I tried to setup OpenVPN to be used with Android devices. Followed these instructions: https://www.micu.eu/ovpn-server/ and setup was without any trouble.
For performance reasons (the connection should be used for streaming) I wanted to change that to UDP, so I adopted the .ovpn file as well as the router configuration and also the firewall. Connection to the server can be made, but the connection seems to "hang" during the exchange of the PPP credentials. I activated logging and this is what is in the log:
Code: Select all
aug/02 16:48:24 ovpn,info connection established from XX.XX.XX.XX, port: 60647
aug/02 16:48:24 ovpn,debug,packet sent P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=f0c959874d751b67 pid=0 DATA len=0
aug/02 16:48:24 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=977244a0d116f53d pid=0 DATA len=0
aug/02 16:48:24 ovpn,debug,packet sent P_ACK kid=0 sid=f0c959874d751b67 [0 sid=977244a0d116f53d] DATA len=0
aug/02 16:48:25 ovpn,debug,packet rcvd P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=977244a0d116f53d [0 sid=f0c959874d751b67] pid=0 DATA len=0
aug/02 16:48:25 ovpn,debug,packet sent P_ACK kid=0 sid=f0c959874d751b67 [0 sid=977244a0d116f53d] DATA len=0
aug/02 16:48:25 ovpn,debug,packet rcvd P_CONTROL kid=0 sid=977244a0d116f53d pid=1 DATA len=277
aug/02 16:48:25 ovpn,debug,packet sent P_ACK kid=0 sid=f0c959874d751b67 [1 sid=977244a0d116f53d] DATA len=0
aug/02 16:48:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=1 DATA len=1400
aug/02 16:48:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=2 DATA len=1400
aug/02 16:48:27 ovpn,debug,packet sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=3 DATA len=829
aug/02 16:48:28 ovpn,debug,packet rcvd P_ACK kid=0 sid=977244a0d116f53d [3 sid=f0c959874d751b67] DATA len=0
aug/02 16:48:28 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=1 DATA len=1400
aug/02 16:48:28 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=2 DATA len=1400
aug/02 16:48:29 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0c959874d751b67 pid=1 DATA len=1400
this last line is repeated until the connection is timing out after 60 seconds.
Is looks like all packets with len=1400 get lost (this is also what I see with Wireshark on my machine).
I thought it is an MTU problem, so I tried to change the max-mtu but this does not seem to have any effect on the packet length. If I set max-mtu to 1200 or even lower n /interface/ovpn-server/server/, these DATA len=1400 packets are still in the log and the connection is not being established.
Here are is a snapshots of my config (without the certificate part, as TCP works, this shouldn't be an issue):
Code: Select all
/ip/pool/add name=ovpn ranges=10.253.1.10-10.253.1.254
/ip/dhcp-server/network/add address=10.253.1.0/24 comment=ovpn dns-server=9.9.9.9 gateway=192.168.1.1
/ppp/profile/add bridge=bridge dns-server=9.9.9.9 local-address=ovpn name=ovpn_vpn remote-address=ovpn use-compression=no use-encryption=required
/interface/ovpn-server/server/set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn_vpn enabled=yes require-client-certificate=yes set protocol=udp
/ppp/secret/add name=XX password=XX profile=ovpn_vpn service=ovpn
/ip/firewall/filter/add action=accept chain=input comment=OpenVPN dst-port=1194 protocol=udp
My .ovpn file begins like this:
Code: Select all
client
dev tun
remote XXX 1194 udp
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
cipher AES-256-CBC
auth SHA1
auth-user-pass
auth-nocache
redirect-gateway def1
Already tried to add mssfix but this doesn't seem to have any effect.
Already googled for some time, but without any further result. Hope someone here has an idea.
Thanks!