closing socket openVPN

tady · Napísal **tady**: 06.02.2022 18:19

Ahojte
Skúšal som rozbehať openVPN na Mikrotiku hAP lite. Mám taký problém že v logu Mikrotiku mi vypisuje duplicate packet, droping. Na fórach čo som našiel to vraj nie je problém a spojenie by malo fungovať ale na openVPN klientovi mi spojenie stále resetuje. Prosím o pomoc.
Log openVPN:
2022-02-06 17:45:06 us=156000 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-02-06 17:45:06 us=171000 Current Parameter Settings:
2022-02-06 17:45:06 us=171000 config = 'openvpn.ovpn'
2022-02-06 17:45:06 us=171000 mode = 0
2022-02-06 17:45:06 us=171000 show_ciphers = DISABLED
2022-02-06 17:45:06 us=171000 show_digests = DISABLED
2022-02-06 17:45:06 us=171000 show_engines = DISABLED
2022-02-06 17:45:06 us=171000 genkey = DISABLED
2022-02-06 17:45:06 us=171000 genkey_filename = '[UNDEF]'
2022-02-06 17:45:06 us=171000 key_pass_file = '[UNDEF]'
2022-02-06 17:45:06 us=171000 show_tls_ciphers = DISABLED
2022-02-06 17:45:06 us=171000 NOTE: --mute triggered...
2022-02-06 17:45:06 us=171000 290 variation(s) on previous 10 message(s) suppressed by --mute
2022-02-06 17:45:06 us=171000 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2022-02-06 17:45:06 us=171000 Windows version 10.0 (Windows 10 or greater) 64bit
2022-02-06 17:45:06 us=171000 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-02-06 17:45:06 us=171000 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2022-02-06 17:45:06 us=171000 Need hold release from management interface, waiting...
2022-02-06 17:45:06 us=640000 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2022-02-06 17:45:06 us=765000 MANAGEMENT: CMD 'state on'
2022-02-06 17:45:06 us=765000 MANAGEMENT: CMD 'log all on'
2022-02-06 17:45:06 us=812000 MANAGEMENT: CMD 'echo all on'
2022-02-06 17:45:06 us=812000 MANAGEMENT: CMD 'bytecount 5'
2022-02-06 17:45:06 us=812000 MANAGEMENT: CMD 'hold off'
2022-02-06 17:45:06 us=812000 MANAGEMENT: CMD 'hold release'
2022-02-06 17:45:06 us=828000 MANAGEMENT: CMD 'password [...]'
2022-02-06 17:45:06 us=828000 Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
2022-02-06 17:45:06 us=828000 Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
2022-02-06 17:45:06 us=828000 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
2022-02-06 17:45:06 us=828000 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
2022-02-06 17:45:06 us=828000 TCP/UDP: Preserving recently used remote address: [AF_INET]<verejna ip>:1194
2022-02-06 17:45:06 us=828000 Socket Buffers: R=[65536->65536] S=[65536->65536]
2022-02-06 17:45:06 us=828000 Attempting to establish TCP connection with [AF_INET]<verejna ip>:1194 [nonblock]
2022-02-06 17:45:06 us=828000 MANAGEMENT: >STATE:1644165906,TCP_CONNECT,,,,,,
2022-02-06 17:45:06 us=859000 TCP connection established with [AF_INET]<verejna ip>:1194
2022-02-06 17:45:06 us=859000 TCP_CLIENT link local: (not bound)
2022-02-06 17:45:06 us=859000 TCP_CLIENT link remote: [AF_INET]109.236.116.128:1194
2022-02-06 17:45:06 us=859000 MANAGEMENT: >STATE:1644165906,WAIT,,,,,,
2022-02-06 17:45:06 us=890000 MANAGEMENT: >STATE:1644165906,AUTH,,,,,,
2022-02-06 17:45:06 us=890000 TLS: Initial packet from [AF_INET]<verejna ip>:1194, sid=77f006e1 04472d1d
2022-02-06 17:45:07 us=718000 VERIFY OK: depth=1, CN=CA
2022-02-06 17:45:07 us=718000 VERIFY KU OK
2022-02-06 17:45:07 us=718000 Validating certificate extended key usage
2022-02-06 17:45:07 us=718000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-02-06 17:45:07 us=718000 VERIFY EKU OK
2022-02-06 17:45:07 us=718000 VERIFY OK: depth=0, CN=server
2022-02-06 17:45:08 us=343000 Connection reset, restarting [0]
2022-02-06 17:45:08 us=343000 TCP/UDP: Closing socket
2022-02-06 17:45:08 us=343000 SIGUSR1[soft,connection-reset] received, process restarting
2022-02-06 17:45:08 us=343000 MANAGEMENT: >STATE:1644165908,RECONNECTING,connection-reset,,,,,
2022-02-06 17:45:08 us=343000 Restart pause, 5 second(s)
2022-02-06 17:45:13 us=375000 Re-using SSL/TLS context
openVPN konfiguračný súbor:
client
dev tun
proto tcp-client
remote <verejná ip>
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca cert_export_CA.crt
cert cert_export_client.crt
key cert_export_client.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache

KocuR · Napísal **KocuR**: 19.02.2022 22:40

Cize mas klienta na svojom PC a mas klienta na Mikrotiku. Co/kde je server?

Ked je podstata to, ze sa chces zvonku pripojit do LAN za Mikrotikom, tak ten Mikrotik logicky musi byt nakonfigurovany ako server.
https://systemzone.net/mikrotik-openvpn-configuration-on-tcp-port-443-with-windows-os/

closing socket openVPN

Podobné témy