Community discussions

MikroTik App
 
shadowhawk3000
just joined
Topic Author
Posts: 4
Joined: Tue Apr 19, 2022 11:40 pm

openvpn routeros version 6.49.5 keeps reconnecting

Wed Apr 20, 2022 12:09 am

I have a RB750Gr3 with 6.49.5.
I am testing the router to replace the pfsense of my office, and to do that I need a vpn.
I followed this guide:

https://www.medo64.com/2016/12/simple-o ... -mikrotik/

I got the vpn working, I got ping however the vpn keeps disconnecting and reconnecting

this is the log from the routerboard:

15:52:31 ovpn,info TCP connection established from 192.168.1.111
15:52:31 ovpn,debug,error,65320,43040,60940,60064,22284,17212,59728,60936,l2tp,info,60940,debug,update,65535,critical,34624,62096,21392,16704,17288,24008,43040,4043,16612,17212,43040,17212,warning duplicate packet, dropping
15:52:32 ovpn,info : using encoding - AES-128-CBC/SHA1
15:52:32 ovpn,info,account clave logged in, 192.168.8.42 from 192.168.1.111
15:52:32 ovpn,info <ovpn-clave>: connected
15:53:12 ovpn,info <ovpn-clave-1>: terminating... - nothing received for a while
15:53:12 ovpn,info,account clave logged out, 102 20974 23986 188 93 from 192.168.1.111
15:53:12 ovpn,info <ovpn-clave-1>: disconnected
15:53:32 ovpn,info TCP connection established from 192.168.1.111
15:53:32 ovpn,debug,error,65320,43040,60940,60064,22284,17212,59728,60936,l2tp,info,60940,debug,update,65535,critical,34624,62096,21392,16704,17288,24008,43040,4043,16612,17212,43040,17212,warning duplicate packet, dropping
15:53:33 ovpn,info : using encoding - AES-128-CBC/SHA1
15:53:33 ovpn,info,account clave logged in, 192.168.8.43 from 192.168.1.111
15:53:33 ovpn,info <ovpn-clave-1>: connected
15:54:13 ovpn,info <ovpn-clave>: terminating... - nothing received for a while
15:54:13 ovpn,info,account clave logged out, 101 26701 27620 198 99 from 192.168.1.111
15:54:13 ovpn,info <ovpn-clave>: disconnected
15:54:33 ovpn,info TCP connection established from 192.168.1.111
15:54:34 ovpn,debug,error,65320,43040,60940,60064,22284,17212,59728,60936,l2tp,info,60940,debug,update,65535,critical,34624,62096,21392,16704,17288,24008,43040,4043,16612,17212,43040,17212,warning duplicate packet, dropping
15:54:34 ovpn,info : using encoding - AES-128-CBC/SHA1
15:54:34 ovpn,info,account clave logged in, 192.168.8.42 from 192.168.1.111
15:54:34 ovpn,info <ovpn-clave>: connected
15:54:42 ovpn,info <ovpn-clave>: terminating... - peer disconnected
15:54:42 ovpn,info,account clave logged out, 8 0 0 0 0 from 192.168.1.111

any idea?

it is getting me crazy
 
shadowhawk3000
just joined
Topic Author
Posts: 4
Joined: Tue Apr 19, 2022 11:40 pm

Re: openvpn routeros version 6.49.5 keeps reconnecting

Wed Apr 20, 2022 3:41 pm

I checked more and found something interesting.
The active connection gets up, after some seconds the ping works. however some seconds later ping stops.

After a second connections gets active the old connection closes.

And the cycle repeats.

this is the client.ovpn:

client
dev tun
proto tcp-client
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
auth-nocache
mute 10
remote 192.168.1.245
port 1194
auth SHA1
cipher AES-256-CBC
redirect-gateway def1
push "route 192.168.88.0 255.255.255.0 192.168.1.245 1"
auth-user-pass credentials.txt
ca [inline]
cert [inline]
key [inline]
<ca>
-----BEGIN CERTIFICATE-----

..............
.......
 
shadowhawk3000
just joined
Topic Author
Posts: 4
Joined: Tue Apr 19, 2022 11:40 pm

Re: openvpn routeros version 6.49.5 keeps reconnecting

Sat Apr 23, 2022 12:54 am

I got it working better now.

I changed the client software:
"openvpn connect"

same certificates, now I got ping to the mikrotik, all the interfaces from the openvpn client.

And the windows client dhcp can ping to the ovpn.

However the client openvpn cannot ping to the clients dhcp of the mikrotik.
 
shadowhawk3000
just joined
Topic Author
Posts: 4
Joined: Tue Apr 19, 2022 11:40 pm

Re: openvpn routeros version 6.49.5 keeps reconnecting

Tue Apr 26, 2022 4:32 pm

solved.the solution was the ovpn file and using the application in windows and android, "openvpn connect".

the openvpn is as follows:

client
dev tun
proto tcp-client
remote 192.168.1.245
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass credentials.txt
auth-nocache

;redirect-gateway def1

route-nopull
route 192.168.8.0 255.255.255.0
route 192.168.88.0 255.255.255.0
route 192.168.6.0 255.255.255.0

<ca>
-----BEGIN CERTIFICATE-----
.
.
.
.
-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----
.
.
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
.
.

-----END RSA PRIVATE KEY-----

</key>

----
something additional:

if your connected to a network and your mikrotik is not the gateway:

/ip firewall nat add chain=srcnat dst-address=192.168.6.0/24 action=masquerade

this will change the address coming from the vpn. so they will look like they come from the router instead.

Who is online

Users browsing this forum: No registered users and 39 guests