Does not connect to mikrotik ovpn server
Posted: Thu Aug 22, 2024 1:32 am
Hi guys.
I encountered a problem. For some reason the program does not connect to my home OVPN server on the Mikrotik router. Basic server settings, no frills. Login + password + certificate.
An ovpn file was generated for the client.
Connects perfectly via OpenVPN Connect, but does not want to connect via VPN Client Pro.
After sending the basic handshakes, the client authorization process occurs.
Mikrotik logs
And that's all.
If the connection was successful, then immediately after that a line like this should be displayed in the log
But this does not happen.
VPN Client Pro logs
Please help.
I encountered a problem. For some reason the program does not connect to my home OVPN server on the Mikrotik router. Basic server settings, no frills. Login + password + certificate.
Code: Select all
/certificate
add name=ca country="RU" state="31" locality="BEL" organization="Interface LLC" unit="IT" common-name="ca" key-size=2048 days-valid=3650 key-usage=crl-sign,key-cert-sign
sign ca ca-crl-host=127.0.0.1
add name=ovpn-server country="RU" state="31" locality="BEL" organization="Interface LLC" unit="IT" common-name="ovpn-server" key-size=2048 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
sign ovpn-server ca="ca"
add name=mikrotik country="RU" state="31" locality="BEL" organization="Interface LLC" unit="IT" common-name="mikrotik" key-size=2048 days-valid=3650 key-usage=tls-client
sign mikrotik ca="ca"
export-certificate mikrotik type=pkcs12 export-passphrase=12345678
/ip pool
add name=ovpn_pool ranges=10.8.8.100-10.8.8.199
/ppp profile
add local-address=10.8.8.1 name=ovpn remote-address=ovpn_pool
/ppp aaa
set accounting=yes
/ppp secret
add name=USER1 password=1234567890 profile=ovpn service=ovpn
/interface ovpn-server server
set auth=sha1 certificate=ovpn-server cipher=aes256 default-profile=ovpn enabled=yes require-client-certificate=yes
Code: Select all
client
dev tun
proto tcp
remote 192.168.88.1 24852
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
auth sha1
cipher AES-256-CBC
key-direction 1
<auth-user-pass>
USER1
1234567890
</auth-user-pass>
<ca>
-----BEGIN CERTIFICATE-----
MIIDz
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDuT
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvg
-----END PRIVATE KEY-----
</key>
After sending the basic handshakes, the client authorization process occurs.
Mikrotik logs
Code: Select all
TCP connection established from 192.168.88.97
rcvd P_CONTROL kid=0 sid=ac89e102d1a966 pid=1 DATA len=287
sent P_ACK kid=0 sid=1723adfdba3e2b7 [3 sid=29dbad9ca824def] DATA len=0
bla bla bla
......
: using encoding - AES-256-CBC/SHA1
If the connection was successful, then immediately after that a line like this should be displayed in the log
Code: Select all
USER1 logged in, 10.8.8.100 from 192.168.88.97
<ovpn-USER1>: connected
VPN Client Pro logs
Code: Select all
2024-08-22 04:24:16 VpnClientPro-google-api27-release-1.01.88 (30010188)
2024-08-22 04:24:16 Connecting request by user
2024-08-22 04:24:16 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2024-08-22 04:24:16 OpenVPN 2.5.8 android-arm64-v8a [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 14 2024
2024-08-22 04:24:16 library versions: OpenSSL 3.0.14 4 Jun 2024, LZO 2.10
2024-08-22 04:24:16 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.88.1:24852
2024-08-22 04:24:16 Attempting to establish TCP connection with [AF_INET]192.168.88.1:24852 [nonblock]
2024-08-22 04:24:16 TCP connection established with [AF_INET]192.168.88.1:24852
2024-08-22 04:24:16 TCPv4_CLIENT link local: (not bound)
2024-08-22 04:24:16 TCPv4_CLIENT link remote: [AF_INET]192.168.88.1:24852
2024-08-22 04:24:18 Disconnecting request by user
2024-08-22 04:24:18 Disconnecting...
2024-08-22 04:24:18 SIGINT[soft,] received, process exiting