Community discussions

MikroTik App
  4. RouterOS
  5. General

OpenVPN Server Raspbian Jessie and Mikrotik RouterOS v6.36.4 as client, TLS Error

Post Reply
 
VecH
just joined
Topic Author
Posts: 4
Joined: Sun May 04, 2014 10:04 pm

OpenVPN Server Raspbian Jessie and Mikrotik RouterOS v6.36.4 as client, TLS Error

Sat Nov 19, 2016 7:53 pm

Raspbian Server config
Code: Select all
port 1194
proto tcp
dev tun1

server 10.10.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/ovpn/ipp.txt
client-config-dir /etc/openvpn/ovpn/ccd
ccd-exclusive

keepalive 10 60
cipher AES-256-CBC   # AES

client-to-client

#max-clients 20
user vpn
group vpn

persist-key
persist-tun
ping-timer-rem
status /etc/openvpn/ovpn/status-tcp.log
status-version 2

verb 1
mute 20

script-security 2

## ca.crt
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

## server.crt
<cert>
SKIP, SKIP, SKIP
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
SKIP, SKIP, SKIP
</cert>

## server.key
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>

## dh*.pem
<dh>
-----BEGIN DH PARAMETERS-----
-----END DH PARAMETERS-----
</dh>
client config
Code: Select all
[VecH@AgroLozing] > /certificate print 
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, 
I - issued, R - revoked, E - expired, T - trusted 
 #          NAME    COMMON-NAME    SUBJECT-ALT-NAME                                 FINGERPRINT   
 0        T ca.c... VecH Pro CA                                                     77bb064ca9c...
 1 K      T agro... agrolizing     DNS:agrolizing                                   035adbbec55...

[VecH@AgroLozing] > /interface ovpn-client print 
Flags: X - disabled, R - running 
 0  R name="ovpn-vech-pro" mac-address=02:20:19:CE:F6:AC max-mtu=1500 connect-to=domain.ru 
      port=1194 mode=ip user="agrolizing" password="" profile=default 
      certificate=agrolizing.crt_0 auth=sha1 cipher=aes256 add-default-route=no
On server always loop this error in log files from 2 RouterOS (v6.36.4) clients
Code: Select all
Nov 20 02:50:04 rpi ovpn-tcp[12251]: 176.114.16.35:43006 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:04 rpi ovpn-tcp[12251]: 176.114.16.35:43006 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:05 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]37.21.122.9:56078
Nov 20 02:50:06 rpi ovpn-tcp[12251]: 37.21.122.9:56078 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:06 rpi ovpn-tcp[12251]: 37.21.122.9:56078 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:09 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]176.114.16.35:43008
Nov 20 02:50:10 rpi ovpn-tcp[12251]: 176.114.16.35:43008 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:10 rpi ovpn-tcp[12251]: 176.114.16.35:43008 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:11 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]37.21.122.9:56080
Nov 20 02:50:12 rpi ovpn-tcp[12251]: 37.21.122.9:56080 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:12 rpi ovpn-tcp[12251]: 37.21.122.9:56080 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:15 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]176.114.16.35:43010
Nov 20 02:50:16 rpi ovpn-tcp[12251]: 176.114.16.35:43010 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:16 rpi ovpn-tcp[12251]: 176.114.16.35:43010 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:17 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]37.21.122.9:56082
Nov 20 02:50:18 rpi ovpn-tcp[12251]: 37.21.122.9:56082 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:18 rpi ovpn-tcp[12251]: 37.21.122.9:56082 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:21 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]176.114.16.35:43012
Nov 20 02:50:22 rpi ovpn-tcp[12251]: 176.114.16.35:43012 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:22 rpi ovpn-tcp[12251]: 176.114.16.35:43012 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:24 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]37.21.122.9:56084
Nov 20 02:50:24 rpi ovpn-tcp[12251]: 37.21.122.9:56084 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:24 rpi ovpn-tcp[12251]: 37.21.122.9:56084 Fatal TLS error (check_tls_errors_co), restarting
Nov 20 02:50:27 rpi ovpn-tcp[12251]: TCP connection established with [AF_INET]176.114.16.35:43014
From clients with another OS (Windows, Ubuntu, Raspbian, etc.). No error in log files

Quote
Code: Select all
Nov 20 02:50:24 rpi ovpn-tcp[12251]: 37.21.122.9:56084 TLS Error: reading acknowledgement record from packet
Nov 20 02:50:24 rpi ovpn-tcp[12251]: 37.21.122.9:56084 Fatal TLS error (check_tls_errors_co), restarting
Top
Post Reply
  4. RouterOS
  5. General