix
⏎[Jun 14, 2022, 18:06:45] TUN Error: TUN I/O error
⏎[Jun 14, 2022, 18:06:45] EVENT: TUN_ERROR TUN I/O error⏎[Jun 14, 2022, 18:06:45] Client terminated, restarting in 5000 ms...
⏎[Jun 14, 2022, 18:06:45] SetupClient: transmitting tun destroy request to /var/run/agent_ovpnconnect.sock
GET unix://[/var/run/agent_ovpnconnect.sock]/tun-destroy : 200 OK
/sbin/route delete -net 10.8.7.0 -netmask 255.255.255.0 10.8.7.7
delete net 10.8.7.0: gateway 10.8.7.7
/sbin/route delete -net 192.168.88.0 -netmask 255.255.255.0 10.8.7.1
delete net 192.168.88.0: gateway 10.8.7.1
/sbin/ifconfig utun3 down
MacDNSAction: FLAGS=F
⏎[Jun 14, 2022, 18:06:50] EVENT: RECONNECTING ⏎[Jun 14, 2022, 18:06:50] EVENT: RESOLVE ⏎[Jun 14, 2022, 18:06:50] Contacting Х.Х.Х.Х:1194 via UDP
⏎[Jun 14, 2022, 18:06:50] EVENT: WAIT ⏎[Jun 14, 2022, 18:06:50] UnixCommandAgent: transmitting bypass route to /var/run/agent_ovpnconnect.sock
{
"host" : "Х.Х.Х.Х",
"ipv6" : false,
"pid" : 3267
}
⏎[Jun 14, 2022, 18:06:50] Connecting to [Х.Х.Х.Х]:1194 (Х.Х.Х.Х) via UDPv4
⏎[Jun 14, 2022, 18:06:50] EVENT: CONNECTING ⏎[Jun 14, 2022, 18:06:50] Tunnel Options:V4,dev-type tun,link-mtu 1541,tun-mtu 1500,proto UDPv4,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Jun 14, 2022, 18:06:50] Creds: Username/Password
⏎[Jun 14, 2022, 18:06:50] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=mac
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCmacOS_3.3.6-4368
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1
⏎[Jun 14, 2022, 18:06:53] Raw stats on disconnect:
BYTES_IN : 73074598
BYTES_OUT : 5413149
PACKETS_IN : 49331
PACKETS_OUT : 49658
TUN_BYTES_IN : 3586638
TUN_BYTES_OUT : 71250062
TUN_PACKETS_IN : 49632
TUN_PACKETS_OUT : 49300
TUN_FRAMING_ERROR : 1
TUN_ERROR : 1
N_RECONNECT : 1
N_KEY_LIMIT_RENEG : 1
⏎[Jun 14, 2022, 18:06:53] Performance stats on disconnect:
CPU usage (microseconds): 5633945
Tunnel compression ratio (uplink): 1.50925
Tunnel compression ratio (downlink): 1.02561
Network bytes per CPU second: 13931223
Tunnel bytes per CPU second: 13283179
⏎[Jun 14, 2022, 18:06:53] EVENT: DISCONNECTED ⏎
Please help howto fix this issue