Community discussions

MikroTik App
 
yaig
just joined
Topic Author
Posts: 2
Joined: Tue Feb 07, 2023 9:47 pm

New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Tue Feb 07, 2023 9:52 pm

OpenVPN client version 2.5.8 successfully connected, after updateing client to 2.6,
it cannot connect.

config on client:
client
dev tap
proto tcp-client
remote ********** 11948
resolv-retry infinite
nobind
persist-key
tls-client
ca *****.crt
cert ******.crt
key ******.key
verb 3
data-ciphers AES-256-CBC
auth-user-pass

Mikrotik router version: 7.7.
According to routers log:
unknown cipher alg or key size

What is the correct config file on the client?
 
nellson
newbie
Posts: 27
Joined: Wed Nov 06, 2019 9:10 am

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Thu Feb 09, 2023 11:53 am

I can confirm this, we have the same issue with the 2.6 openvpn clients. I will post here, if I find a solution.
 
aoakeley
Member Candidate
Member Candidate
Posts: 171
Joined: Mon May 21, 2012 11:45 am

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Sun Feb 12, 2023 12:54 pm

I can confirm this, we have the same issue with the 2.6 openvpn clients. I will post here, if I find a solution.
Can also confirm this.
I have tried a few options to resolve it, but other than to use an earlier version of the OpenVPN Client I can't see a solution right now.
Have either of you created a ticket? if it is important to you I suggest you bring it to the attention if the development team by creating a ticket with Mikrotik.
 
User avatar
ivn
just joined
Posts: 14
Joined: Sun Mar 11, 2018 3:37 pm

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server  [SOLVED]

Sun Feb 12, 2023 10:24 pm

Try to add
data-ciphers-fallback AES-256-CBC
to your client config.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Sun Feb 12, 2023 10:27 pm

use wireguard and join the 21st century/Third Millenium/Decade of 2020-2030.
 
aoakeley
Member Candidate
Member Candidate
Posts: 171
Joined: Mon May 21, 2012 11:45 am

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Mon Feb 13, 2023 3:42 am

Try to add
data-ciphers-fallback AES-256-CBC
to your client config.
Well bugger me... I am sure I tested that yesterday and it did not work.
But tested again now with 2.6 and it worked fine.

Thanks

Andrew
 
yaig
just joined
Topic Author
Posts: 2
Joined: Tue Feb 07, 2023 9:47 pm

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Wed Feb 15, 2023 10:28 am

Try to add
data-ciphers-fallback AES-256-CBC
to your client config.
Thanks for the great tip! It works with this setting!
 
certinet
just joined
Posts: 1
Joined: Fri Feb 24, 2023 6:39 pm

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Fri Feb 24, 2023 6:45 pm

In fact, in OpenVPN 2.6, CBC is deprecated. We need to change this but does Mikrotik support another one?
 
Nikolyo
just joined
Posts: 1
Joined: Wed Mar 15, 2023 6:19 pm

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Wed Mar 15, 2023 6:23 pm

I had the same problem in the following setup:
Server: Mikrotik Open VPN server (RouterOS 6.49.7)
Clienti: Windows OpenVPN 2.6.1

In the Mikrotik:
OpenVPN Server config disable the Auth = SHA1 algorithms (nothing shoud be selected for a Auth)
In the Open VPN Client:
#cipher AES-256-CBC
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
#auth SHA1

Unfortunately all of the clients have to be upgraded to OpenVPN 2.6.1
I could get it to run simultaneously for Open VPN client 2.5 and 2.6

BR :)
 
likedi
just joined
Posts: 1
Joined: Sat Mar 25, 2023 5:00 pm

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Sat Mar 25, 2023 5:01 pm

I had the same problem in the following setup:
Server: Mikrotik Open VPN server (RouterOS 6.49.7)
Clienti: Windows OpenVPN 2.6.1

In the Mikrotik:
OpenVPN Server config disable the Auth = SHA1 algorithms (nothing shoud be selected for a Auth)
In the Open VPN Client:
#cipher AES-256-CBC
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
#auth SHA1

Unfortunately all of the clients have to be upgraded to OpenVPN 2.6.1
I could get it to run simultaneously for Open VPN client 2.5 and 2.6

BR :)
THIS is the answer. Thanks!
 
zvekyf
just joined
Posts: 21
Joined: Thu Sep 29, 2016 1:29 am

Re: New OpenVPN community client (version 2.6) cannot connect to Mikrotik OpenVPN server

Thu Mar 30, 2023 10:04 pm

Server: Mikrotik Open VPN server (RouterOS 7.8 )
Clienti: Windows OpenVPN 2.6.2

If I set next it still connect with AES-256-CBC and without auth part I get error [unsupported auth digest]
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
auth SHA512

But if I set next connection is working.
cipher AES-256-GCM
disable-dco

Looks like data-ciphers parameter is ignored or something.

Who is online

Users browsing this forum: maciejl and 78 guests