Community discussions

MikroTik App
 
range
just joined
Topic Author
Posts: 10
Joined: Thu Feb 23, 2023 1:27 pm

OpenVPN clients not connecting

Thu Feb 23, 2023 10:09 pm

Good day to everyone! I've got a question about setting of wi-fi router Microtik. hAP ac^2 arm.
Router OS: 7.7 Stable.
My network diagram is:
- the provider gave me static ip 185.244.6.34.
- internet connection is made with PPPoE protocol.
- behind the router is located OpenVPN server (with the help of Pritunl). OS Ubuntu 20.04. I made static IP for OpenVPN server on Microtik 200.151.54.94.
All clients connect by OpenVPN Connect from external internet.
Port for OpenVPN is 9026, and it is opened as in Ubuntu, so in Microtik.
All these I represented on the diagram:
Image
Port was tested with the help of https://ping.eu/port-chk website:
Image
I also checked port through telnet on Windows and android: telnet 185.244.6.34 9026.
Connection successful.
My problem is that none of clients (exept wi-fi router keenetic) can connect to OpenVPN server. Mistake code is approximately like this:
⏎[Feb 23, 2023, 23:02:58] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Feb 23, 2023, 23:02:58] UNUSED OPTIONS
6 [nobind]
7 [persist-tun]
10 [verb] [2]
11 [mute] [3]
18 [sndbuf] [393216]
19 [rcvbuf] [393216]
⏎[Feb 23, 2023, 23:02:58] EVENT: RESOLVE ⏎[Feb 23, 2023, 23:02:58] EVENT: WAIT ⏎[Feb 23, 2023, 23:02:58] WinCommandAgent: transmitting bypass route to 185.244.6.34
{
	"host" : "185.244.6.34",
	"ipv6" : false
}

⏎[Feb 23, 2023, 23:03:00] Transport Error: TCPv4 connect error on '185.244.6.34:9026' (185.244.6.34:9026): No connection could be made because the target machine actively refused it.
⏎[Feb 23, 2023, 23:03:00] Client terminated, restarting in 2000 ms...
⏎[Feb 23, 2023, 23:03:02] EVENT: RECONNECTING ⏎[Feb 23, 2023, 23:03:02] EVENT: RESOLVE ⏎[Feb 23, 2023, 23:03:02] EVENT: WAIT ⏎[Feb 23, 2023, 23:03:02] WinCommandAgent: transmitting bypass route to 185.244.6.34
{
	"host" : "185.244.6.34",
	"ipv6" : false
}

⏎[Feb 23, 2023, 23:03:04] Transport Error: TCPv4 connect error on '185.244.6.34:9026' (185.244.6.34:9026): No connection could be made because the target machine actively refused it.
⏎[Feb 23, 2023, 23:03:04] Client terminated, restarting in 2000 ms...
⏎[Feb 23, 2023, 23:03:05] EVENT: DISCONNECTED ⏎
I attach configuration Microtik (config_bac.rsc).
Also I attach OpenVPN server configuration:
ignore-unknown-option ncp-ciphers
port 9026
proto tcp6-server
dev tun0
server 192.168.222.0 255.255.255.0
management /var/run/pritunl_63f671662f45f66a1cdb6287.sock unix
management-client-auth
auth-user-pass-optional
topology subnet
tls-version-min 1.2
max-clients 2000
ping 10
ping-restart 80
persist-tun
cipher AES-256-CBC
ncp-ciphers AES-256-GCM:AES-256-CBC
auth SHA256
status-version 2
script-security 2
sndbuf 393216
rcvbuf 393216
reneg-sec 2592000
hash-size 1024 1024
txqueuelen 1000
verb 4
mute 8
client-to-client
comp-lzo no
push "comp-lzo no"
push "route 200.151.54.0 255.255.255.0"
push "route 8.8.8.8 255.255.255.255"
I draw your attention, couple of days ago it was wi-fi router Asus N300 instead of Microtik.
OpenVPN worked great for all clients.
What have I done wrong? Thanks in advance.
Last edited by range on Sat Feb 25, 2023 7:15 pm, edited 1 time in total.
 
range
just joined
Topic Author
Posts: 10
Joined: Thu Feb 23, 2023 1:27 pm

Re: OpenVPN clients not connecting

Fri Feb 24, 2023 9:03 pm

UPD
My connection doesn't work from local net. But now it works from external net (I didn't change the rules).
How to configure rules for local net for port to be open?
Command telnet 185.244.6.34 9026 gives an error (timeout) in local net
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVPN clients not connecting

Fri Feb 24, 2023 9:49 pm

Your dstnat rule has options in-interface=pppoe-protocol-intercon and in-interface-list=WAN (both useless) and they limit from where it will work. Drop them and it will be better. And those 200.x.x.x addresses, did you also get them from ISP? If not, you shouldn't use them and choose some from private ranges instead.
 
range
just joined
Topic Author
Posts: 10
Joined: Thu Feb 23, 2023 1:27 pm

Re: OpenVPN clients not connecting

Fri Feb 24, 2023 10:31 pm

Your dstnat rule has options in-interface=pppoe-protocol-intercon and in-interface-list=WAN (both useless) and they limit from where it will work. Drop them and it will be better.
I removed in-interface and in-interface-lists. Port ping still doesn't work from local net:
telnet 185.244.6.34 9026  .... connection refused
. Also, OpenVPN clients do not connect to an OpenVPN server on the local network.
And those 200.x.x.x addresses, did you also get them from ISP? If not, you shouldn't use them and choose some from private ranges instead.
I configured these addresses (DHCP).
In what are they bad?
Updated configuration attach.
Last edited by range on Sat Feb 25, 2023 7:14 pm, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVPN clients not connecting  [SOLVED]

Fri Feb 24, 2023 10:49 pm

Sorry, one more thing:
/ip firewall nat
add chain=srcnat src-address=200.151.54.0/24 dst-address=200.151.54.0/24 action=masquerade
And about those addresses, it's just that they belong to someone else and it's possible (even though not very likely) that some servers you'd want to access could be using the real ones, and you wouldn't be able to access them. The right ones for private use are any from 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
 
range
just joined
Topic Author
Posts: 10
Joined: Thu Feb 23, 2023 1:27 pm

Re: OpenVPN clients not connecting

Sat Feb 25, 2023 8:45 am

Sorry, one more thing:
/ip firewall nat
add chain=srcnat src-address=200.151.54.0/24 dst-address=200.151.54.0/24 action=masquerade
Thank you so much! This rule works perfectly.
And about those addresses, it's just that they belong to someone else and it's possible (even though not very likely) that some servers you'd want to access could be using the real ones, and you wouldn't be able to access them. The right ones for private use are any from 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
And yeah. I know about reserved addresses. I just thought that you mean something else :) Of course, I 'l change addresses
 
salmawisoky
just joined
Posts: 1
Joined: Fri Dec 01, 2023 7:01 am

Re: OpenVPN clients not connecting

Fri Dec 01, 2023 7:04 am

How to configure rules for local net for port to be open? Drift Boss
Last edited by salmawisoky on Fri Dec 01, 2023 7:05 am, edited 1 time in total.

Who is online

Users browsing this forum: karlisi, patrikg, TeWe, VinceKalloe and 96 guests