Why drops the connection ovpn mikrotik?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
110 views
There are Mikrotik, 99% of connections from clients it is for pptp, but unfortunately some Internet service providers block pptp connection if the subscriber has no external IP.
Decided to raise it ovpn - found the most recent of those that are manual - https://www.youtube.com/channel/UCHBLOecDJKY2ICvjP...
did everything as his, i.e., generate the root certificate, server certificate, user - filled, and set in Mikrotik.
configured the ovpn profile on the client.
and that's hooked up and working. But no - after fifteen minutes (sometimes more) there is a disconnection in the logs Mikrotik writes:
ovpn,debug,error,l2tp,45288,46360,45288,19116,46020,poe-out,l2tp,info,76,debug, duplicate packet, dropping


I thought the problem with the new version of openvpn - downloaded the stable version 2.3.18
the problem has not disappeared. even recreate the key and re-filled on server/client

log ovpn client
Thu Apr 26 09:35:19 2018 OpenVPN 2.3.18 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Oct 26 2017
Thu Apr 26 09:35:19 2018 Windows version: 6.1 (Windows 7) 64bit
Thu Apr 26 09:35:19 2018 library versions: OpenSSL 1.0.2 l 25 May 2017, LZO 2.10
Enter Management Password:
Thu Apr 26 09:35:20 2018 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Thu Apr 26 09:35:20 2018 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Thu Apr 26 09:35:20 2018 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
Thu Apr 26 09:35:21 2018 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Apr 26 09:35:21 2018 TCPv4_CLIENT link local: [undef]
Thu Apr 26 09:35:21 2018 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Apr 26 09:35:21 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Apr 26 09:35:21 2018 VERIFY OK: depth=1, C=RU, ST=RD, L=mkala, O=mycompany, OU=OvpnVHall, CN=ca, name=ca emailAddress=my@mymail.com
Thu Apr 26 09:35:21 2018 VERIFY OK: nsCertType=SERVER
Thu Apr 26 09:35:21 2018 VERIFY OK: depth=0, C=RU, ST=RD, L=mkala, O=mycompany, OU=OvpnVHall, CN=server, name=server, emailAddress=my@mymail.com
Thu Apr 26 09:35:22 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr 26 09:35:22 2018 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 26 09:35:22 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr 26 09:35:22 2018 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 26 09:35:22 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Apr 26 09:35:22 2018 [server] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Apr 26 09:35:35 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 26 09:35:35 2018 open_tun, tt->ipv6=0
Thu Apr 26 09:35:35 2018 TAP-WIN32 device [local area Connection] opened: \\\\.\\Global\\{F21F8EC5-8E15-466B-81D9-AB2552870E0F}.tap
Thu Apr 26 09:35:35 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.30.0.2/255.255.255.0 on interface {F21F8EC5-8E15-466B-81D9-AB2552870E0F} [DHCP-serv: 172.30.0.0, lease-time: 31536000]
Thu Apr 26 09:35:35 2018 Successful ARP Flush on interface [19] {F21F8EC5-8E15-466B-81D9-AB2552870E0F}
Thu Apr 26 09:35:37 2018 env_block: add PATH=C:\\Windows\\System32;C:\\Windows;C:\\Windows\\System32\\Wbem
Thu Apr 26 09:35:37 2018 Initialization Sequence Completed
Thu Apr 26 09:36:53 2018 Connection reset, restarting [-1]
Thu Apr 26 09:36:53 2018 env_block: add PATH=C:\\Windows\\System32;C:\\Windows;C:\\Windows\\System32\\Wbem
Thu Apr 26 09:36:53 2018 Closing TUN/TAP interface
Thu Apr 26 09:36:53 2018 SIGUSR1[soft,connection-reset] received, process restarting
Thu Apr 26 09:36:58 2018 WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
Thu Apr 26 09:36:58 2018 Attempting to establish TCP connection with [AF_INET]xxx.xxx.xxx.xxx:1194 [nonblock]
Thu Apr 26 09:36:59 2018 TCP connection established with [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Apr 26 09:36:59 2018 TCPv4_CLIENT link local: [undef]
Thu Apr 26 09:36:59 2018 TCPv4_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Apr 26 09:37:00 2018 VERIFY OK: depth=1, C=RU, ST=RD, L=mkala, O=mycompany, OU=OvpnVHall, CN=ca, name=ca emailAddress=my@mymail.com
Thu Apr 26 09:37:00 2018 VERIFY OK: nsCertType=SERVER
Thu Apr 26 09:37:00 2018 VERIFY OK: depth=0, C=RU, ST=RD, L=mkala, O=mycompany, OU=OvpnVHall, CN=server, name=server, emailAddress=my@mymail.com
Thu Apr 26 09:37:00 2018 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr 26 09:37:00 2018 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 26 09:37:00 2018 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Thu Apr 26 09:37:00 2018 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Apr 26 09:37:00 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Apr 26 09:37:00 2018 [server] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1194
Thu Apr 26 09:37:13 2018 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Thu Apr 26 09:37:13 2018 open_tun, tt->ipv6=0
Thu Apr 26 09:37:13 2018 TAP-WIN32 device [local area Connection] opened: \\\\.\\Global\\{F21F8EC5-8E15-466B-81D9-AB2552870E0F}.tap
Thu Apr 26 09:37:13 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 172.30.0.10/255.255.255.0 on interface {F21F8EC5-8E15-466B-81D9-AB2552870E0F} [DHCP-serv: 172.30.0.0, lease-time: 31536000]
Thu Apr 26 09:37:13 2018 Successful ARP Flush on interface [19] {F21F8EC5-8E15-466B-81D9-AB2552870E0F}
Thu Apr 26 09:37:15 2018 env_block: add PATH=C:\\Windows\\System32;C:\\Windows;C:\\Windows\\System32\\Wbem
Thu Apr 26 09:37:15 2018 Initialization Sequence Completed
Thu Apr 26 09:37:27 2018 env_block: add PATH=C:\\Windows\\System32;C:\\Windows;C:\\Windows\\System32\\Wbem
Thu Apr 26 09:37:27 2018 Closing TUN/TAP interface
Thu Apr 26 09:37:27 2018 SIGTERM[hard,] received, process exiting
by | 110 views

2 Answers

0 like 0 dislike
Pavel Selivanov in General, in the morning this way and that tried, and decided to change in the config cipher is AES-256-CBC used AES-128-CBC. don't know if that's what it is - but after 10 mins normal flight
by
0 like 0 dislike
In the config client ping 10, and the mikrotik config keepalive-timeout is 60. You can try to temporarily turn off here and there. And put on the client once 5, to see what happens.

Well, the configs should try a take from the official documentation: https://wiki.mikrotik.com/wiki/OpenVPN
by

Related questions

110,608 questions
257,187 answers
0 comments
40,796 users