Page 1 of 1

OpenVPN Access Server and Mikrotik ovpn client

Posted: Wed Jun 05, 2013 8:07 pm
by ytuxedo002
Guys,

I'm having a hell of a time trying to get this to work.

I have an Openvpn AS server up and running. I am able to connect to it with the openvpn client without issue on a windows pc.

I have exported the user certificates using this guide http://docs.openvpn.net/administration- ... or-a-user/
and uploaded/import to our Mikrotik.

I have configured the ovpn-client interface as

Flags: X - disabled, R - running
0 name="ovpn-out1" mac-address=02:20:24:D4:0C:8C max-mtu=1500
connect-to=xx.xx.xx.xx.xx port=443 mode=ip user="test" password="test"
profile=default certificate=cert2 auth=sha1 cipher=blowfish128
add-default-route=no

In the logs i just see it dialing, terminating then disconnecting. over and over.

Any help to get this working would be greatly appreciated.

Thank you

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Wed Jun 05, 2013 11:36 pm
by ytuxedo002
Nobody?

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Thu Jun 06, 2013 5:39 am
by ytuxedo002
Bump.

Sorry guys, i have no where else to turn.

Thanks

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Thu Jun 06, 2013 6:13 am
by Swordforthelord
The server logs should provide more detail as to why this is happening. Keep in mind that Mikrotik, inexplicably, still does not support OpenVPN over UDP; you have to use TCP.

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Thu Jun 06, 2013 7:04 pm
by ytuxedo002
The server logs should provide more detail as to why this is happening. Keep in mind that Mikrotik, inexplicably, still does not support OpenVPN over UDP; you have to use TCP.

Thanks. Same thing happens with TCP though. When you say logs, are you speaking of /logs? Because this doesn't tell me anything, only that it's disconnecting/terminating.

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Thu Jun 06, 2013 7:17 pm
by Swordforthelord
You have the OpenVPN server and client and both have logs. It sounds like you're only looking at the Mikrotik logs; do you have access to the server logs?

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Fri Jun 07, 2013 7:52 am
by ytuxedo002
You have the OpenVPN server and client and both have logs. It sounds like you're only looking at the Mikrotik logs; do you have access to the server logs?
Yes i do sorry. the logs don't even show the mikrotik hitting the server.

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Fri Jun 07, 2013 3:30 pm
by Swordforthelord
I would have to assume that the server is configured to use UDP, which Mikrotik does not support. You need to change it to TCP on the server side to even have a chance.

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Sat Sep 07, 2013 3:46 pm
by JetP1L0t
same problem :( Using OpenVPN AS 1.8.5, disabled UDP, other non-mikrotik clients works, but mikrotik - dialing & terminating

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Mon Oct 21, 2013 10:52 pm
by psypher246
HI All,

I suspect this is due to the mikrotik not supporting TLS AUTH. I get these errors on my openvpn server side:
2013-10-16 18:50:02+0000 [-] OVPN 0 OUT: 'Wed Oct 16 18:50:02 2013 196.209.220.252:46314 TLS: Initial packet from XXX.XXX.XXX.XXX:46314, sid=d7f8699d bdbac78b'
2013-10-16 18:50:02+0000 [-] OVPN 0 OUT: 'Wed Oct 16 18:50:02 2013 196.209.220.252:46314 TLS Error: cannot locate HMAC in incoming packet from 196.209.220.252:46314'
2013-10-16 18:50:02+0000 [-] OVPN 0 OUT: 'Wed Oct 16 18:50:02 2013 196.209.220.252:46314 Fatal TLS error (check_tls_errors_co), restarting'
2013-10-16 18:50:02+0000 [-] OVPN 0 OUT: 'Wed Oct 16 18:50:02 2013 196.209.220.252:46314 SIGUSR1[soft,tls-error] received, client-instance restarting'
2013-10-16 18:50:12+0000 [-] OVPN 0 OUT: 'Wed Oct 16 18:50:12 2013 TCP connection established with XXX.XXX.XXX.XXX:46315'

Upon investigation I found that Access Server uses TLS AUTH and Mikrotik does not support it.

+1 for Full OpenVPN Support: UDP, COMP-LZO and TLS AUTH

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Sun Oct 27, 2013 6:00 pm
by hpeyrovi
Has anyone found a solution to this problem? I have the same issue.
Openvpn server is set to UDP and still cant connect.
is there anyway to disable TLS AUTH on the server if that is the issue?

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Sat Dec 21, 2013 2:55 pm
by Steanly
Does it have a solution?

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Wed Dec 25, 2013 1:50 am
by supportingit
Only viable solution I have come across is to use http://www.ubnt.com/edgemax#edge-router-lite

They support full openvpn

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Sat Jan 04, 2014 9:43 pm
by drdotti
+1 for Full OpenVPN Support

Re: OpenVPN Access Server and Mikrotik ovpn client

Posted: Sun Jan 05, 2014 12:29 pm
by nerdtron
Onn the openVPN server config file, you should have a line there for disabling TLS, Also, don't use compression and use TCP for connection.