Community discussions

MikroTik App
 
c_studt
just joined
Topic Author
Posts: 11
Joined: Sun Apr 01, 2007 11:15 am

OpenVPN unknown auth alg

Tue Jan 15, 2008 5:54 pm

Hello,

tried to setup openvpn between linksys wrt54g with dd-wrt (openvpn server OpenVPN 2.0.7) and RB333 with RouterOS 3.0.

The log at the Routerboard always says:
openvpn-out1: initializing...
openvpn-out1: dialing...
openvpn-out1: terminating... - unknown auth alg
openvpn-out1: disconnected
Tried with "sha1", "md5" and "none" always same message.

Log at wrt says:
TLS: Initial packet...
VERIFY OK: depth=1, ...
VERIFY OK: depth=0, ...
Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Connection reset, restarting [0]
when i use md5
TLS: Initial packet...
VERIFY OK: depth=1, ...
VERIFY OK: depth=0, ...
Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Data Channel Encrypt: Using 128 bit message hash 'MD5' for HMAC authentication
Connection reset, restarting [0]
with auth none:
TLS: Initial packet...
VERIFY OK: depth=1, ...
VERIFY OK: depth=0, ...
Connection reset, restarting [0]
Configuration of openvpn-server:
proto tcp-server
port 1194
dev tun0
keepalive 10 120
verb 3
cipher none
auth none

ifconfig-pool-persist /tmp/ipp.txt

push "route 10.4.0.0 255.255.0.0"
route 10.4.0.0 255.255.0.0

persist-key
persist-tun

status openvpn-status.log
ca ca.crt
dh dh1024.pem
cert server.crt
key server.key
Configuration RouterOS:
name="ovpn-out1" mac-address=00:00:00:00:00:00 max-mtu=1500 connect-to=xxx port=1194 
mode=ip user="username" password="password" profile=default certificate=cert2 auth=none 
cipher=none add-default-route=no
Connection works between the linksys wrt and debian etch (OpenVPN 2.0.9).
So is there a problem in configuration or with the openvpn versions?

christian
 
User avatar
mipland
Member Candidate
Member Candidate
Posts: 210
Joined: Thu Sep 14, 2006 4:02 am

Re: OpenVPN unknown auth alg

Thu Jan 31, 2008 10:07 am

Post the openvpn.conf of your wrt router.
 
c_studt
just joined
Topic Author
Posts: 11
Joined: Sun Apr 01, 2007 11:15 am

Re: OpenVPN unknown auth alg

Thu Jan 31, 2008 11:28 am

Post the openvpn.conf of your wrt router.
it was in the post -> Configuration of openvpn-server.

here again:
proto tcp-server
port 1194
dev tun0
keepalive 10 120
verb 3
cipher none
auth none

ifconfig-pool-persist /tmp/ipp.txt

push "route 10.4.0.0 255.255.0.0"
route 10.4.0.0 255.255.0.0

persist-key
persist-tun

status openvpn-status.log
ca ca.crt
dh dh1024.pem
cert server.crt
key server.key
 
User avatar
mipland
Member Candidate
Member Candidate
Posts: 210
Joined: Thu Sep 14, 2006 4:02 am

Re: OpenVPN unknown auth alg

Thu Jan 31, 2008 1:26 pm

Sorry, i didn't understand it....i think the vpn server was on routeros.... Sorry but i never tried it, i ever used only openvpn on routeros side (or on linux, but with linux or windows client, never with routeros client).
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN unknown auth alg

Thu Jan 31, 2008 2:06 pm

works for me ( linux server mikrotik client ):
Version OpenVPN 2.1_rc4 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL]

Server config:

dev tun
proto tcp

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

port 1194

server 15.15.15.0 255.255.255.0

;client-to-client
keepalive 10 120

user nobody
group nogroup

persist-tun
persist-key

verb 3
log /var/log/openvpn/openvpn-server.log
log-append /var/log/openvpn/openvpn-server.log

cipher none
auth none
# cipher AES-256-CBC
# auth MD5

Mikrotik config:
/interface ovpn-client 
add add-default-route=no auth=none certificate=client1 cipher=none comment="" \
    connect-to=xx.xx.xx.xx max-mtu=1500 mode=ip port=1194 profile=default user="user" 
 
mygod100
just joined
Posts: 1
Joined: Fri Jun 13, 2008 6:16 pm

Re: OpenVPN unknown auth alg

Fri Jun 13, 2008 6:20 pm

to my ddwrt on belkin 7231-4 of
OpenVPN 2.0.9 mipsel-unknown-linux [SSL] [LZO] [EPOLL] built on Mar 12 2008
error come the same.
is this the openvpn version too old?
 
hjf
newbie
Posts: 27
Joined: Sun Feb 10, 2008 9:32 pm

Re: OpenVPN unknown auth alg

Wed Apr 29, 2009 6:52 am

I'm bumping this thread as I'm having the same trouble. I followed http://wiki.mikrotik.com/wiki/OpenVPN and I tried running MT as server an Linux as client and vice-versa. Is this a bug on RouterOS?
 
miro9970
just joined
Posts: 7
Joined: Mon May 16, 2011 6:19 pm

Re: OpenVPN unknown auth alg

Mon May 16, 2011 6:38 pm

I am to, have similar problem.
I try to connect to Mikrotik OpenVPN server from DD-WRT OpenVPN client.
Config is taken from working inviroment.
OpenVPN client doesnt complain about anything but in Mikrotik logs says "unknown auth alg"
 
hjf
newbie
Posts: 27
Joined: Sun Feb 10, 2008 9:32 pm

Re: OpenVPN unknown auth alg

Mon May 16, 2011 7:43 pm

This is a 3 and a half year old bug. Mikrotik isn't going to fix this, so I suggest you to use another VPN or ask the DD-WRT guys for help.
 
wifix
just joined
Posts: 12
Joined: Sat May 26, 2007 8:25 pm

Re: OpenVPN unknown auth alg

Fri Dec 21, 2012 12:59 am

SOLVED !!!
After 3 Weeks of fighting with the problem we finally find out the problem.

The problem is caused by the openssl library, that is too new and isn't supported by openvpn mikrotik server.
MT OpenVpn Server (like written in the WiKi) support OpenSSL ver 0.9.8 with Cipher BF algorithm inside.
Openwrt backfire 10.03.1 doesn't has inside the right version, and with no Cipher BF algorithm compiled inside.
So the problem is solved installing Kamikaze old version i successfull use 8.09.2, r18961, or you find the way to compile openssl from source enabling Cipher BF.

Bye.
 
Fraction
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Wed Jan 16, 2013 9:42 pm
Location: Helsinki, Finland

Re: OpenVPN unknown auth alg

Wed Jan 16, 2013 9:54 pm

SOLVED !!!
After 3 Weeks of fighting with the problem we finally find out the problem.

The problem is caused by the openssl library, that is too new and isn't supported by openvpn mikrotik server.
MT OpenVpn Server (like written in the WiKi) support OpenSSL ver 0.9.8 with Cipher BF algorithm inside.
Openwrt backfire 10.03.1 doesn't has inside the right version, and with no Cipher BF algorithm compiled inside.
So the problem is solved installing Kamikaze old version i successfull use 8.09.2, r18961, or you find the way to compile openssl from source enabling Cipher BF.

Bye.
Ouch.. Have been fighting with this long time, but that wasn't the solution I wanted to hear. :)

Need to find some another way to do VPN between MT and OpenWRT then, I don't want to do downgrade to Kamikaze..
 
Grrruk
just joined
Posts: 1
Joined: Tue Jun 04, 2013 10:21 am

Re: OpenVPN unknown auth alg

Wed Jun 05, 2013 1:26 pm

SOLVED !!!
After 3 Weeks of fighting with the problem we finally find out the problem.

The problem is caused by the openssl library, that is too new and isn't supported by openvpn mikrotik server.
MT OpenVpn Server (like written in the WiKi) support OpenSSL ver 0.9.8 with Cipher BF algorithm inside.
Openwrt backfire 10.03.1 doesn't has inside the right version, and with no Cipher BF algorithm compiled inside.
So the problem is solved installing Kamikaze old version i successfull use 8.09.2, r18961, or you find the way to compile openssl from source enabling Cipher BF.

Bye.
Ouch.. Have been fighting with this long time, but that wasn't the solution I wanted to hear. :)

Need to find some another way to do VPN between MT and OpenWRT then, I don't want to do downgrade to Kamikaze..
Any news about this bug? We hit it hard today. I wish I knew about it before deciding between buying RouterOS device and building Linux box for OpenVPN termination!!!! This bug is 5 years old! Ouch. Unfortunately I can't backpedal on this piece equipment, it's alredy here and money paid, but I'm certain I will never ever buy any RouterOS-based device and will advice people against buying it. 5 years! Now I have a serious deadline and stuck with non-working solution :(

The worst part of this bug: time flows and manufacturers produce new small routers, openwrt evolves with them and today it's difficult to find new routers that could run old kamikaze firmware. Not in sufficient amounts of them in my case anyway. The gap is getting wider and wider with time.
 
Djlobster
just joined
Posts: 2
Joined: Sun Dec 22, 2013 11:51 am

Re: OpenVPN unknown auth alg

Sun Dec 22, 2013 12:37 pm

Good day,I have mikrotik rb750gl with the OpenVPN server and the telephone Galaxy 3 with OpenVPN Client (https://play.google.com/store/apps/deta ... eb.openvpn)
't associate these 2 devices on the VPN so I was told that in Mikrotik old libraries Opensll --- I have firmware V6.7 -- I was told that this firmware Openssl 0.9.8 --it's 2005,and today already have Openssl 1.0.1, --- and Android does not understand the old libraries of Openssl ))) please tell me what should I do??? and why in the new firmware de add new Openssl library ? thanks in advance!
 
Enot
just joined
Posts: 8
Joined: Wed Feb 22, 2012 9:29 am
Location: World

Re: OpenVPN unknown auth alg

Tue Dec 31, 2013 1:41 am

Good day,I have mikrotik rb750gl with the OpenVPN server and the telephone Galaxy 3 with OpenVPN Client (https://play.google.com/store/apps/deta ... eb.openvpn)
't associate these 2 devices on the VPN so I was told that in Mikrotik old libraries Opensll --- I have firmware V6.7 -- I was told that this firmware Openssl 0.9.8 --it's 2005,and today already have Openssl 1.0.1, --- and Android does not understand the old libraries of Openssl ))) please tell me what should I do??? and why in the new firmware de add new Openssl library ? thanks in advance!
Install normal and full OpenVPN server in MetaRouter with OpenWRT image... OpenVPN integrated in Mikrotik will give you only problems... Mikrotik team don't like OpenVPN, no one know why... it's biggest secret on this forum. :lol:
 
chriswyth
just joined
Posts: 1
Joined: Sun Apr 20, 2014 10:30 pm

Re: OpenVPN unknown auth alg

Sun Apr 20, 2014 10:39 pm

tja, well, now in 4.2014 there seems to be still the same probelm when trying to connect to an openvpn server 2.1.4-3 on openwrt. Is there a clean solution without downgrading the server? And (hahaa), I got an RB SXT with Level 3 licence ..what a joke!!
Any good news on flashing OpenWRT ? sh** (sorry n'est-ce pas:)
 
jpillora
just joined
Posts: 4
Joined: Wed Jun 25, 2014 5:18 am

Re: OpenVPN unknown auth alg

Fri Jul 18, 2014 5:39 am

July 2014 (v6.15) and still getting
terminating... - unknown auth alg
. Please bump version of OpenVPN.
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Re: OpenVPN unknown auth alg

Sat Jul 19, 2014 12:01 am

Good day,I have mikrotik rb750gl with the OpenVPN server and the telephone Galaxy 3 with OpenVPN Client (https://play.google.com/store/apps/deta ... eb.openvpn)
't associate these 2 devices on the VPN so I was told that in Mikrotik old libraries Opensll --- I have firmware V6.7 -- I was told that this firmware Openssl 0.9.8 --it's 2005,and today already have Openssl 1.0.1, --- and Android does not understand the old libraries of Openssl ))) please tell me what should I do??? and why in the new firmware de add new Openssl library ? thanks in advance!
Install normal and full OpenVPN server in MetaRouter with OpenWRT image... OpenVPN integrated in Mikrotik will give you only problems... Mikrotik team don't like OpenVPN, no one know why... it's biggest secret on this forum. :lol:
The second biggest. Maybe. The first is the Dude.
 
cecelia
just joined
Posts: 1
Joined: Sat Dec 06, 2014 4:53 pm

Re: OpenVPN unknown auth alg

Mon Dec 08, 2014 12:20 pm

I am using trusted VPN software on my blackberry for along time without any connection problems. I suggest trying it for free http://www.vpnfaqs.com/2014/11/comparis ... y-and-vpn/
 
ivan07
newbie
Posts: 26
Joined: Wed Mar 04, 2015 2:57 am

Re: OpenVPN unknown auth alg

Wed Mar 25, 2015 1:54 am

Same problem with Mikrotik OVPN Client in 6.27 :shock:
Is there any solution without downgrade?
 
teejay3
just joined
Posts: 2
Joined: Fri Jan 31, 2014 7:36 pm

Re: OpenVPN unknown auth alg

Tue Nov 03, 2020 9:49 am

Any updates on this problem? Running client on 6.48.8.
 
bohmkarel
just joined
Posts: 2
Joined: Mon Mar 21, 2016 11:52 am

Re: OpenVPN unknown auth alg

Thu Nov 19, 2020 7:49 pm

Any updates on this problem? Running client on 6.48.8.
Hi i have solved this issue by adding this to client config.


data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
cipher AES-256-CBC
ncp-disable
 
TomSVK
just joined
Posts: 1
Joined: Thu Jun 15, 2023 11:04 am

Re: OpenVPN unknown auth alg

Thu Jun 15, 2023 11:06 am

Any updates on this problem? Running client on 6.48.8.
Hi i have solved this issue by adding this to client config.


data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
cipher AES-256-CBC
ncp-disable
U solved my two month headache....kudos tu you!!!!
 
ARedwan199
just joined
Posts: 4
Joined: Wed Aug 08, 2018 8:51 am
Location: Bangladesh

Re: OpenVPN unknown auth alg

Mon Jul 03, 2023 12:24 pm

Any updates on this problem? Running client on 6.48.8.
Hi i have solved this issue by adding this to client config.


data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
cipher AES-256-CBC
ncp-disable
ncp-disable no longer works for openvpn client 2.6.5 just delete that line and keep data-cipher and cipher line. Thank you very much. Solved the issue for me.

Who is online

Users browsing this forum: CGGXANNX and 73 guests