I have a Mikrotik routerboard in my home with several segregated VLANs (work/family/guest). Now I would like to run OpenVPN on the routerboard so I the kids can connect to our NAS while away at school and so that I can work remotely if needed. I followed the OpenVPN documentation on the wiki to set up the OpenVPN server, and installed the latest OpenVPN client on my Windows 7 laptop. I can connect from a remote location, but I get bumped off after less than a second and put into an endless cycle of reconnecting. In the RB logs there are three entries for each cycle of connect/disconnect:
#1 buffer: memory
topics: ovpn, info
message: TCP connection established from <ip address>
#2 buffer: memory
topics: ovpn, debug, error, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, ...
message: duplicate packet, dropping
#3 buffer: memory
topics: ovpn, debug, error, unknown, unknown, unknown, unknown, unknown, unknown, unknown, unknown, ...
message: L2TPDBG===>: duplicate packet, dropping
(L2TPDBG is a system logging prefix)
I am unable to open the individual error messages in my GUI; it appears they go on indefinitely and are too big for the browser to render.
Here are my settings in the RB. Does anyone have any suggestions for fixing or troubleshooting?
Code: Select all
# aug/27/2020 11:01:07 by RouterOS 6.45.5
# software id = L773-USV1
#
# model = RouterBOARD 750G r2
/interface ethernet
set [ find default-name=ether1 ] name=ether1-gateway speed=100Mbps
set [ find default-name=ether2 ] arp=proxy-arp name=ether2-vlan speed=100Mbps
/interface vlan
add interface=ether2-vlan name="vlan13 Work" vlan-id=12
add interface=ether2-vlan name="vlan14 Family" vlan-id=14
add interface=ether2-vlan name="vlan15 Guest Internet only" vlan-id=15
add arp=proxy-arp interface=ether2-vlan name="vlan18 OpenVPN" vlan-id=18
/ip pool
add name=dhcp ranges=192.168.88.150-192.168.88.254
add name=dhcp_pool3 ranges=192.168.3.151-192.168.3.180
add name=dhcp_pool4 ranges=192.168.4.151-192.168.4.180
add name=dhcp_vpn ranges=192.168.8.90-192.168.8.254
/ip dhcp-server
add address-pool=dhcp authoritative=after-2sec-delay disabled=no interface=\
ether2-vlan name=default
add address-pool=dhcp_pool3 authoritative=after-10sec-delay interface=\
"vlan13 Work" lease-time=6h name=dhcp3
add address-pool=dhcp_pool4 authoritative=after-2sec-delay disabled=no \
interface="vlan14 Family" lease-time=6h name=dhcp4
# Note: In the GUI, I added a DHCP server dhcp18 for VLAN18 OpenVPN with dhcp_vpn on 192.168.8.x. It is enabled, but it is grayed out in the GUI.
/ppp profile
add local-address=192.168.8.1 name=OpenVPNUser remote-address=dhcp_vpn
set *FFFFFFFE local-address=192.168.8.1 remote-address=dhcp_vpn
/interface l2tp-server server
set authentication=mschap1,mschap2 ipsec-secret=xxxxxxxx use-ipsec=yes
#Note: According to the GUI, this is disabled
/interface list member
add interface=ether2-vlan list=discover
add interface="vlan14 Family" list=discover
add interface="vlan13 Work" list=discover
add interface="vlan15 Guest Internet only" list=discover
add interface=ether2-vlan list=mactel
add interface=ether2-vlan list=mac-winbox
add interface=ether1-gateway list=WAN
add list=mactel
add interface="vlan18 OpenVPN" list=discover
/interface ovpn-server server
set auth=sha1 certificate=cmmoffice cipher=aes256 enabled=yes \
require-client-certificate=yes
/interface pptp-server server
set enabled=yes
/interface sstp-server server
set default-profile=default-encryption
/ip address
add address=192.168.88.1/24 comment="default configuration" interface=\
ether2-vlan network=192.168.88.0
add address=192.168.3.1/24 interface="vlan13 Work" network=\
192.168.3.0
add address=192.168.4.1/24 interface="vlan14 Family" network=192.168.4.0
add address=192.168.5.1/24 interface="vlan15 Guest Internet only" network=\
192.168.5.0
/ip cloud
set ddns-enabled=yes
/ip dhcp-server network
add address=192.168.3.0/24 dns-server=192.168.3.10,75.75.75.75,75.75.76.76 \
domain=cmmoffice.net gateway=192.168.3.1
add address=192.168.4.0/24 dns-server=192.168.4.10,75.75.75.75 domain=\
cmmoffice.net gateway=192.168.4.1 netmask=24
add address=192.168.8.0/24 dns-server=192.168.8.10 gateway=192.168.8.1
add address=192.168.88.0/24 comment="default configuration" gateway=\
192.168.88.1
/ip firewall filter
add action=accept chain=input comment=\
"default configuration - related established input" connection-state=\
established,related
add action=accept chain=input comment=\
"default configuration - allow ping etc." protocol=icmp
add action=accept chain=input comment="Allow OpenVPN" dst-port=1194 log=yes \
log-prefix="OVPN " protocol=tcp
add action=drop chain=input comment="default configuration" in-interface=\
ether1-gateway
add action=accept chain=forward comment=\
"default configuration - forward established related" connection-state=\
established,related
add action=drop chain=forward comment="default configuration" \
connection-state=invalid
add action=drop chain=forward comment="default configuration" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-gateway
/ip firewall nat
add action=masquerade chain=srcnat comment="masq. vpn traffic" src-address=\
192.168.89.0/24
/ppp secret
add local-address=192.168.8.1 name=mylaptop password=signals remote-address=\
192.168.8.63 service=ovpn
add local-address=192.168.8.1 name=SEJohnsen password=\
"xxxxxxxxxx" remote-address=192.168.8.63 service=ovpn
/system logging
add prefix="L2TPDBG===>" topics=l2tp
add prefix="IPSECDBG===>" topics=ipsec
Code: Select all
#Template client.ovpnclient
client
dev tun
proto tcp-client
remote <my fqnd>
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca cmmca2.crt
cert mylaptopovpn.crt
key mylaptopovpn.key
verb 4
mute 10
cipher AES-256-GCM
auth SHA1
auth-user-pass pppsecret.txt
auth-nocache