OpenVPN сервер на mikrotik, клиент на OpenWRT

Обсуждение оборудования и его настройки
Ответить
dmzul
Сообщения: 1
Зарегистрирован: 17 июл 2014, 18:25

Добрый день!

Настроил openvpn сервер на микротике, ключи генерировал по этому мануалу:
http://wiki.mikrotik.com/wiki/OpenVPN#Certificates (с помошью Easy-RSA)
Клиент на OpenWRT не хочет подключаться, в лог пишет следующее:
 "Лог клиента"
Thu Jul 17 18:26:59 2014 us=265441 Current Parameter Settings:
Thu Jul 17 18:26:59 2014 us=271209 config = '/etc/openvpn/client.conf'
Thu Jul 17 18:26:59 2014 us=272033 mode = 0
Thu Jul 17 18:26:59 2014 us=272735 persist_config = DISABLED
Thu Jul 17 18:26:59 2014 us=273498 persist_mode = 1
Thu Jul 17 18:26:59 2014 us=278594 show_ciphers = DISABLED
Thu Jul 17 18:26:59 2014 us=279357 show_digests = DISABLED
Thu Jul 17 18:26:59 2014 us=280090 show_engines = DISABLED
Thu Jul 17 18:26:59 2014 us=280792 genkey = DISABLED
Thu Jul 17 18:26:59 2014 us=285797 key_pass_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=286621 show_tls_ciphers = DISABLED
Thu Jul 17 18:26:59 2014 us=287353 Connection profiles [default]:
Thu Jul 17 18:26:59 2014 us=288085 proto = tcp-client
Thu Jul 17 18:26:59 2014 us=288787 local = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=293914 local_port = 0
Thu Jul 17 18:26:59 2014 us=294708 remote = '192.168.107.10'
Thu Jul 17 18:26:59 2014 us=295440 remote_port = 1194
Thu Jul 17 18:26:59 2014 us=296173 remote_float = DISABLED
Thu Jul 17 18:26:59 2014 us=296905 bind_defined = DISABLED
Thu Jul 17 18:26:59 2014 us=302093 bind_local = DISABLED
Thu Jul 17 18:26:59 2014 us=302825 connect_retry_seconds = 5
Thu Jul 17 18:26:59 2014 us=303588 connect_timeout = 10
Thu Jul 17 18:26:59 2014 us=304321 connect_retry_max = 0
Thu Jul 17 18:26:59 2014 us=309295 socks_proxy_server = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=310119 socks_proxy_port = 0
Thu Jul 17 18:26:59 2014 us=310852 socks_proxy_retry = DISABLED
Thu Jul 17 18:26:59 2014 us=311584 tun_mtu = 1500
Thu Jul 17 18:26:59 2014 us=312316 tun_mtu_defined = ENABLED
Thu Jul 17 18:26:59 2014 us=317474 link_mtu = 1500
Thu Jul 17 18:26:59 2014 us=318267 link_mtu_defined = DISABLED
Thu Jul 17 18:26:59 2014 us=319000 tun_mtu_extra = 32
Thu Jul 17 18:26:59 2014 us=319732 tun_mtu_extra_defined = ENABLED
Thu Jul 17 18:26:59 2014 us=324981 mtu_discover_type = -1
Thu Jul 17 18:26:59 2014 us=325836 fragment = 0
Thu Jul 17 18:26:59 2014 us=326599 mssfix = 1450
Thu Jul 17 18:26:59 2014 us=327301 Connection profiles END
Thu Jul 17 18:26:59 2014 us=328033 remote_random = DISABLED
Thu Jul 17 18:26:59 2014 us=333068 ipchange = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=333831 dev = 'tap0'
Thu Jul 17 18:26:59 2014 us=334564 dev_type = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=335296 dev_node = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=336029 lladdr = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=341217 topology = 1
Thu Jul 17 18:26:59 2014 us=341949 tun_ipv6 = DISABLED
Thu Jul 17 18:26:59 2014 us=342681 ifconfig_local = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=343414 ifconfig_remote_netmask = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=356384 ifconfig_noexec = DISABLED
Thu Jul 17 18:26:59 2014 us=357177 ifconfig_nowarn = DISABLED
Thu Jul 17 18:26:59 2014 us=357910 ifconfig_ipv6_local = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=358642 ifconfig_ipv6_netbits = 0
Thu Jul 17 18:26:59 2014 us=359375 ifconfig_ipv6_remote = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=364501 shaper = 0
Thu Jul 17 18:26:59 2014 us=365234 mlock = DISABLED
Thu Jul 17 18:26:59 2014 us=365966 keepalive_ping = 0
Thu Jul 17 18:26:59 2014 us=366699 keepalive_timeout = 0
Thu Jul 17 18:26:59 2014 us=371704 inactivity_timeout = 0
Thu Jul 17 18:26:59 2014 us=372558 ping_send_timeout = 0
Thu Jul 17 18:26:59 2014 us=373291 ping_rec_timeout = 0
Thu Jul 17 18:26:59 2014 us=374023 ping_rec_timeout_action = 0
Thu Jul 17 18:26:59 2014 us=374755 ping_timer_remote = DISABLED
Thu Jul 17 18:26:59 2014 us=377471 remap_sigusr1 = 0
Thu Jul 17 18:26:59 2014 us=378234 persist_tun = DISABLED
Thu Jul 17 18:26:59 2014 us=378967 persist_local_ip = DISABLED
Thu Jul 17 18:26:59 2014 us=379943 persist_remote_ip = DISABLED
Thu Jul 17 18:26:59 2014 us=380889 persist_key = ENABLED
Thu Jul 17 18:26:59 2014 us=381652 passtos = DISABLED
Thu Jul 17 18:26:59 2014 us=382446 resolve_retry_seconds = 1000000000
Thu Jul 17 18:26:59 2014 us=383392 username = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=384185 groupname = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=385009 chroot_dir = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=385772 cd_dir = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=386505 writepid = '/var/run/openvpn'
Thu Jul 17 18:26:59 2014 us=387725 up_script = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=388549 down_script = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=389312 down_pre = DISABLED
Thu Jul 17 18:26:59 2014 us=390045 up_restart = DISABLED
Thu Jul 17 18:26:59 2014 us=390747 up_delay = DISABLED
Thu Jul 17 18:26:59 2014 us=391754 daemon = DISABLED
Thu Jul 17 18:26:59 2014 us=392517 inetd = 0
Thu Jul 17 18:26:59 2014 us=393218 log = ENABLED
Thu Jul 17 18:26:59 2014 us=393951 suppress_timestamps = DISABLED
Thu Jul 17 18:26:59 2014 us=394897 nice = 0
Thu Jul 17 18:26:59 2014 us=395721 verbosity = 5
Thu Jul 17 18:26:59 2014 us=396484 mute = 0
Thu Jul 17 18:26:59 2014 us=397216 gremlin = 0
Thu Jul 17 18:26:59 2014 us=397979 status_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=398925 status_file_version = 1
Thu Jul 17 18:26:59 2014 us=399749 status_file_update_freq = 60
Thu Jul 17 18:26:59 2014 us=400512 rcvbuf = 65536
Thu Jul 17 18:26:59 2014 us=401245 sndbuf = 65536
Thu Jul 17 18:26:59 2014 us=401977 mark = 0
Thu Jul 17 18:26:59 2014 us=402893 sockflags = 0
Thu Jul 17 18:26:59 2014 us=403686 fast_io = DISABLED
Thu Jul 17 18:26:59 2014 us=404449 lzo = 0
Thu Jul 17 18:26:59 2014 us=405181 route_script = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=405914 route_default_gateway = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=407348 route_default_metric = 0
Thu Jul 17 18:26:59 2014 us=408172 route_noexec = DISABLED
Thu Jul 17 18:26:59 2014 us=408874 route_delay = 0
Thu Jul 17 18:26:59 2014 us=409637 route_delay_window = 30
Thu Jul 17 18:26:59 2014 us=411041 route_delay_defined = DISABLED
Thu Jul 17 18:26:59 2014 us=415222 route_nopull = DISABLED
Thu Jul 17 18:26:59 2014 us=415985 route_gateway_via_dhcp = DISABLED
Thu Jul 17 18:26:59 2014 us=416748 max_routes = 100
Thu Jul 17 18:26:59 2014 us=417480 allow_pull_fqdn = DISABLED
Thu Jul 17 18:26:59 2014 us=422485 management_addr = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=423339 management_port = 0
Thu Jul 17 18:26:59 2014 us=424072 management_user_pass = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=424804 management_log_history_cache = 250
Thu Jul 17 18:26:59 2014 us=425567 management_echo_buffer_size = 100
Thu Jul 17 18:26:59 2014 us=430603 management_write_peer_info_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=431396 management_client_user = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=432128 management_client_group = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=432861 management_flags = 0
Thu Jul 17 18:26:59 2014 us=433624 shared_secret_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=438629 key_direction = 0
Thu Jul 17 18:26:59 2014 us=439392 ciphername_defined = ENABLED
Thu Jul 17 18:26:59 2014 us=440124 ciphername = 'AES-256-CBC'
Thu Jul 17 18:26:59 2014 us=440887 authname_defined = ENABLED
Thu Jul 17 18:26:59 2014 us=445892 authname = 'SHA1'
Thu Jul 17 18:26:59 2014 us=446716 prng_hash = 'SHA1'
Thu Jul 17 18:26:59 2014 us=447479 prng_nonce_secret_len = 16
Thu Jul 17 18:26:59 2014 us=448211 keysize = 0
Thu Jul 17 18:26:59 2014 us=448944 engine = DISABLED
Thu Jul 17 18:26:59 2014 us=450744 replay = ENABLED
Thu Jul 17 18:26:59 2014 us=451538 mute_replay_warnings = DISABLED
Thu Jul 17 18:26:59 2014 us=452270 replay_window = 64
Thu Jul 17 18:26:59 2014 us=453002 replay_time = 15
Thu Jul 17 18:26:59 2014 us=453979 packet_id_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=454772 use_iv = ENABLED
Thu Jul 17 18:26:59 2014 us=455505 test_crypto = DISABLED
Thu Jul 17 18:26:59 2014 us=456237 tls_server = DISABLED
Thu Jul 17 18:26:59 2014 us=456970 tls_client = ENABLED
Thu Jul 17 18:26:59 2014 us=457946 key_method = 2
Thu Jul 17 18:26:59 2014 us=458740 ca_file = '/var/openvpn/ca.pem'
Thu Jul 17 18:26:59 2014 us=459472 ca_path = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=460205 dh_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=460937 cert_file = '/mnt/rwfs/upload/client1.crt'
Thu Jul 17 18:26:59 2014 us=462036 priv_key_file = '/mnt/rwfs/upload/client1.pem'
Thu Jul 17 18:26:59 2014 us=462829 pkcs12_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=463562 cipher_list = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=464294 tls_verify = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=465301 tls_export_cert = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=466125 tls_remote = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=466857 crl_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=467620 ns_cert_type = 1
Thu Jul 17 18:26:59 2014 us=468353 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=473419 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=474243 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=474975 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=475708 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=476440 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=481506 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=482299 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=483032 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=483764 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=484497 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=489562 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=490325 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=491058 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=491790 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=494384 remote_cert_ku[i] = 0
Thu Jul 17 18:26:59 2014 us=495178 remote_cert_eku = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=495910 ssl_flags = 0
Thu Jul 17 18:26:59 2014 us=496887 tls_timeout = 2
Thu Jul 17 18:26:59 2014 us=497680 renegotiate_bytes = 0
Thu Jul 17 18:26:59 2014 us=499084 renegotiate_packets = 0
Thu Jul 17 18:26:59 2014 us=499847 renegotiate_seconds = 3600
Thu Jul 17 18:26:59 2014 us=500793 handshake_window = 60
Thu Jul 17 18:26:59 2014 us=501617 transition_window = 3600
Thu Jul 17 18:26:59 2014 us=502349 single_session = DISABLED
Thu Jul 17 18:26:59 2014 us=503082 push_peer_info = DISABLED
Thu Jul 17 18:26:59 2014 us=503784 tls_exit = DISABLED
Thu Jul 17 18:26:59 2014 us=504730 tls_auth_file = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=505798 server_network = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=506652 server_netmask = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=507598 server_network_ipv6 = ::
Thu Jul 17 18:26:59 2014 us=508666 server_netbits_ipv6 = 0
Thu Jul 17 18:26:59 2014 us=509521 server_bridge_ip = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=510314 server_bridge_netmask = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=511108 server_bridge_pool_start = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=512054 server_bridge_pool_end = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=512878 ifconfig_pool_defined = DISABLED
Thu Jul 17 18:26:59 2014 us=513702 ifconfig_pool_start = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=514465 ifconfig_pool_end = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=515258 ifconfig_pool_netmask = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=516174 ifconfig_pool_persist_filename = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=517028 ifconfig_pool_persist_refresh_freq = 600
Thu Jul 17 18:26:59 2014 us=517791 ifconfig_ipv6_pool_defined = DISABLED
Thu Jul 17 18:26:59 2014 us=518554 ifconfig_ipv6_pool_base = ::
Thu Jul 17 18:26:59 2014 us=519317 ifconfig_ipv6_pool_netbits = 0
Thu Jul 17 18:26:59 2014 us=520355 n_bcast_buf = 256
Thu Jul 17 18:26:59 2014 us=521179 tcp_queue_limit = 64
Thu Jul 17 18:26:59 2014 us=521911 real_hash_size = 256
Thu Jul 17 18:26:59 2014 us=522644 virtual_hash_size = 256
Thu Jul 17 18:26:59 2014 us=523376 client_connect_script = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=524322 learn_address_script = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=525146 client_disconnect_script = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=525878 client_config_dir = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=526611 ccd_exclusive = DISABLED
Thu Jul 17 18:26:59 2014 us=527374 tmp_dir = '/tmp'
Thu Jul 17 18:26:59 2014 us=528320 push_ifconfig_defined = DISABLED
Thu Jul 17 18:26:59 2014 us=529144 push_ifconfig_local = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=530029 push_ifconfig_remote_netmask = 0.0.0.0
Thu Jul 17 18:26:59 2014 us=530792 push_ifconfig_ipv6_defined = DISABLED
Thu Jul 17 18:26:59 2014 us=531860 push_ifconfig_ipv6_local = ::/0
Thu Jul 17 18:26:59 2014 us=532745 push_ifconfig_ipv6_remote = ::
Thu Jul 17 18:26:59 2014 us=533477 enable_c2c = DISABLED
Thu Jul 17 18:26:59 2014 us=534210 duplicate_cn = DISABLED
Thu Jul 17 18:26:59 2014 us=534942 cf_max = 0
Thu Jul 17 18:26:59 2014 us=535949 cf_per = 0
Thu Jul 17 18:26:59 2014 us=536773 max_clients = 1024
Thu Jul 17 18:26:59 2014 us=537536 max_routes_per_client = 256
Thu Jul 17 18:26:59 2014 us=538269 auth_user_pass_verify_script = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=539031 auth_user_pass_verify_script_via_file = DISABLED
Thu Jul 17 18:26:59 2014 us=539947 port_share_host = '[UNDEF]'
Thu Jul 17 18:26:59 2014 us=540771 port_share_port = 0
Thu Jul 17 18:26:59 2014 us=541503 client = ENABLED
Thu Jul 17 18:26:59 2014 us=542236 pull = ENABLED
Thu Jul 17 18:26:59 2014 us=542999 auth_user_pass_file = '/var/openvpn/passwd'
Thu Jul 17 18:26:59 2014 us=543975 OpenVPN 2.3.0 arm-buildroot-linux-uclibcgnueabi [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 17 2014
Thu Jul 17 18:26:59 2014 us=547576 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 17 18:26:59 2014 us=568389 WARNING: file '/mnt/rwfs/upload/client1.pem' is group or others accessible
Thu Jul 17 18:26:59 2014 us=581054 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jul 17 18:26:59 2014 us=583251 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jul 17 18:26:59 2014 us=584533 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Thu Jul 17 18:26:59 2014 us=586547 Attempting to establish TCP connection with [AF_INET]192.168.107.10:1194 [nonblock]
Thu Jul 17 18:27:00 2014 us=590484 TCP connection established with [AF_INET]192.168.107.10:1194
Thu Jul 17 18:27:00 2014 us=591400 TCPv4_CLIENT link local: [undef]
Thu Jul 17 18:27:00 2014 us=592224 TCPv4_CLIENT link remote: [AF_INET]192.168.107.10:1194
WRThu Jul 17 18:27:00 2014 us=601043 TLS: Initial packet from [AF_INET]192.168.107.10:1194, sid=7861c07d ceb18560
RWWWWRRRThu Jul 17 18:27:59 2014 us=608795 Connection reset, restarting [0]
Thu Jul 17 18:27:59 2014 us=610839 TCP/UDP: Closing socket
Thu Jul 17 18:27:59 2014 us=612915 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jul 17 18:27:59 2014 us=614013 Restart pause, 5 second(s)
Thu Jul 17 18:28:04 2014 us=618347 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 17 18:28:04 2014 us=619232 Re-using SSL/TLS context
Thu Jul 17 18:28:04 2014 us=621704 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jul 17 18:28:04 2014 us=622955 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jul 17 18:28:04 2014 us=623931 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Thu Jul 17 18:28:04 2014 us=624847 Attempting to establish TCP connection with [AF_INET]192.168.107.10:1194 [nonblock]
Thu Jul 17 18:28:05 2014 us=629547 TCP connection established with [AF_INET]192.168.107.10:1194
Thu Jul 17 18:28:05 2014 us=630371 TCPv4_CLIENT link local: [undef]
Thu Jul 17 18:28:05 2014 us=631225 TCPv4_CLIENT link remote: [AF_INET]192.168.107.10:1194
WRThu Jul 17 18:28:05 2014 us=635406 TLS: Initial packet from [AF_INET]192.168.107.10:1194, sid=dcf646e3 f419fa60
WRWWWRRRRWRThu Jul 17 18:28:05 2014 us=721710 VERIFY OK: depth=1, C=RU, ST=SPb, L=Saint Petersburg, O=org, OU=home, CN=Cert1, name=home, emailAddress=mail@company.ru
Thu Jul 17 18:28:05 2014 us=743225 VERIFY OK: nsCertType=SERVER
Thu Jul 17 18:28:05 2014 us=744049 VERIFY OK: depth=0, C=RU, ST=SPb, L=Saint Petersburg, O=org, OU=home, CN=Cert1, name=home, emailAddress=mail@company.ru
WWWWRRRWWWRRRRWWWWRRRWWWRRRWWWRRRWWWRRRWWWRRRWWWRRRWWWRWRWRRRWRRRRWWWWRRRThu Jul 17 18:28:06 2014 us=632415 Connection reset, restarting [0]
Thu Jul 17 18:28:06 2014 us=635986 TCP/UDP: Closing socket
Thu Jul 17 18:28:06 2014 us=638153 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jul 17 18:28:06 2014 us=639038 Restart pause, 5 second(s)
Thu Jul 17 18:28:11 2014 us=641448 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jul 17 18:28:11 2014 us=642333 Re-using SSL/TLS context
Thu Jul 17 18:28:11 2014 us=644592 Control Channel MTU parms [ L:1591 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jul 17 18:28:11 2014 us=646026 Socket Buffers: R=[87380->131072] S=[16384->131072]
Thu Jul 17 18:28:11 2014 us=647033 Data Channel MTU parms [ L:1591 D:1450 EF:59 EB:4 ET:32 EL:0 ]
Thu Jul 17 18:28:11 2014 us=647918 Attempting to establish TCP connection with [AF_INET]192.168.107.10:1194 [nonblock]
Thu Jul 17 18:28:12 2014 us=653076 TCP connection established with [AF_INET]192.168.107.10:1194
Thu Jul 17 18:28:12 2014 us=653900 TCPv4_CLIENT link local: [undef]
Thu Jul 17 18:28:12 2014 us=654724 TCPv4_CLIENT link remote: [AF_INET]192.168.107.10:1194
WRThu Jul 17 18:28:12 2014 us=659698 TLS: Initial packet from [AF_INET]192.168.107.10:1194, sid=99e4ed29 660e7ece
RWWWWRRRThu Jul 17 18:29:11 2014 us=660858 Connection reset, restarting [0]
Thu Jul 17 18:29:11 2014 us=662292 TCP/UDP: Closing socket

 "Конфиг клиента:"
dev tap0
proto tcp-client
port 1194
remote 192.168.107.10
client
ca /var/openvpn/ca.pem
auth-user-pass /var/openvpn/passwd
auth-retry nointeract
nobind
persist-key
tls-client

cert /mnt/rwfs/upload/client1.crt
key /mnt/rwfs/upload/client1.pem
ns-cert-type server
cipher AES-256-CBC
auth SHA1
pull
#auth-user-pass /mnt/rwfs/upload/auth.cfg
verb 5
auth-nocache
auth-retry interact

Микротик в лог пишет только "TCP connection established from ipaddr"
Подозреваю, что проблема все-таки на стороне клиента, т.к. openvpn клиенты на windows и ubuntu с тем же конфигом и ключами подключаются, но в чем именно косяк, понять не могу.

 "Конфигурация микротика"
# jul/17/2014 18:32:51 by RouterOS 6.15
# software id = 1UMX-W96B
#
/certificate
add common-name=Cert1 country=RU key-usage=digital-signature,key-encipherment,tls-server locality="Saint Petersburg" name=cert_1 organization=org state=SPb subject-alt-name=email:mail@company.ru \
trusted=yes unit=home
add common-name=Cert1 country=RU locality="Saint Petersburg" name=cert_2 organization=org state=SPb subject-alt-name=email:mail@company.ru trusted=yes unit=home
/interface bridge
add l2mtu=1598 name=bridge-wifi protocol-mode=none
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-ht-above disabled=no ht-rxchains=0 ht-txchains=0 l2mtu=2290 mode=ap-bridge ssid=RD-Dev
/interface ethernet
set [ find default-name=ether1 ] master-port=ether5
set [ find default-name=ether2 ] master-port=ether5
set [ find default-name=ether3 ] master-port=ether5
set [ find default-name=ether4 ] master-port=ether5
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa2-psk mode=dynamic-keys wpa2-pre-shared-key=dfg54trdefg45
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=3des
/ip pool
add name=ovpn ranges=172.21.108.2-172.21.108.14
/port
set 0 name=serial0
/ppp profile
add local-address=172.21.108.1 name=ovpn remote-address=ovpn
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface bridge port
add bridge=bridge-wifi interface=ether5
add bridge=bridge-wifi interface=wlan1
/interface ovpn-server server
set certificate=cert_1 cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn enabled=yes mode=ethernet require-client-certificate=yes
/ip address
add address=192.168.107.10/24 interface=ether5 network=192.168.107.0
/ip dns
set servers=192.168.107.200
/ip route
add distance=1 gateway=192.168.107.1
/ip upnp
set allow-disable-external-interface=no
/lcd
set time-interval=weekly
/lcd interface
set sfp1 interface=sfp1
set ether1 interface=ether1
set ether2 interface=ether2
set ether3 interface=ether3
set ether4 interface=ether4
set ether5 interface=ether5
set ether6 interface=ether6
set ether7 interface=ether7
set ether8 interface=ether8
set ether9 interface=ether9
set ether10 interface=ether10
set wlan1 interface=wlan1
/ppp secret
add name=test password=testtest profile=ovpn service=ovpn
/system clock manual
set time-zone=+04:00
/system ntp client
set enabled=yes primary-ntp=192.168.107.200

Буду благодарен за помощь!


Ответить