Windows OpenVPN a mikrotik

rubaspavel

Zdravím,

chtěl jsem z MK vytvořit openvpn server a pomocí programu OpenVPN se k němu připojit. To se ale nedaří a client hlásí:

Tue Feb 27 13:59:35 2018 us=452486 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Feb 27 13:59:35 2018 us=452486 PRNG init md=SHA1 size=36

Tue Feb 27 13:59:35 2018 us=452486 PID packet_id_init seq_backtrack=64 time_backtrack=15

Tue Feb 27 13:59:35 2018 us=452486 Control Channel MTU parms [ L:1655 D:1210 EF:40 EB:0 ET:0 EL:3 ]

Tue Feb 27 13:59:35 2018 us=452486 MTU DYNAMIC mtu=1450, flags=2, 1655 -> 1450

Tue Feb 27 13:59:35 2018 us=452486 RESOLVE_REMOTE flags=0x0101 phase=1 rrs=0 sig=-1 status=0

Tue Feb 27 13:59:35 2018 us=452486 Data Channel MTU parms [ L:1655 D:1450 EF:123 EB:411 ET:32 EL:3 ]

Tue Feb 27 13:59:35 2018 us=452486 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes

Tue Feb 27 13:59:35 2018 us=452486 calc_options_string_link_mtu: link-mtu 1655 -> 1591

Tue Feb 27 13:59:35 2018 us=452486 crypto_adjust_frame_parameters: Adjusting frame parameters for crypto by 56 bytes

Tue Feb 27 13:59:35 2018 us=452486 calc_options_string_link_mtu: link-mtu 1655 -> 1591

Tue Feb 27 13:59:35 2018 us=452486 Local Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'

Tue Feb 27 13:59:35 2018 us=452486 Expected Remote Options String (VER=V4): 'V4,dev-type tap,link-mtu 1591,tun-mtu 1532,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'

Tue Feb 27 13:59:35 2018 us=452486 TCP/UDP: Preserving recently used remote address: [AF_INET]94.47.186.149:1194

Tue Feb 27 13:59:35 2018 us=452486 Socket Buffers: R=[8192->8192] S=[8192->8192]

Tue Feb 27 13:59:35 2018 us=452486 Attempting to establish TCP connection with [AF_INET]94.47.186.149:1194 [nonblock]

Tue Feb 27 13:59:35 2018 us=452486 MANAGEMENT: >STATE:1519736375,TCP_CONNECT,,,,,,

Tue Feb 27 13:59:36 2018 us=466488 TCP connection established with [AF_INET]94.47.186.149:1194

Tue Feb 27 13:59:36 2018 us=466488 TCP_CLIENT link local: (not bound)

Tue Feb 27 13:59:36 2018 us=466488 TCP_CLIENT link remote: [AF_INET]94.47.186.149:1194

Tue Feb 27 13:59:36 2018 us=466488 MANAGEMENT: >STATE:1519736376,WAIT,,,,,,

Tue Feb 27 13:59:36 2018 us=466488 TCP_CLIENT WRITE [14] to [AF_INET]94.47.186.149:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ ] pid=0 DATA len=0

Tue Feb 27 13:59:36 2018 us=466488 TCP_CLIENT READ [14] from [AF_INET]94.47.186.149:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 [ ] pid=0 DATA len=0

Tue Feb 27 13:59:36 2018 us=466488 MANAGEMENT: >STATE:1519736376,AUTH,,,,,,

Tue Feb 27 13:59:36 2018 us=466488 TLS: Initial packet from [AF_INET]94.47.186.149:1194, sid=bb0969ef 0213f42d

Tue Feb 27 13:59:36 2018 us=466488 TCP_CLIENT WRITE [26] to [AF_INET]94.47.186.149:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 [ 0 ] pid=0 DATA len=0

Tue Feb 27 13:59:36 2018 us=544488 TCP_CLIENT READ [22] from [AF_INET]94.47.186.149:1194: P_ACK_V1 kid=0 [ 0 ]

Tue Feb 27 13:59:36 2018 us=544488 TCP_CLIENT WRITE [187] to [AF_INET]94.47.186.149:1194: P_CONTROL_V1 kid=0 [ ] pid=1 DATA len=173

Tue Feb 27 13:59:36 2018 us=684888 Connection reset, restarting [0]

Tue Feb 27 13:59:36 2018 us=684888 PID packet_id_free

Tue Feb 27 13:59:36 2018 us=684888 TCP/UDP: Closing socket

Tue Feb 27 13:59:36 2018 us=684888 PID packet_id_free

Tue Feb 27 13:59:36 2018 us=684888 SIGUSR1[soft,connection-reset] received, process restarting

Tue Feb 27 13:59:36 2018 us=684888 MANAGEMENT: >STATE:1519736376,RECONNECTING,connection-reset,,,,,

Tue Feb 27 13:59:36 2018 us=684888 Restart pause, 10 second(s)

Tue Feb 27 13:59:38 2018 us=712892 PID packet_id_free

Tue Feb 27 13:59:38 2018 us=712892 SIGTERM[hard,init_instance] received, process exiting

Tue Feb 27 13:59:38 2018 us=712892 MANAGEMENT: >STATE:1519736378,EXITING,init_instance,,,,,

Tue Feb 27 13:59:38 2018 us=712892 PKCS#11: Terminating openssl

Tue Feb 27 13:59:38 2018 us=712892 PKCS#11: Removing providers

Tue Feb 27 13:59:38 2018 us=712892 PKCS#11: Releasing sessions

Tue Feb 27 13:59:38 2018 us=712892 PKCS#11: Terminating slotevent

Tue Feb 27 13:59:38 2018 us=712892 PKCS#11: Marking as uninitialized

certifikáty jsem dělal pomocí easy-rsa na unixu a vše dle návodu: https://doc.heronovo.cz/2016-11-12-openvpn-mikrotik.html

_stepan

Zdravím,

certifikáty mám také z Easy-RSA a klienta na Win jsem rozchodil podle tohoto návodu

https://www.youtube.com/watch?v=ucifDsLHj6c

Funguje to bez problémů