Win XP OpenVPN client against MT - should it be... *SOLVED*

Bomber67 · Thu Mar 05, 2009 1:12 pm

I am trying to get an OpenVPN client with GUI under Windows XP to work against a Mikrotik OVPN server running 3.20.
I have followed the Wiki at http://wiki.mikrotik.com/wiki/OpenVPN but no connection is possible.

Description:
I have generated a CA certificate at cacert.org, and imported it on the server.

Mikrotik OVPN Server config:

[admin@MT] > interface ovpn-server export
# mar/05/2009 11:27:46 by RouterOS 3.20
# software id = XXXX-LTT
#
/interface ovpn-server
add comment="" disabled=yes name=OVPN-server user=anders
/interface ovpn-server server
set auth=sha1,md5 certificate=cert1 cipher=blowfish128,aes128,aes192,aes256 default-profile=VPN_profile enabled=yes keepalive-timeout=disabled \
    mac-address=FE:89:4C:C3:9F:77 max-mtu=1500 mode=ethernet netmask=24 port=1194 require-client-certificate=no

[admin@MT] > /ppp profile export
# mar/05/2009 11:28:08 by RouterOS 3.20
# software id = XXXX-LTT
#
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default use-compression=default use-encryption=default use-vj-compression=default
add bridge=bridge1 change-tcp-mss=default comment="" local-address=192.168.1.200 name=VPN_profile only-one=default remote-address=VPN-pool \
    use-compression=default use-encryption=required use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption only-one=default use-compression=default use-encryption=yes \
    use-vj-compression=default

[admin@MT] /certificate pr
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa 
 0 KR name="cert1" subject=CN=<domain name> issuer=O=Root CA,OU=http:,,www.cacert.org,CN=CA Cert Signing Authority,emailAddress=support@cacert.org 
      serial-number="068954" invalid-before=mar/05/2009 06:06:43 invalid-after=sep/01/2009 06:06:43 ca=yes 
[admin@MT] >

To verify that the server acutally is setup ok, I have setup an MT OVPN client and imported the same certificate on it:

Mikrotik OVPN client config:

[admin@MT] > interface ovpn-client export
# mar/05/2009 11:34:01 by RouterOS 3.14
# software id = XXXX-PTT
#
/interface ovpn-client
add add-default-route=no auth=sha1 certificate=cert1 cipher=aes256 comment="" \
    connect-to=<OVPN_server_IP> disabled=yes mac-address=FE:67:55:A0:52:E9 \
    max-mtu=1500 mode=ethernet name=ovpn-out1 password=<pass> port=1194 \
    profile=default user=<user>

[admin@MT] > /certificate pr
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa 
 0 KR name="cert1" subject=CN=<domain name> 
      issuer=O=Root CA,OU=http:,,www.cacert.org,CN=CA Cert Signing Authority,
             emailAddress=support@cacert.org 
      serial-number="068954" invalid-before=mar/05/2009 06:06:43 
      invalid-after=sep/01/2009 06:06:43 ca=yes

Mikrotik-to-mikrotik works fine, the server interface for the specific user is added to the bridge automatically, like I want it. I can ping bot ways between the routers.

However, when it comes to the XP client I am a little stuck:

Client configuration file on XP computer:

proto tcp-client

remote <server IP> 1194 # Remote OpenVPN Servername or IP address
dev tap

nobind
persist-key

tls-client
ca ca.crt # Root certificate in the same directory as this configuration file.

#Avoid message that server cert verification method is not enabled: (needed?)
ns-cert-type server

ping 10
verb 3

cipher AES-256-CBC
auth SHA1
pull
auth-user-pass

Log from OVPN Windows client:

Tue Mar 03 14:02:35 2009 OpenVPN 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct  1 2006
Tue Mar 03 14:02:45 2009 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Tue Mar 03 14:02:45 2009 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Mar 03 14:02:45 2009 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Tue Mar 03 14:02:45 2009 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Tue Mar 03 14:02:45 2009 Local Options hash (VER=V4): 'b60e7885'
Tue Mar 03 14:02:45 2009 Expected Remote Options hash (VER=V4): 'fbeb66e6'
Tue Mar 03 14:02:45 2009 Attempting to establish TCP connection with XX.XXZ.163.44:1194
Tue Mar 03 14:02:45 2009 TCP connection established with XX.XX.163.44:1194
Tue Mar 03 14:02:45 2009 TCPv4_CLIENT link local: [undef]
Tue Mar 03 14:02:45 2009 TCPv4_CLIENT link remote: XX.XX.163.44:1194
Tue Mar 03 14:02:45 2009 TLS: Initial packet from XX.XX.163.44:1194, sid=d7784197 e3689903
Tue Mar 03 14:02:48 2009 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /CN=<domain name>
Tue Mar 03 14:02:48 2009 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Mar 03 14:02:48 2009 TLS Error: TLS object -> incoming plaintext read error
Tue Mar 03 14:02:48 2009 TLS Error: TLS handshake failed
Tue Mar 03 14:02:48 2009 Fatal TLS error (check_tls_errors_co), restarting
Tue Mar 03 14:02:48 2009 TCP/UDP: Closing socket
Tue Mar 03 14:02:48 2009 SIGUSR1[soft,tls-error] received, process restarting
Tue Mar 03 14:02:48 2009 Restart pause, 5 second(s)

Log on server shows only the following repeatedly:

.
.
14:03:18 ovpn,debug OPENVPN: <XXX.XX.148.78>: disconnected <peer
disconnected>
14:03:18 ovpn,debug <XXX.XX.148.78>: disconnected <peer disconnected>
14:03:18 ovpn,info <ovpn-0>: terminating... - peer disconnected
14:03:18 ovpn,info OPENVPN: <ovpn-0>: terminating... - peer disconnected
14:03:18 ovpn,info <ovpn-0>: disconnected
14:03:18 ovpn,info OPENVPN: <ovpn-0>: disconnected
14:03:23 ovpn,info TCP connection established from XXX.XX.148.78
14:03:23 ovpn,info OPENVPN: TCP connection established from XXX.XX.148.78
14:03:23 ovpn,info <ovpn-0>: dialing...
14:03:23 ovpn,info OPENVPN: <ovpn-0>: dialing...
14:03:23 ovpn,debug OPENVPN: <XXX.XX.148.78>: disconnected <peer
disconnected>
14:03:23 ovpn,debug <XXX.XX.148.78>: disconnected <peer disconnected>
.
.

It looks like the "VERIFY ERROR: depth=0, error=unable to get local issuer certificate:" message is where the trouble starts, and I believe that the subsequent error messages are caused by this.
The certificate on the server is renamed to ca.crt and stored in the OpenVPN\COnfig folder on the client. I know it is referred, because if I rename it or edit som part of it, the connection attempt halts at a much earlier stage, complaining about ca.crt.

So what does this "VERIFY ERROR:" message mean?

In a lot of the configs found at the openvpn.org website and elsewhere on the net, the XP config file contains the settings "cert" and "key", referring to a client certificate and a key.
As the wiki example does not include these settings, it should not be necessary to generate any server/client certificates or keys?

The fact that MT-MT works is also a kind of proof that the CA certificate should be enough, or what?

I know that people out there have succeded in what I try to do, so please help me find a way out!

msundman · Thu Mar 05, 2009 4:40 pm

Looks like there is a problem with your CA certificate that you are trying to use on the client.

I've successfully used OpenVPN + GUI from openvpn.se to connect to a Mikrotik router, but I used easy-rsa from the OpenVPN package to create the ca cert. Could you try with an easy-rsa cert just to check?

Also, you should have a server cert/private key installed on the server. I can't see that you have imported that in your config. I don't remember exactly how I set it up now, but I can test it tonight again...

Bomber67 · Thu Mar 05, 2009 10:21 pm

Looks like there is a problem with your CA certificate that you are trying to use on the client.

Ok, but isn't the fact that the same cert works on the Mikrotik client an evidence that it is ok?

I've successfully used OpenVPN + GUI from openvpn.se to connect to a Mikrotik router, but I used easy-rsa from the OpenVPN package to create the ca cert. Could you try with an easy-rsa cert just to check?

I haven't looked at this yet, but I will give it a try.

Also, you should have a server cert/private key installed on the server. I can't see that you have imported that in your config.

Why? And why isn't this mentioned in the Wiki?
Can you explain to me how I can generate these certs/keys and which should be copied where?

Like I said I've followed the Wiki and believed it should work, but the Wiki might be incomplete. For instance it does not mention much about the CA cert to be copied to the Windows client.

I don't remember exactly how I set it up now, but I can test it tonight again...

Nice! I'll hang around!

msundman · Thu Mar 05, 2009 11:21 pm

OK, now I have a working setup between a Mikrotik v3.20 and a Windows client running OpenVPN + GUI.

I used easy-rsa on my windows client todo the following (follow the readme in the easy-rsa dir):

Run init-config.bat and then edit vars.bat.

Then open a DOS prompt and run:

cd \program\openvpn\easy-rsa
vars
clean-all
build-ca
build-key-server server

The transfer server.crt and server.key to your Mikrotik

Import the key and cert on the Mikrotik:

/certificate import file-name=server.crt
/certificate import file-name=server.key

[admin@Moja-test] /certificate> print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
 0 KR name="cert1" subject=C=SE,ST=NA,O=FortFunston,CN=server,emailAddress=mail@host.domain
      issuer=C=SE,ST=NA,L=SanFrancisco,O=FortFunston,CN=CA,emailAddress=mail@host.domain serial-number="01" email=mail@host.domain
      invalid-before=mar/05/2009 20:38:30 invalid-after=mar/03/2019 20:38:30 ca=yes

Then I setup OpenVPN like:

/ip pool add name=ovpn-pool ranges=172.21.0.10-172.21.0.20
/ppp profile add local-address=172.21.0.1 name=ovpn remote-address=ovpn-pool
/ppp secret add name=mathias password=secret profile=ovpn service=ovpn
/interface ovpn-server server set default-profile=ovpn enabled=yes mode=ethernet netmask=24 require-client-certificate=no certificate=cert1

That's it

Then I copied ca.crt to my openvpn\config folder on the windows client and used the following config on the client:

dev tap
remote X.X.X.X 1194
proto tcp-client
tls-client
ca ca.crt
auth-user-pass
pull
nobind
persist-key
resolv-retry infinite
verb 3

Worked like a charm

I think the main problem is that OpenVPN requires a CA certificate to verify the peers certificate. In this setup only the Mikrotik server has cert/private key installed, so the client needs the CA cert to verify the cert presented by the server, while the client is only authenticating himself with his username/password so the server in this setup does not need any ca cert installed.

Good luck!

Bomber67 · Fri Mar 06, 2009 4:16 pm

Thanks a lot msundman, I finally got it to work by following your description!

Apparently, the OpenVPN client didn't like my CACert generated certificates.
Or maybe the catch was that server cert and key had to be installed on server and just the root cert on the client.

I wonder how anybody got this to work by strictly following the wiki? Does it need an update?

Bomber67 · Tue Mar 10, 2009 4:11 pm

Like I said, now this works like a champ.

I used the "route-up" command to add a default route to the OVPN router:

route-up "route add 0.0.0.0 192.168.1.1"

The client computer gets the following IP information:

Ethernet adapter Local Area Connection 3:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : TAP-Win32 Adapter V8
        Physical Address. . . . . . . . . : 00-FF-C9-EA-2F-BB
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.155
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.0
        Lease Obtained. . . . . . . . . . : 10. mars 2009 15:06:58
        Lease Expires . . . . . . . . . . : 10. mars 2010 15:06:58

The OVPN-interface is added to the bridge as expected:

[admin@MT] /interface bridge> pr
Flags: X - disabled, R - running 
 0  R name="bridge1" mtu=1500 arp=proxy-arp mac-address=00:00:00:00:00:00 
      protocol-mode=none priority=0x8000 auto-mac=no admin-mac=00:00:00:00:00:00 
      max-message-age=20s forward-delay=15s transmit-hold-count=6 ageing-time=5m 

[admin@MT] /interface bridge port> pr
Flags: X - disabled, I - inactive, D - dynamic 
 #    INTERFACE                  BRIDGE                 PRIORITY PATH-COST  HORIZON   
 0 I  ether2                     bridge1                0x80     10         none      
 1    ether3                     bridge1                0x80     10         none      
 2 I  ether4                     bridge1                0x80     10         none      
 3    ether5                     bridge1                0x80     10         none      
 4  D <ovpn-user>              bridge1                0x80     10         none      
[admin@MT] /interface bridge port>

The OVPN client is in the same subnet as the LAN side computers:

[admin@MT] >/ip addr pr
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         BROADCAST       INTERFACE                     
 0   192.168.1.1/24     192.168.1.0     192.168.1.255   bridge1                       
 1 D xx.xx.177.232/32  xx.xx.34.0      0.0.0.0         pppoe-out1                    
 2 D 192.168.1.200/32   192.168.1.155   0.0.0.0         <ovpn-user>                 
[admin@MT] > /ip pool pr
 # NAME                                                RANGES                         
 0 pool1                                               192.168.1.100-192.168.1.149    
 1 ovpn-pool                                           192.168.1.150-192.168.1.159    
[admin@MT] >

So far so good.

The only thing missing is the ability to access shared drives on the computers connected to the LAN side of the bridge.

I don't see anything in "My network places" and "Start->Run-> \\host\resource" doesn't bring me there either.
On the bridge I can see netbios traffic from the remote OVPN client bound for 192.168.1.255, i.e. broadcast, but nothing is returned.

Somewhere on the internet I found something about adding the host computers I want to access to the "hosts" file in Windows, but this did not make any difference.

So the question is: What does it take to be able to map a network drive in the LAN for access from the remote client computer? I can live with a \\192.168.1.x\<share>, although I'd rather be able to browse "My network places" like I can "inside" the LAN.

Tue Mar 10, 2009 4:38 pm

Use WINS server.

Bomber67 · Tue Mar 10, 2009 4:46 pm

Why and how?

I understand that WinS is used for netbios name resolution or something like that, and that would be nice, but why doesn't Start->Run-> \\<IP>\<share> work?

msundman · Wed Mar 11, 2009 5:20 am

Hmm, strange... If the bridge is working properly, you shouldn't need WINS. Your NETBIOS name resoultion broadcasts should go over the bridge and find the servers.

I havn't had time to play with Mikrotiks bridge implementation together with OpenVPN yet, but on Linux there is no problem bridging the TAP interface with a local ethernet interface, and the access the local network with a Windows OpenVPN client just like you were directly connected to the local network. Broadcast name resolution work, network browsing works, connecting to shared work etc.

So, it seems to me like there is a problem with the bridge in the Mikrotik. I havn't made friend with ROS packet sniffer yet, so if I was you, I'd probably hook up a linux PC with tcpdump or wireshark on the local network to see if your broadcasts really make it to the local network or not.

You say \\host\share doesn't work. Does \\192.168.1.X\share work? Can you access other services on the mashines on the local network?

Bomber67 · Wed Mar 11, 2009 8:57 am

I can ping the computers holding the shared drives, and both \\192.168.1.x\share and \\host\share works between computers on the LAN side.
But for some reason the Netbios packets do not pass the bridge (In Torch I can see the connections with a "bandwidth" of a few bytes per second against the bridge but nothing in return.

I have the following firewall filter rule for logging:

add action=log chain=forward comment="" disabled=no dst-port=137-139 log-prefix=NETBIOS protocol=udp

When trying to access resources on the network or browse "my network places" the log looks like this (.154 is the remote OVPN client):

07:51:34 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:34 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:34 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:35 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:35 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:35 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:35 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:36 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:36 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:37 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:37 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:37 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:37 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:38 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:38 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:39 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58 
07:51:39 firewall,info NETBIOS forward: in:bridge1 out:bridge1, src-mac 00:ff:c9:ea:2f:bb, proto UDP, 192.168.1.154:137->192.168.1.255:137, len 58

Something that must be done to the bridge?

Sorry, but starting to set up Linux boxes is beyond my capabilities, so I hope to sort this out in another way.
Nobody on the forum that uses bridged TAP interfaces on Mikrotik?

Edit: I can see that uPNP traffic is able to traverse the bridge, as an uPNP network printer on the LAN side pops up in my system tray with a yellow information box.

Bomber67 · Wed Mar 11, 2009 12:07 pm

Update:
For a test I swapped to routed OpenVPN (tun) and I'm able to ping the LAN side computers, but still no access to shared resources.
\\192.168.1.x\ causes Netbios packets with a destination of 192.168.1.255 (broadcast) to arrive at the OVPN interface but still no success in connecting to disk drives.

Sergejs / Janis / Normis, can you please help me?

Bomber67 · Thu Mar 12, 2009 12:35 pm

I thought that the OVPN interface with MTU=1500 should behave all fine in the bridge.
So what can be restricting the Netbios traffice from getting there?

Bomber67 · Tue Mar 17, 2009 11:17 am

Well, once again I fooled my self

, this firewall rule in the virus chain blocked the Netbios packets needed for Windows file sharing to work:

add action=drop chain=virus comment="Drop Messenger Worm" disabled=no \
    dst-port=135-139 protocol=udp

In my firewall I am logging the unwanted packets that reaches the end of the chains before dropping them, and I was staring at the log window without seeing any Netbios packets being dropped.
Because in the virus chain packets are dropped without being logged, I didn't see that the Netbios packets went down the drain there. If I had paid more attention to the counters in ip/firewall/filter, maybe I would have figured out earlier....

Anyway, now I can refer computers both by \\host\ and \\IP\ and it works like a champ. Thank you everybody that paid attention to this topic!

OpenVPN is a great option!

ener · Tue Dec 03, 2013 1:36 am

any updates? can anyone help give me a link on some tutorials with pics? would really appreciate it.. thanks guys

ener · Wed Dec 04, 2013 12:43 am

i am connect with my remote ovpn server how can i route or what is the route rule for this anyone? i cant ping local network..

stmx38 · Wed Dec 04, 2013 8:25 am

Addind in you client config redirect-gateway will route all outgoig traffic via OVPN Server.

Manuals:

--redirect-gateway [local] [def1]
(Experimental) Automatically execute routing commands to cause all outgoing IP traffic to be redirected over the VPN.

This option performs three steps:

(1) Create a static route for the --remote address which forwards to the pre-existing default gateway. This is done so that (3) will not create a routing loop.

(2) Delete the default gateway route.

(3) Set the new default gateway to be the VPN endpoint address (derived either from --route-gateway or the second parameter to --ifconfig when --dev tun is specified).

When the tunnel is torn down, all of the above steps are reversed so that the original default route is restored.

Add the local flag if both OpenVPN servers are directly connected via a common subnet, such as with wireless. The local flag will cause step 1 above to be omitted.

Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway.

Using the def1 flag is highly recommended, and is currently planned to become the default by OpenVPN 2.1.

ener · Thu Dec 05, 2013 2:18 pm

should the mode be IP or ethernet? i can now connect remotely but i cant connect with other workstations in Lan Network.. if i would change the pool to local dhcp pool i can ping all workstations but i cant connect with them

Win XP OpenVPN client against MT - should it be... SOLVED

Win XP OpenVPN client against MT - should it be... SOLVED

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be that hard?

Re: Win XP OpenVPN client against MT - should it be Solved

Re: Win XP OpenVPN client against MT - should it be... *SOLV

Re: Win XP OpenVPN client against MT - should it be... *SOLV

Re: Win XP OpenVPN client against MT - should it be... *SOLV

Re: Win XP OpenVPN client against MT - should it be... *SOLV

Who is online