Community discussions

MikroTik App
 
martinpm
just joined
Topic Author
Posts: 1
Joined: Wed Apr 20, 2022 5:52 pm

OVPN Mikrotik TLS failed

Wed Apr 20, 2022 5:59 pm

Hello,

Hello, I have Ubuntu as server openvpn, mikrotik is client.
Configuration file from server .ovpn i have imported to mikrotik
In mikrotik log is ovpn-out: terminating... - TLS failed.
I have RouterOS 7.2.1. I have tried tcp and udp.

From windows connect to ubuntu is ok.

Could you help my?
 
User avatar
stek
newbie
Posts: 47
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland

Re: OVPN Mikrotik TLS failed

Sat May 28, 2022 11:27 am

Hi, I have the same with OpenVPN cloud
DO you solved it?

regards
Stefano
 
pgotze
just joined
Posts: 7
Joined: Mon Apr 11, 2022 12:21 pm

Re: OVPN Mikrotik TLS failed

Fri Jun 10, 2022 10:32 am

Hi,
you are probably using not same cipher, check that its correctly set in you Client config on mikrotik.

I use mikrotik as OVPN client, i am able to make connection properly, anyway i have other issues, its not routing properly, would be nice to see somebody with functioning scenario.

Pavel
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: OVPN Mikrotik TLS failed

Fri Jun 10, 2022 2:24 pm

@pgotze

Source:
https://help.mikrotik.com/docs/display/ROS/OpenVPN
Since RouterOS does not support route-push you need to add manually which networks you want to access over the tunnel.
 
pgotze
just joined
Posts: 7
Joined: Mon Apr 11, 2022 12:21 pm

Re: OVPN Mikrotik TLS failed

Tue Jun 14, 2022 10:50 am

@own3r1138

Hi, i am not sure, because if i enable my VPN client on mikrotik, Route List is updated automatically, which is something i dont really want/can influence, so unfortunately i have 2 issues:
- it starts routing of all traffic to VPN (0.0.0.0 --> 10.8.0.5) - this i dont want, i want route only remote network traffic (to 192.168.2.0/24)
- anyway remote network is not accessible, the traceroute ends on local address of mikrotik (192.168.4.1) and does not continue to remote (10.8.0.5, 192.168.2.*)

You can see on my screenshots situation, when VPN client is enabled/connected or disabled. The change in routing list is done automatically, i do not make any manual change
You do not have the required permissions to view the files attached to this post.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: OVPN Mikrotik TLS failed

Tue Jun 14, 2022 4:29 pm

routing of all traffic to VPN (0.0.0.0 --> 10.8.0.5) - this i dont want
disable the default route if you don't wish to route 0.0.0.0/0.
anyway remote network is not accessible
I can see the routes but I do not know how they came to be.
2022-06-14_17-47-02.jpg
You do not have the required permissions to view the files attached to this post.
 
pgotze
just joined
Posts: 7
Joined: Mon Apr 11, 2022 12:21 pm

Re: OVPN Mikrotik TLS failed

Tue Jun 14, 2022 5:53 pm

Hi,
i can disable, true, i tried, but if connection is reconnected, its back again.
The ovpn connection i tried both, with or withoutch checkbox, but it does not make reall difference, the remote network is not available.
I am not sure, if its not the problem of 7.4beta2 version i use, dont know. It just does not route traffic at all.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: OVPN Mikrotik TLS failed

Tue Jun 14, 2022 6:20 pm

@pgotze

Hi,
So what is the OVPN server appliance or the OS? Does it have these routes configured in the server endpoint?
 
pgotze
just joined
Posts: 7
Joined: Mon Apr 11, 2022 12:21 pm

Re: OVPN Mikrotik TLS failed

Tue Jun 14, 2022 10:46 pm

Server side is TP-link AX55, tested with Windows Desktop and OpenVPN Connect windows app as client and works with no problem.
With mikrotik ovpn client i am able to connect, connection is created, but no routing, even if what i see in route list looks OK
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: OVPN Mikrotik TLS failed

Tue Jun 14, 2022 11:05 pm

Server side is TP-link AX55, tested with Windows Desktop and OpenVPN Connect windows app as client and works with no problem.
With mikrotik ovpn client i am able to connect, connection is created, but no routing, even if what i see in route list looks OK
RouterOS is very different from a Windows OVPN connect client. Seeing the routes means they are there. But, it doesn't mean that the MT router knows what you want to pass through your OVPN tunnel. or maybe you didn't add any src-nat for that traffic so it will exit your router with your LAN IPs, or even if your router doesn't know what to do with it, and Firewall rules. All of these will break your communication.
 
pgotze
just joined
Posts: 7
Joined: Mon Apr 11, 2022 12:21 pm

Re: OVPN Mikrotik TLS failed

Wed Jun 15, 2022 1:07 pm

Hi,
well, i have masquerading done in Firewall, this should not be the problem.
I know, MT openvpn is a bit specific, then standard, anyway, i am trying to find the way , how to trace, where exactly my packets ends. I tried to mark communication with Mangle, so i think it should reach server side, but i am not sure.
So may be problem is in compatibility of MT OpenVPN Client versus TP-Link OpenVPN Server, also possible.
You do not have the required permissions to view the files attached to this post.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: OVPN Mikrotik TLS failed

Wed Jun 15, 2022 1:55 pm

It's better to set up a lab MT OVPN server with an MT client.
If your client successfully connected and communicated with the OVPN server and your LAN IPs, Then try to move it over to your TP.

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], CGGXANNX, jamesperks, sgiglio, tjr and 84 guests