Community discussions

MikroTik App
 
dimm0k
newbie
Topic Author
Posts: 27
Joined: Wed Feb 24, 2016 5:27 pm

openvpn set up, but unable to connect

Thu Feb 02, 2023 9:32 pm

I followed the guide here https://www.medo64.com/2016/12/simple-o ... -mikrotik/ to get openvpn set up on my mikrotik, along with a usable config file for the devices I would like to connect with, but getting a showstopper on both a Windows 10 laptop and my Android phone. any suggestions on how to fix this, as it looks to be the same issue on both devices.
[Feb 2, 2023, 14:07:22] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Mar 17 2022 11:42:02
⏎[Feb 2, 2023, 14:07:22] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Feb 2, 2023, 14:07:22] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [tls-client]
10 [verb] [4]
11 [mute] [10]
12 [data-ciphers] [AES-256-CBC]
15 [auth-nocache]
⏎[Feb 2, 2023, 14:07:22] EVENT: RESOLVE ⏎[Feb 2, 2023, 14:07:22] EVENT: WAIT ⏎[Feb 2, 2023, 14:07:22] WinCommandAgent: transmitting bypass route to [internet address]
{
	"host" : "[internet address]",
	"ipv6" : false
}

⏎[Feb 2, 2023, 14:07:23] Connecting to [internet address]:1194 ([internet address]) via TCPv4
⏎[Feb 2, 2023, 14:07:23] EVENT: CONNECTING ⏎[Feb 2, 2023, 14:07:23] Tunnel Options:V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Feb 2, 2023, 14:07:23] Creds: Username/Password
⏎[Feb 2, 2023, 14:07:23] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Feb 2, 2023, 14:07:23] Transport Error: Transport error on 'internet address: NETWORK_EOF_ERROR
⏎[Feb 2, 2023, 14:07:23] EVENT: TRANSPORT_ERROR Transport error on 'internet address: NETWORK_EOF_ERROR⏎[Feb 2, 2023, 14:07:23] Client terminated, restarting in 5000 ms...
⏎[Feb 2, 2023, 14:07:28] EVENT: RECONNECTING ⏎[Feb 2, 2023, 14:07:28] EVENT: RESOLVE ⏎[Feb 2, 2023, 14:07:28] EVENT: WAIT ⏎[Feb 2, 2023, 14:07:28] WinCommandAgent: transmitting bypass route to [internet address in ipv6]
{
	"host" : "[internet address in ipv6]",
	"ipv6" : true
}

⏎[Feb 2, 2023, 14:07:28] Transport Error: socket_protect error (TCPv4)
⏎[Feb 2, 2023, 14:07:28] Client terminated, restarting in 2000 ms...
⏎[Feb 2, 2023, 14:07:30] EVENT: RECONNECTING ⏎[Feb 2, 2023, 14:07:30] EVENT: RESOLVE ⏎[Feb 2, 2023, 14:07:30] EVENT: WAIT ⏎[Feb 2, 2023, 14:07:30] WinCommandAgent: transmitting bypass route to [internet address]
{
	"host" : "[internet address]",
	"ipv6" : false
}
the config I'm using is a unified one that incorporates the certificates generated from the mikrotik as follows
client
dev tun
proto tcp
remote internetaddress 1194
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
mute 10
data-ciphers AES-256-CBC
auth SHA1
auth-user-pass
auth-nocache
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----

gibberish

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

gibberish

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----

gibberish

-----END ENCRYPTED PRIVATE KEY-----
</key>
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: openvpn set up, but unable to connect

Thu Feb 02, 2023 9:57 pm

My suggestion try wireguard instead.
 
dimm0k
newbie
Topic Author
Posts: 27
Joined: Wed Feb 24, 2016 5:27 pm

Re: openvpn set up, but unable to connect

Thu Feb 02, 2023 10:14 pm

My suggestion try wireguard instead.
what's the reason?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: openvpn set up, but unable to connect

Thu Feb 02, 2023 10:54 pm

Easier, implementation is fully supported in MT, and faster.
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: openvpn set up, but unable to connect

Sat Feb 04, 2023 8:59 pm

I'm guessing something is not correctly set in gibberish sections.
I have similar configuration except certificates and key are loaded from files, working just fine.
client
dev tun
proto tcp
remote <HOST> <PORT>

resolv-retry infinite
nobind

persist-key
persist-tun

cipher AES-256-CBC

auth SHA1

auth-user-pass
auth-nocache

ca network_ca.crt
cert network_o_client.crt
key network_o_client.key

redirect-gateway def1
dhcp-option DOMAIN lan

 
Selin
just joined
Posts: 2
Joined: Tue Feb 07, 2023 11:10 am

Re: openvpn set up, but unable to connect

Tue Feb 07, 2023 11:28 am

I have similar configuration except certificates and key are loaded from files, working just fine.
Hi
Could you tell, please, what versions of the OpenVPN and Router OS you are using?
Thanks
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: openvpn set up, but unable to connect

Tue Feb 07, 2023 7:45 pm

OpenVPN server: from ROS version 7.4 up to current stable 7.7.
Client on MacOS: Tunnelblick latest version - 3.8.7a, it's a wrapper application for OpenVPN with several embedded versions, using v2.5.4
Client on iOS and Android: OpenVPN Connect latest version from appstore/play

All clients are able to connect, each client has different user/OVPN Server Binding interface and secret related to same ppp profile.
 
Selin
just joined
Posts: 2
Joined: Tue Feb 07, 2023 11:10 am

Re: openvpn set up, but unable to connect

Mon Feb 13, 2023 10:33 pm

Just to share my experience - after upgrading OpenVPN to 2.6 on my server, I had to add the following line to the ovpn config:
data-ciphers AES-256-CBC
to let my old Mikrotiks (6.x) to connect to that upgraded server.

Who is online

Users browsing this forum: ccrsxx, johnson73, Qalderu, rplant and 86 guests