I encountered a problem. For some reason the program does not connect to my home OVPN server on the Mikrotik router. Basic server settings, no frills. Login + password + certificate.
Code: Select all
/certificate
add name=ca country="RU" state="31" locality="BEL" organization="Interface LLC" unit="IT" common-name="ca" key-size=2048 days-valid=3650 key-usage=crl-sign,key-cert-sign
sign ca ca-crl-host=127.0.0.1
add name=ovpn-server country="RU" state="31" locality="BEL" organization="Interface LLC" unit="IT" common-name="ovpn-server" key-size=2048 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
sign ovpn-server ca="ca"
add name=mikrotik country="RU" state="31" locality="BEL" organization="Interface LLC" unit="IT" common-name="mikrotik" key-size=2048 days-valid=3650 key-usage=tls-client
sign mikrotik ca="ca"
export-certificate mikrotik type=pkcs12 export-passphrase=12345678
/ip pool
add name=ovpn_pool ranges=10.8.8.100-10.8.8.199
/ppp profile
add local-address=10.8.8.1 name=ovpn remote-address=ovpn_pool
/ppp aaa
set accounting=yes
/ppp secret
add name=USER1 password=1234567890 profile=ovpn service=ovpn
/interface ovpn-server server
set auth=sha1 certificate=ovpn-server cipher=aes256 default-profile=ovpn enabled=yes require-client-certificate=yes
Code: Select all
client
dev tun
proto tcp
remote 192.168.88.1 24852
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
auth sha1
cipher AES-256-CBC
key-direction 1
<auth-user-pass>
USER1
1234567890
</auth-user-pass>
<ca>
-----BEGIN CERTIFICATE-----
MIIDz
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDuT
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvg
-----END PRIVATE KEY-----
</key>
After sending the basic handshakes, the client authorization process occurs.
Mikrotik logs
Code: Select all
TCP connection established from 192.168.88.97
rcvd P_CONTROL kid=0 sid=ac89e102d1a966 pid=1 DATA len=287
sent P_ACK kid=0 sid=1723adfdba3e2b7 [3 sid=29dbad9ca824def] DATA len=0
bla bla bla
......
: using encoding - AES-256-CBC/SHA1If the connection was successful, then immediately after that a line like this should be displayed in the log
Code: Select all
USER1 logged in, 10.8.8.100 from 192.168.88.97
<ovpn-USER1>: connectedVPN Client Pro logs
Code: Select all
2024-08-22 04:24:16 VpnClientPro-google-api27-release-1.01.88 (30010188)
2024-08-22 04:24:16 Connecting request by user
2024-08-22 04:24:16 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2024-08-22 04:24:16 OpenVPN 2.5.8 android-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 14 2024
2024-08-22 04:24:16 library versions: OpenSSL 3.0.14 4 Jun 2024, LZO 2.10
2024-08-22 04:24:16 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.88.1:24852
2024-08-22 04:24:16 Attempting to establish TCP connection with [AF_INET]192.168.88.1:24852 [nonblock]
2024-08-22 04:24:16 TCP connection established with [AF_INET]192.168.88.1:24852
2024-08-22 04:24:16 TCPv4_CLIENT link local: (not bound)
2024-08-22 04:24:16 TCPv4_CLIENT link remote: [AF_INET]192.168.88.1:24852
2024-08-22 04:24:18 Disconnecting request by user
2024-08-22 04:24:18 Disconnecting...
2024-08-22 04:24:18 SIGINT[soft,] received, process exiting