Community discussions

MikroTik App
 
cleyesmktfr
just joined
Topic Author
Posts: 1
Joined: Fri Mar 24, 2023 5:23 pm

OpenVPN - All clients been rejected after few seconds of connect

Fri Mar 24, 2023 5:36 pm

Good morning. On our RB3011UiAS with next try outs on RouterOS 7.8 STABLE and lasts LONG TERM available 6.4x.xx.
All clients (Linux/Windows) been rejected after few second of connect and with eternal loop, connection reset and restarting connection again.

CLIENT CONFIG
------------------------
### OPTIONS ###
client
dev tun
proto tcp-client
remote xxxxyyyyzzzz.sn.mynetname.net
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
### CERT ###
ca cert_export_CA.crt
cert cert_export_USER.crt
key cert_export_USER.key
verb 4
mute 10
### CRYPTO ###
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-retry nointeract
auth-nocache

route 10.0.0.0 255.0.0.0
route 172.16.0.0 255.240.0.0
route 192.168.0.0 255.255.0.0

LOG CLIENT LINUX:
------------------------
Mar 23 20:36:33 fedora nm-openvpn[9172]: Initialization Sequence CompletedMar 23 20:36:38 fedora nm-openvpn[9172]: Connection reset, restarting [-1]Mar 23 20:36:38 fedora nm-openvpn[9172]: SIGUSR1[soft,connection-reset] received, process restarting

LOG CLIENT WIN:
------------------------
2023-03-23 20:51:46 us=312000 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-03-23 20:51:46 us=312000 Current Parameter Settings:
2023-03-23 20:51:46 us=312000 config = 'USER.ovpn'
2023-03-23 20:51:46 us=312000 mode = 0
2023-03-23 20:51:46 us=312000 show_ciphers = DISABLED
2023-03-23 20:51:46 us=312000 show_digests = DISABLED
2023-03-23 20:51:46 us=312000 show_engines = DISABLED
2023-03-23 20:51:46 us=312000 genkey = DISABLED
2023-03-23 20:51:46 us=312000 genkey_filename = '[UNDEF]'
2023-03-23 20:51:46 us=312000 key_pass_file = '[UNDEF]'
2023-03-23 20:51:46 us=312000 show_tls_ciphers = DISABLED
2023-03-23 20:51:46 us=312000 NOTE: --mute triggered...
2023-03-23 20:51:46 us=312000 294 variation(s) on previous 10 message(s) suppressed by --mute
2023-03-23 20:51:46 us=312000 OpenVPN 2.5.8 [git:none/0357ceb877687faa] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 2 2022
2023-03-23 20:51:46 us=312000 Windows version 10.0 (Windows 10 or greater) 64bit
2023-03-23 20:51:46 us=312000 library versions: OpenSSL 1.1.1s 1 Nov 2022, LZO 2.10
2023-03-23 20:51:46 us=312000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
2023-03-23 20:51:46 us=312000 Need hold release from management interface, waiting...
2023-03-23 20:51:46 us=609000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
2023-03-23 20:51:46 us=703000 MANAGEMENT: CMD 'state on'
2023-03-23 20:51:46 us=703000 MANAGEMENT: CMD 'log on all'
2023-03-23 20:51:46 us=828000 MANAGEMENT: CMD 'echo on all'
2023-03-23 20:51:46 us=843000 MANAGEMENT: CMD 'bytecount 5'
2023-03-23 20:51:46 us=843000 MANAGEMENT: CMD 'state'
2023-03-23 20:51:46 us=843000 MANAGEMENT: CMD 'hold off'
2023-03-23 20:51:46 us=859000 MANAGEMENT: CMD 'hold release'
2023-03-23 20:51:49 us=703000 MANAGEMENT: CMD 'password [...]'
2023-03-23 20:51:49 us=734000 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2023-03-23 20:51:49 us=734000 MANAGEMENT: >STATE:1679615509,RESOLVE,,,,,,
2023-03-23 20:51:50 us=31000 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2023-03-23 20:51:50 us=31000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2023-03-23 20:51:50 us=31000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2023-03-23 20:51:50 us=31000 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:51:50 us=31000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-03-23 20:51:50 us=31000 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
2023-03-23 20:51:50 us=31000 MANAGEMENT: >STATE:1679615510,TCP_CONNECT,,,,,,
2023-03-23 20:51:50 us=78000 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:51:50 us=78000 TCP_CLIENT link local: (not bound)
2023-03-23 20:51:50 us=78000 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:51:50 us=78000 MANAGEMENT: >STATE:1679615510,WAIT,,,,,,
2023-03-23 20:51:50 us=125000 MANAGEMENT: >STATE:1679615510,AUTH,,,,,,
2023-03-23 20:51:50 us=125000 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=2853bcae 00b774f2
2023-03-23 20:51:50 us=296000 VERIFY OK: depth=1, CN=CA
2023-03-23 20:51:50 us=296000 VERIFY KU OK
2023-03-23 20:51:50 us=296000 Validating certificate extended key usage
2023-03-23 20:51:50 us=296000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-03-23 20:51:50 us=296000 VERIFY EKU OK
2023-03-23 20:51:50 us=296000 VERIFY OK: depth=0, CN=SERVER
2023-03-23 20:51:50 us=796000 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-03-23 20:51:50 us=796000 [SERVER] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:51:51 us=953000 MANAGEMENT: >STATE:1679615511,GET_CONFIG,,,,,,
2023-03-23 20:51:51 us=953000 SENT CONTROL [SERVER]: 'PUSH_REQUEST' (status=1)
2023-03-23 20:51:56 us=171000 SENT CONTROL [SERVER]: 'PUSH_REQUEST' (status=1)
2023-03-23 20:52:01 us=390000 SENT CONTROL [SERVER]: 'PUSH_REQUEST' (status=1)
2023-03-23 20:52:01 us=687000 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.110.0.10,dhcp-option DNS 10.110.0.11,ping 20,ping-restart 60,topology subnet,route-gateway 10.110.1.1,ifconfig 10.110.1.174 255.255.255.0'
2023-03-23 20:52:01 us=687000 OPTIONS IMPORT: timers and/or timeouts modified
2023-03-23 20:52:01 us=687000 OPTIONS IMPORT: --ifconfig/up options modified
2023-03-23 20:52:01 us=687000 OPTIONS IMPORT: route-related options modified
2023-03-23 20:52:01 us=687000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-23 20:52:01 us=687000 Using peer cipher 'AES-256-CBC'
2023-03-23 20:52:01 us=687000 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-03-23 20:52:01 us=687000 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-23 20:52:01 us=687000 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-03-23 20:52:01 us=687000 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-23 20:52:01 us=687000 interactive service msg_channel=464
2023-03-23 20:52:01 us=687000 open_tun
2023-03-23 20:52:01 us=703000 tap-windows6 device [OpenVPN TAP-Windows6] opened
2023-03-23 20:52:01 us=703000 TAP-Windows Driver Version 9.24
2023-03-23 20:52:01 us=703000 TAP-Windows MTU=1500
2023-03-23 20:52:01 us=718000 Set TAP-Windows TUN subnet mode network/local/netmask = 10.110.1.0/10.110.1.174/255.255.255.0 [SUCCEEDED]
2023-03-23 20:52:01 us=718000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.110.1.174/255.255.255.0 on interface {257B1742-95F0-450D-B7C9-BC24D7D06BCD} [DHCP-serv: 10.110.1.0, lease-time: 31536000]
2023-03-23 20:52:01 us=718000 DHCP option string: 06080a6e 000a0a6e 000b
2023-03-23 20:52:01 us=718000 Successful ARP Flush on interface [5] {257B1742-95F0-450D-B7C9-BC24D7D06BCD}
2023-03-23 20:52:01 us=718000 do_ifconfig, ipv4=1, ipv6=0
2023-03-23 20:52:01 us=718000 MANAGEMENT: >STATE:1679615521,ASSIGN_IP,,10.110.1.174,,,,
2023-03-23 20:52:01 us=718000 IPv4 MTU set to 1500 on interface 5 using service
2023-03-23 20:52:06 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
2023-03-23 20:52:06 MANAGEMENT: >STATE:1679615526,ADD_ROUTES,,,,,,
2023-03-23 20:52:06 C:\Windows\system32\route.exe ADD 10.0.0.0 MASK 255.0.0.0 10.110.1.1
2023-03-23 20:52:06 Route addition via service succeeded
2023-03-23 20:52:06 C:\Windows\system32\route.exe ADD 172.16.0.0 MASK 255.240.0.0 10.110.1.1
2023-03-23 20:52:06 us=15000 Route addition via service succeeded
2023-03-23 20:52:06 us=15000 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.0.0 10.110.1.1
2023-03-23 20:52:06 us=15000 Route addition via service succeeded
2023-03-23 20:52:06 us=15000 Initialization Sequence Completed
2023-03-23 20:52:06 us=15000 MANAGEMENT: >STATE:1679615526,CONNECTED,SUCCESS,10.110.1.174,xxx.xxx.xxx.xxx:1194,192.168.0.10,49847
2023-03-23 20:53:11 us=890000 Connection reset, restarting [-1]
2023-03-23 20:53:11 us=890000 TCP/UDP: Closing socket
2023-03-23 20:53:11 us=890000 SIGUSR1[soft,connection-reset] received, process restarting
2023-03-23 20:53:11 us=890000 MANAGEMENT: >STATE:1679615591,RECONNECTING,connection-reset,,,,,
2023-03-23 20:53:11 us=890000 Restart pause, 5 second(s)
2023-03-23 20:53:16 us=921000 Re-using SSL/TLS context
2023-03-23 20:53:16 us=921000 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2023-03-23 20:53:16 us=921000 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2023-03-23 20:53:16 us=921000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2023-03-23 20:53:16 us=921000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2023-03-23 20:53:16 us=921000 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:53:16 us=921000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2023-03-23 20:53:16 us=921000 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
2023-03-23 20:53:16 us=921000 MANAGEMENT: >STATE:1679615596,TCP_CONNECT,,,,,,
2023-03-23 20:53:16 us=968000 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:53:16 us=968000 TCP_CLIENT link local: (not bound)
2023-03-23 20:53:16 us=968000 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:53:16 us=968000 MANAGEMENT: >STATE:1679615596,WAIT,,,,,,
2023-03-23 20:53:17 us=15000 MANAGEMENT: >STATE:1679615597,AUTH,,,,,,
2023-03-23 20:53:17 us=15000 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx:1194, sid=b822f7f6 de78ad6e
2023-03-23 20:53:17 us=203000 VERIFY OK: depth=1, CN=CA
2023-03-23 20:53:17 us=203000 VERIFY KU OK
2023-03-23 20:53:17 us=203000 Validating certificate extended key usage
2023-03-23 20:53:17 us=203000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-03-23 20:53:17 us=203000 VERIFY EKU OK
2023-03-23 20:53:17 us=203000 VERIFY OK: depth=0, CN=SERVER
2023-03-23 20:53:17 us=562000 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-03-23 20:53:17 us=562000 [SERVER] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
2023-03-23 20:53:19 us=46000 MANAGEMENT: >STATE:1679615599,GET_CONFIG,,,,,,
2023-03-23 20:53:19 us=46000 SENT CONTROL [SERVER]: 'PUSH_REQUEST' (status=1)
2023-03-23 20:53:24 us=125000 SENT CONTROL [SERVER]: 'PUSH_REQUEST' (status=1)
2023-03-23 20:53:29 us=218000 SENT CONTROL [SERVER]: 'PUSH_REQUEST' (status=1)
2023-03-23 20:53:29 us=453000 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.110.0.10,dhcp-option DNS 10.110.0.11,ping 20,ping-restart 60,topology subnet,route-gateway 10.110.1.1,ifconfig 10.110.1.169 255.255.255.0'
2023-03-23 20:53:29 us=453000 OPTIONS IMPORT: timers and/or timeouts modified
2023-03-23 20:53:29 us=453000 OPTIONS IMPORT: --ifconfig/up options modified
2023-03-23 20:53:29 us=453000 OPTIONS IMPORT: route-related options modified
2023-03-23 20:53:29 us=453000 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-03-23 20:53:29 us=453000 Using peer cipher 'AES-256-CBC'
2023-03-23 20:53:29 us=453000 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-03-23 20:53:29 us=453000 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-23 20:53:29 us=453000 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2023-03-23 20:53:29 us=453000 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
2023-03-23 20:53:29 us=453000 Preserving previous TUN/TAP instance: OpenVPN TAP-Windows6
2023-03-23 20:53:29 us=453000 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
2023-03-23 20:53:29 us=453000 C:\Windows\system32\route.exe DELETE 10.0.0.0 MASK 255.0.0.0 10.110.1.1
2023-03-23 20:53:29 us=468000 Route deletion via service succeeded
2023-03-23 20:53:29 us=468000 C:\Windows\system32\route.exe DELETE 172.16.0.0 MASK 255.240.0.0 10.110.1.1
2023-03-23 20:53:29 us=484000 Route deletion via service succeeded
2023-03-23 20:53:29 us=484000 C:\Windows\system32\route.exe DELETE 192.168.0.0 MASK 255.255.0.0 10.110.1.1
2023-03-23 20:53:29 us=484000 Route deletion via service succeeded
2023-03-23 20:53:29 us=484000 Closing TUN/TAP interface
2023-03-23 20:53:29 us=687000 TAP: DHCP address released
2023-03-23 20:53:30 us=718000 interactive service msg_channel=464
2023-03-23 20:53:30 us=718000 open_tun
2023-03-23 20:53:30 us=734000 tap-windows6 device [OpenVPN TAP-Windows6] opened
2023-03-23 20:53:30 us=765000 TAP-Windows Driver Version 9.24
2023-03-23 20:53:30 us=765000 TAP-Windows MTU=1500
2023-03-23 20:53:30 us=765000 Set TAP-Windows TUN subnet mode network/local/netmask = 10.110.1.0/10.110.1.169/255.255.255.0 [SUCCEEDED]
2023-03-23 20:53:30 us=765000 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.110.1.169/255.255.255.0 on interface {257B1742-95F0-450D-B7C9-BC24D7D06BCD} [DHCP-serv: 10.110.1.0, lease-time: 31536000]
2023-03-23 20:53:30 us=765000 DHCP option string: 06080a6e 000a0a6e 000b
2023-03-23 20:53:30 us=781000 Successful ARP Flush on interface [5] {257B1742-95F0-450D-B7C9-BC24D7D06BCD}
2023-03-23 20:53:30 us=890000 do_ifconfig, ipv4=1, ipv6=0
2023-03-23 20:53:30 us=890000 MANAGEMENT: >STATE:1679615610,ASSIGN_IP,,10.110.1.169,,,,
2023-03-23 20:53:30 us=890000 IPv4 MTU set to 1500 on interface 5 using service
2023-03-23 20:53:35 us=15000 TEST ROUTES: 3/3 succeeded len=3 ret=1 a=0 u/d=up
2023-03-23 20:53:35 us=15000 MANAGEMENT: >STATE:1679615615,ADD_ROUTES,,,,,,
2023-03-23 20:53:35 us=15000 C:\Windows\system32\route.exe ADD 10.0.0.0 MASK 255.0.0.0 10.110.1.1
2023-03-23 20:53:35 us=15000 Route addition via service succeeded
2023-03-23 20:53:35 us=15000 C:\Windows\system32\route.exe ADD 172.16.0.0 MASK 255.240.0.0 10.110.1.1
2023-03-23 20:53:35 us=15000 Route addition via service succeeded
2023-03-23 20:53:35 us=15000 C:\Windows\system32\route.exe ADD 192.168.0.0 MASK 255.255.0.0 10.110.1.1
2023-03-23 20:53:35 us=31000 Route addition via service succeeded
2023-03-23 20:53:35 us=31000 Initialization Sequence Completed
2023-03-23 20:53:35 us=31000 MANAGEMENT: >STATE:1679615615,CONNECTED,SUCCESS,10.110.1.169,xxx.xxx.xxx.xxx,1194,192.168.0.10,49863
 
araadzandi
just joined
Posts: 1
Joined: Sat May 06, 2023 7:45 pm

Re: OpenVPN - All clients been rejected after few seconds of connect

Sun May 07, 2023 12:14 pm

noting happened

Sun May 07 13:07:35 2023 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Sun May 07 13:07:35 2023 Windows version 6.2 (Windows 8 or greater) 64bit
Sun May 07 13:07:35 2023 library versions: OpenSSL 1.0.2i 22 Sep 2016, LZO 2.09
Sun May 07 13:07:35 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun May 07 13:07:35 2023 Need hold release from management interface, waiting...
Sun May 07 13:07:35 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sun May 07 13:07:35 2023 MANAGEMENT: CMD 'state on'
Sun May 07 13:07:35 2023 MANAGEMENT: CMD 'log all on'
Sun May 07 13:07:35 2023 MANAGEMENT: CMD 'hold off'
Sun May 07 13:07:35 2023 MANAGEMENT: CMD 'hold release'
Sun May 07 13:07:37 2023 MANAGEMENT: CMD 'username "Auth" "ida"'
Sun May 07 13:07:37 2023 MANAGEMENT: CMD 'password [...]'
Sun May 07 13:07:37 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]***.***.***.***:1149
Sun May 07 13:07:37 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun May 07 13:07:37 2023 Attempting to establish TCP connection with [AF_INET]***.***.***.***:1149 [nonblock]
Sun May 07 13:07:37 2023 MANAGEMENT: >STATE:1683450457,TCP_CONNECT,,,,,,
Sun May 07 13:07:38 2023 TCP connection established with [AF_INET]***.***.***.***:1149
Sun May 07 13:07:38 2023 TCP_CLIENT link local: (not bound)
Sun May 07 13:07:38 2023 TCP_CLIENT link remote: [AF_INET]***.***.***.***:1149
Sun May 07 13:07:38 2023 MANAGEMENT: >STATE:1683450458,WAIT,,,,,,
Sun May 07 13:07:38 2023 MANAGEMENT: >STATE:1683450458,AUTH,,,,,,
Sun May 07 13:07:38 2023 TLS: Initial packet from [AF_INET]***.***.***.***:1149, sid=f15cbbc9 25066a1

Who is online

Users browsing this forum: No registered users and 19 guests