OpenVPN: Mikrotik — server, OpenWRT — client, как связать?

Есть рабочий OpenVPN server на Mikrotik (x86 arch), подключаюсь с любых клиентов: Ubuntu (x64), Debian (ARM), Android 4.4.2 (ARM), Windows 7 (x64) но только не с OpenWRT (MIPS, Barrier Breaker 14.07, D-Link DIR-825 C1 rev). При смене платформы конфиг не менял, работает отлично.
Конфиг:
client

remote 127.0.0.1 1194

proto tcp
dev tap

persist-key
persist-tun

ca ca.crt
cert MikroTik_OpenVPN_Client.crt
key MikroTik_OpenVPN_Client.key

script-security 2 system
up /etc/openvpn/routes
log /var/log/openvpn.log

verb 5
auth-user-pass auth.cfg

лог при verb 10:
Sun Feb 22 20:46:28 2015 us=93066 WARNING: No server certificate verification method has been enabled. See openvpn.net/howto.html#mitm for more info.
Sun Feb 22 20:46:28 2015 us=93325 Re-using SSL/TLS context
Sun Feb 22 20:46:28 2015 us=93938 Control Channel MTU parms [ L:1575 D:140 EF:40 EB:0 ET:0 EL:0 ]
Sun Feb 22 20:46:28 2015 us=94210 Socket Buffers: R=[87380->131072] S=[16384->131072]
Sun Feb 22 20:46:28 2015 us=94398 Data Channel MTU parms [ L:1575 D:1450 EF:43 EB:4 ET:32 EL:0 ]
Sun Feb 22 20:46:28 2015 us=94563 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1194 [nonblock]
Sun Feb 22 20:46:29 2015 us=95106 TCP connection established with [AF_INET]127.0.0.1:1194
Sun Feb 22 20:46:29 2015 us=95297 TCPv4_CLIENT link local: [undef]
Sun Feb 22 20:46:29 2015 us=95436 TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:1194
Sun Feb 22 20:46:29 2015 us=95686 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=95958 TCPv4_CLIENT WRITE [14] to [AF_INET]127.0.0.1:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=2ea43bb4 7ab924a5 [ ] pid=0 DATA
Sun Feb 22 20:46:29 2015 us=96213 TCPv4_CLIENT write returned 16
Sun Feb 22 20:46:29 2015 us=96743 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=96944 TCPv4_CLIENT read returned 14
Sun Feb 22 20:46:29 2015 us=97196 TCPv4_CLIENT READ [14] from [AF_INET]127.0.0.1:1194: P_CONTROL_HARD_RESET_SERVER_V2 kid=0 sid=a1a6943c 252e2fe7 [ ] pid=0 DATA
Sun Feb 22 20:46:29 2015 us=97392 TLS: Initial packet from [AF_INET]127.0.0.1:1194, sid=a1a6943c 252e2fe7
Sun Feb 22 20:46:29 2015 us=97591 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=97895 TCPv4_CLIENT WRITE [26] to [AF_INET]127.0.0.1:1194: P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=2ea43bb4 7ab924a5 [ 0 sid=a1a6943c 252e2fe7 ] pid=0 DATA
Sun Feb 22 20:46:29 2015 us=98042 TCPv4_CLIENT write returned 28
Sun Feb 22 20:46:29 2015 us=110711 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=110918 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=111206 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 0 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=111725 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=112532 TCPv4_CLIENT WRITE [114] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=2ea43bb4 7ab924a5 [ ] pid=1 DATA 16030100 a5010000 a10301a1 ee37a1b9 d860317a 237bdf29 e1a2ef1e 51b5970[more...]
Sun Feb 22 20:46:29 2015 us=112683 TCPv4_CLIENT write returned 116
Sun Feb 22 20:46:29 2015 us=112995 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=113694 TCPv4_CLIENT WRITE [84] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=2ea43bb4 7ab924a5 [ ] pid=2 DATA c00dc003 000a0015 00120009 00140011 00080006 000300ff 02010000 29000b0[more...]
Sun Feb 22 20:46:29 2015 us=113880 TCPv4_CLIENT write returned 86
Sun Feb 22 20:46:29 2015 us=175625 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=175832 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=176119 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 1 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=190086 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=190297 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=190588 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 2 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=190918 TCPv4_CLIENT read returned 1275
Sun Feb 22 20:46:29 2015 us=197923 TCPv4_CLIENT READ [1275] from [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=a1a6943c 252e2fe7 [ ] pid=1 DATA 16030100 56020000 520301a7 fed7bc0f 1056caf2 1c0f9df6 cd9e15d3 5f228fe[more...]
Sun Feb 22 20:46:29 2015 us=201667 VERIFY OK: depth=1, C=UA, ST=UA, L=XXX, O=YYY, OU=IT Dep, CN=YYY CA, name=Mikrotik_OpenVPN, emailAddress=example@info.com
Sun Feb 22 20:46:29 2015 us=204419 VERIFY OK: depth=0, C=UA, ST=UA, L=XXX, O=YYY, OU=IT Dep, CN=MikroTik_OpenVPN_Server, name=Mikrotik_OpenVPN, emailAddress=example@info.com
Sun Feb 22 20:46:29 2015 us=208779 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=209645 TCPv4_CLIENT WRITE [126] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=2ea43bb4 7ab924a5 [ 1 sid=a1a6943c 252e2fe7 ] pid=3 DATA 16030100 86100000 820080aa 83688504 369d90d2 6a2be6cf 0df1ebcd 959357c[more...]
Sun Feb 22 20:46:29 2015 us=209925 TCPv4_CLIENT write returned 128
Sun Feb 22 20:46:29 2015 us=210281 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=211066 TCPv4_CLIENT WRITE [112] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=2ea43bb4 7ab924a5 [ ] pid=4 DATA 76c6ea59 585cee60 07bd6852 196cc68b 4a9feb46 43615619 e9c8040f 3fb404e[more...]
Sun Feb 22 20:46:29 2015 us=211209 TCPv4_CLIENT write returned 114
Sun Feb 22 20:46:29 2015 us=224351 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=224555 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=224939 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 3 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=238795 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=238993 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=239277 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 4 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=289176 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=289412 TCPv4_CLIENT read returned 73
Sun Feb 22 20:46:29 2015 us=289972 TCPv4_CLIENT READ [73] from [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=a1a6943c 252e2fe7 [ ] pid=2 DATA 14030100 01011603 010030a1 392018a9 f52552e4 3e714508 720b78db 36638ec[more...]
Sun Feb 22 20:46:29 2015 us=291570 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=292463 TCPv4_CLIENT WRITE [126] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=2ea43bb4 7ab924a5 [ 2 sid=a1a6943c 252e2fe7 ] pid=5 DATA 17030100 20d556f6 2aa440bb 85d4b592 818c46cb 0c96f3f6 5e3f33f4 127b1b2[more...]
Sun Feb 22 20:46:29 2015 us=292724 TCPv4_CLIENT write returned 128
Sun Feb 22 20:46:29 2015 us=292983 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=293769 TCPv4_CLIENT WRITE [114] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=2ea43bb4 7ab924a5 [ ] pid=6 DATA 18905cd1 24ef3e5a 6dab1378 e8fea8c8 2904a59b cfcd5123 eecdece6 28804cf[more...]
Sun Feb 22 20:46:29 2015 us=293919 TCPv4_CLIENT write returned 116
Sun Feb 22 20:46:29 2015 us=294138 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=294803 TCPv4_CLIENT WRITE [80] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0 sid=2ea43bb4 7ab924a5 [ ] pid=7 DATA 9ccd55ac b53205b0 26be6f7e 128848ef 3e93c2e6 e24eba46 72c8c29e f73f564[more...]
Sun Feb 22 20:46:29 2015 us=295007 TCPv4_CLIENT write returned 82
Sun Feb 22 20:46:29 2015 us=307178 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=307384 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=307669 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 5 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=321472 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=321671 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=321954 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 6 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=369054 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=369258 TCPv4_CLIENT read returned 22
Sun Feb 22 20:46:29 2015 us=369542 TCPv4_CLIENT READ [22] from [AF_INET]127.0.0.1:1194: P_ACK_V1 kid=0 sid=a1a6943c 252e2fe7 [ 7 sid=2ea43bb4 7ab924a5 ]
Sun Feb 22 20:46:29 2015 us=381259 event_wait returned 1
Sun Feb 22 20:46:29 2015 us=381446 Connection reset, restarting [0]
Sun Feb 22 20:46:29 2015 us=382241 TCP/UDP: Closing socket
Sun Feb 22 20:46:29 2015 us=382623 SIGUSR1[soft,connection-reset] received, process restarting
Sun Feb 22 20:46:29 2015 us=382787 Restart pause, 5 second(s)

Где может быть проблема?
  • Вопрос задан
  • 4745 просмотров
Решения вопроса 1
@just_a_man Автор вопроса
Есть источник проблем: микротик использует openssl 0.9.8 (2005), убунта 1.0.1f(2014), а openwrt 1.0.2 (2015). В сети написано что новая версия openssl не имеет поддержки старых версий, отсюда и проблемы.
Ответ написан
Комментировать
Пригласить эксперта
Ответы на вопрос 1
ifaustrue
@ifaustrue
Пишу интересное в теллеграмм канале @cooladmin
Строка
remote 127.0.0.1 1194
явно с ошибкой.
Об этом говорит и лог:
Sun Feb 22 20:46:29 2015 us=211066 TCPv4_CLIENT WRITE [112] to [AF_INET]127.0.0.1:1194: P_CONTROL_V1 kid=0
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы