Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

OpenVPN has been set up, but getting connection refused

Post Reply
 
mainarx
just joined
Topic Author
Posts: 1
Joined: Fri Oct 29, 2021 11:53 am

OpenVPN has been set up, but getting connection refused

Fri Oct 29, 2021 12:08 pm

Hello. I've set up OpenVPN server on the hEX PoE, but no matter what I try I cannot get through the "connection refused" error.
Code: Select all
/interface ovpn-server server
set auth=sha1 certificate=server cipher=aes256 enabled=yes require-client-certificate=yes
PPP config is in default state, except for added user:
Code: Select all
/ppp secret
add local-address=192.168.88.1 name=user1 password=password1 service=ovpn
Firewall:
Code: Select all
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf:  drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
And I cannot capture any of the OVPN logs at all.
Code: Select all
/system logging
add prefix=debug topics=ovpn
I tried adding an explicit allow firewall rule on src port 1194, but I wasn't getting any traffic at that filter.

Not leaving openvpn client config here as it's pretty standard, but the things is that I cannot even `telnet` to 1194, always getting a drop.

This drives me nuts. This just gotta be obvious but I don't get it, and what's worse, I have no clue why I'm not seeing any logs. Any guidance will be greatly appreciated!
Top
 
netvisionip
just joined
Posts: 21
Joined: Sun Aug 03, 2014 8:03 pm

Re: OpenVPN has been set up, but getting connection refused

Wed Nov 17, 2021 9:16 pm

This is my working config for clients to connect. Just ensure Open VPN server is enabled and the correct certificate for the server has been selected. No firewall rules required to allow it to authenticate and connect.

/certificate
add name=ca-template common-name=remote.yourdomainname.com days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
add name=server-template common-name=remote.yourdomainname.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
add name=client-template common-name=client.yourdomainname.com days-valid=3650 key-size=2048 key-usage=tls-client

/certificate
sign ca-template name=ca-certificate
sign server-template name=server-certificate ca=ca-certificate
sign client-template name=client-certificate ca=ca-certificate

export-certificate ca-certificate export-passphrase=""
export-certificate client-certificate export-passphrase=YourSecretPass

/ip
pool add name="OpenVPN-pool" ranges=10.1.1.1-10.1.1.200

/ppp
profile add name="OpenVPN-profile" use-encryption=yes local-address=10.1.1.254 dns-server=10.1.1.254 remote-address=OpenVPN-pool
secret add name=your.username profile=OpenVPN-profile password=your.password
Top
Post Reply

Who is online

Users browsing this forum: anav and 64 guests
  4. RouterOS
  5. Beginner Basics