@Juchok

OpenVPN для Mikrotik — В чем разница между настройками для MacOS и Windows?

Здравствуйте.
Проблема такая. На Mikrotik (RouterOS 6) настроил OpenVPN сервер. Есть несколько компов - MacOS и Windows. На MacOS всё завелось нормально (клиент - Tunnelblick). С тем-же конфигом на Windows не подключается ни в какую. OpenVPN Connect вообще толком ничего не сообщает ("Неизвестный аргумент" - больше ничего не пишет. Типа, конфиг ему не нравится).
Поставил OpenVPN GUI и ниже представлен его лог:

Sun Oct  8 20:38:51 2023 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations. 
Sun Oct  8 20:38:51 2023 OpenVPN 2.6.6 [git:v2.6.6/c9540130121bfc21] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Aug 15 2023
Sun Oct  8 20:38:51 2023 Windows version 10.0 (Windows 10 or greater), amd64 executable
Sun Oct  8 20:38:51 2023 library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
Sun Oct  8 20:38:51 2023 DCO version: v0
Sun Oct  8 20:38:51 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sun Oct  8 20:38:51 2023 Need hold release from management interface, waiting...
Sun Oct  8 20:38:51 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:59643
Sun Oct  8 20:38:52 2023 MANAGEMENT: CMD 'state on'
Sun Oct  8 20:38:52 2023 MANAGEMENT: CMD 'log on all'
Sun Oct  8 20:38:52 2023 MANAGEMENT: CMD 'echo on all'
Sun Oct  8 20:38:52 2023 MANAGEMENT: CMD 'bytecount 5'
Sun Oct  8 20:38:52 2023 MANAGEMENT: CMD 'state'
Sun Oct  8 20:38:52 2023 MANAGEMENT: CMD 'hold off'
Sun Oct  8 20:38:52 2023 MANAGEMENT: CMD 'hold release'
Sun Oct  8 20:38:54 2023 MANAGEMENT: CMD 'username "Auth" "[username]"'
Sun Oct  8 20:38:54 2023 MANAGEMENT: CMD 'password [...]'
Sun Oct  8 20:38:54 2023 MANAGEMENT: CMD 'password [...]'
Sun Oct  8 20:38:54 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct  8 20:38:54 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:38:54 2023 ovpn-dco device [OpenVPN Data Channel Offload] opened
Sun Oct  8 20:38:54 2023 TCP_CLIENT link local: (not bound)
Sun Oct  8 20:38:54 2023 TCP_CLIENT link remote: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:38:54 2023 MANAGEMENT: >STATE:1696786734,WAIT,,,,,,
Sun Oct  8 20:38:54 2023 MANAGEMENT: >STATE:1696786734,AUTH,,,,,,
Sun Oct  8 20:38:54 2023 TLS: Initial packet from [AF_INET]85.93.xxx.xxx:1194, sid=03c928e7 e96720f0
Sun Oct  8 20:38:54 2023 VERIFY OK: depth=1, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ca
Sun Oct  8 20:38:54 2023 VERIFY KU OK
Sun Oct  8 20:38:54 2023 Validating certificate extended key usage
Sun Oct  8 20:38:54 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct  8 20:38:54 2023 VERIFY EKU OK
Sun Oct  8 20:38:54 2023 VERIFY OK: depth=0, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ovpn-server
Sun Oct  8 20:39:54 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct  8 20:39:54 2023 TLS Error: TLS handshake failed
Sun Oct  8 20:39:54 2023 Fatal TLS error (check_tls_errors_co), restarting
Sun Oct  8 20:39:54 2023 Closing DCO interface
Sun Oct  8 20:39:54 2023 SIGUSR1[soft,tls-error] received, process restarting
Sun Oct  8 20:39:54 2023 MANAGEMENT: >STATE:1696786794,RECONNECTING,tls-error,,,,,
Sun Oct  8 20:39:54 2023 Restart pause, 1 second(s)
Sun Oct  8 20:39:55 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:39:55 2023 ovpn-dco device [OpenVPN Data Channel Offload] opened
Sun Oct  8 20:39:55 2023 TCP_CLIENT link local: (not bound)
Sun Oct  8 20:39:55 2023 TCP_CLIENT link remote: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:39:55 2023 MANAGEMENT: >STATE:1696786795,WAIT,,,,,,
Sun Oct  8 20:39:55 2023 MANAGEMENT: >STATE:1696786795,AUTH,,,,,,
Sun Oct  8 20:39:55 2023 TLS: Initial packet from [AF_INET]85.93.xxx.xxx:1194, sid=d88cdddb 18edc2dc
Sun Oct  8 20:39:55 2023 VERIFY OK: depth=1, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ca
Sun Oct  8 20:39:55 2023 VERIFY KU OK
Sun Oct  8 20:39:55 2023 Validating certificate extended key usage
Sun Oct  8 20:39:55 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct  8 20:39:55 2023 VERIFY EKU OK
Sun Oct  8 20:39:55 2023 VERIFY OK: depth=0, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ovpn-server
Sun Oct  8 20:40:55 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Oct  8 20:40:55 2023 TLS Error: TLS handshake failed
Sun Oct  8 20:40:55 2023 Fatal TLS error (check_tls_errors_co), restarting
Sun Oct  8 20:40:55 2023 Closing DCO interface
Sun Oct  8 20:40:55 2023 SIGUSR1[soft,tls-error] received, process restarting
Sun Oct  8 20:40:55 2023 MANAGEMENT: >STATE:1696786855,RECONNECTING,tls-error,,,,,
Sun Oct  8 20:40:55 2023 Restart pause, 1 second(s)
Sun Oct  8 20:40:56 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:40:56 2023 ovpn-dco device [OpenVPN Data Channel Offload] opened
Sun Oct  8 20:40:56 2023 TCP_CLIENT link local: (not bound)
Sun Oct  8 20:40:56 2023 TCP_CLIENT link remote: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:40:56 2023 MANAGEMENT: >STATE:1696786856,WAIT,,,,,,
Sun Oct  8 20:40:56 2023 MANAGEMENT: >STATE:1696786856,AUTH,,,,,,
Sun Oct  8 20:40:56 2023 TLS: Initial packet from [AF_INET]85.93.xxx.xxx:1194, sid=ce95c738 dfc8e56e
Sun Oct  8 20:40:56 2023 VERIFY OK: depth=1, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ca
Sun Oct  8 20:40:56 2023 VERIFY KU OK
Sun Oct  8 20:40:56 2023 Validating certificate extended key usage
Sun Oct  8 20:40:56 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct  8 20:40:56 2023 VERIFY EKU OK
Sun Oct  8 20:40:56 2023 VERIFY OK: depth=0, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ovpn-server
Sun Oct  8 20:40:57 2023 Connection reset, restarting [-1]
Sun Oct  8 20:40:57 2023 Closing DCO interface
Sun Oct  8 20:40:57 2023 SIGUSR1[soft,connection-reset] received, process restarting
Sun Oct  8 20:40:57 2023 MANAGEMENT: >STATE:1696786857,RECONNECTING,connection-reset,,,,,
Sun Oct  8 20:40:57 2023 Restart pause, 1 second(s)
Sun Oct  8 20:40:58 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:40:58 2023 ovpn-dco device [OpenVPN Data Channel Offload] opened
Sun Oct  8 20:40:58 2023 TCP_CLIENT link local: (not bound)
Sun Oct  8 20:40:58 2023 TCP_CLIENT link remote: [AF_INET]85.93.xxx.xxx:1194
Sun Oct  8 20:40:58 2023 MANAGEMENT: >STATE:1696786858,WAIT,,,,,,
Sun Oct  8 20:40:58 2023 MANAGEMENT: >STATE:1696786858,AUTH,,,,,,
Sun Oct  8 20:40:58 2023 TLS: Initial packet from [AF_INET]85.93.xxx.xxx:1194, sid=7ba96059 88a0adfc
Sun Oct  8 20:40:58 2023 VERIFY OK: depth=1, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ca
Sun Oct  8 20:40:58 2023 VERIFY KU OK
Sun Oct  8 20:40:58 2023 Validating certificate extended key usage
Sun Oct  8 20:40:58 2023 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Oct  8 20:40:58 2023 VERIFY EKU OK
Sun Oct  8 20:40:58 2023 VERIFY OK: depth=0, C=RU, ST=77, L=MOSCOW, O=Inzproject-21, OU=GENERAL, CN=ovpn-server
  • Вопрос задан
  • 408 просмотров
Пригласить эксперта
Ответы на вопрос 1
b1ora
@b1ora
Контакты в профиле
Нужно смотреть сторону MikroTik и сам конфиг.
Подозреваю, что Tunnelblick как-то по другому работает с сертификатом.
Сертификат в конфиге присутствует?
Ответ написан
Комментировать
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы