openvpn set up on mikrotik, clients unable to connect

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
dimm0k
OpenVpn Newbie
Posts: 4
Joined: Mon Jul 01, 2013 1:03 am

openvpn set up on mikrotik, clients unable to connect

Post by dimm0k » Thu Feb 02, 2023 7:30 pm

I followed the guide here https://www.medo64.com/2016/12/simple-o ... -mikrotik/ to get openvpn set up on my mikrotik, along with a usable config file for the devices I would like to connect with, but getting a showstopper on both a Windows 10 laptop and my Android phone. any suggestions on how to fix this, as it looks to be the same issue on both devices.

Code: Select all

[Feb 2, 2023, 14:07:22] OpenVPN core 3.git::d3f8b18b win x86_64 64-bit built on Mar 17 2022 11:42:02
⏎[Feb 2, 2023, 14:07:22] Frame=512/2048/512 mssfix-ctrl=1250
⏎[Feb 2, 2023, 14:07:22] UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
8 [tls-client]
10 [verb] [4]
11 [mute] [10]
12 [data-ciphers] [AES-256-CBC]
15 [auth-nocache]
⏎[Feb 2, 2023, 14:07:22] EVENT: RESOLVE ⏎[Feb 2, 2023, 14:07:22] EVENT: WAIT ⏎[Feb 2, 2023, 14:07:22] WinCommandAgent: transmitting bypass route to [internet address]
{
	"host" : "[internet address]",
	"ipv6" : false
}

⏎[Feb 2, 2023, 14:07:23] Connecting to [internet address]:1194 ([internet address]) via TCPv4
⏎[Feb 2, 2023, 14:07:23] EVENT: CONNECTING ⏎[Feb 2, 2023, 14:07:23] Tunnel Options:V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
⏎[Feb 2, 2023, 14:07:23] Creds: Username/Password
⏎[Feb 2, 2023, 14:07:23] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Feb 2, 2023, 14:07:23] Transport Error: Transport error on 'internet address: NETWORK_EOF_ERROR
⏎[Feb 2, 2023, 14:07:23] EVENT: TRANSPORT_ERROR Transport error on 'internet address: NETWORK_EOF_ERROR⏎[Feb 2, 2023, 14:07:23] Client terminated, restarting in 5000 ms...
⏎[Feb 2, 2023, 14:07:28] EVENT: RECONNECTING ⏎[Feb 2, 2023, 14:07:28] EVENT: RESOLVE ⏎[Feb 2, 2023, 14:07:28] EVENT: WAIT ⏎[Feb 2, 2023, 14:07:28] WinCommandAgent: transmitting bypass route to [internet address in ipv6]
{
	"host" : "[internet address in ipv6]",
	"ipv6" : true
}

⏎[Feb 2, 2023, 14:07:28] Transport Error: socket_protect error (TCPv4)
⏎[Feb 2, 2023, 14:07:28] Client terminated, restarting in 2000 ms...
⏎[Feb 2, 2023, 14:07:30] EVENT: RECONNECTING ⏎[Feb 2, 2023, 14:07:30] EVENT: RESOLVE ⏎[Feb 2, 2023, 14:07:30] EVENT: WAIT ⏎[Feb 2, 2023, 14:07:30] WinCommandAgent: transmitting bypass route to [internet address]
{
	"host" : "[internet address]",
	"ipv6" : false
}
the config I'm using is a unified one that incorporates the certificates generated from the mikrotik as follows

Code: Select all

client
dev tun
proto tcp
remote internetaddress 1194
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
mute 10
data-ciphers AES-256-CBC
auth SHA1
auth-user-pass
auth-nocache
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----

gibberish

-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----

gibberish

-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----

gibberish

-----END ENCRYPTED PRIVATE KEY-----
</key>

4Star
OpenVpn Newbie
Posts: 2
Joined: Wed Jun 08, 2022 1:16 pm

Re: openvpn set up on mikrotik, clients unable to connect

Post by 4Star » Fri Feb 17, 2023 1:17 pm

I had the same issues recently. There were a couple of different things that I found were causing the error. Firstly I had to enable additional cyphers on the OVPN server (SHA1 and 128 bit) which made it work fine. Then another chap just couldn't log in and was getting the same error, we changed his password and after that it worked just fine for him.

Post Reply