[操作疑難] RouterOS OVPN求教

  1. Fri Jun 03 22:06:45 2016 OpenVPN 2.3.11 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on May 10 2016
  2. Fri Jun 03 22:06:45 2016 Windows version 6.1 (Windows 7) 64bit
  3. Fri Jun 03 22:06:45 2016 library versions: OpenSSL 1.0.1t  3 May 2016, LZO 2.09
  4. Enter Management Password:
  5. Fri Jun 03 22:06:45 2016 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343
  6. Fri Jun 03 22:06:45 2016 Need hold release from management interface, waiting...
  7. Fri Jun 03 22:06:45 2016 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25343
  8. Fri Jun 03 22:06:45 2016 MANAGEMENT: CMD 'state on'
  9. Fri Jun 03 22:06:45 2016 MANAGEMENT: CMD 'log all on'
  10. Fri Jun 03 22:06:45 2016 MANAGEMENT: CMD 'hold off'
  11. Fri Jun 03 22:06:45 2016 MANAGEMENT: CMD 'hold release'
  12. Fri Jun 03 22:06:45 2016 WARNING: --ping should normally be used with --ping-restart or --ping-exit
  13. Fri Jun 03 22:06:45 2016 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
  14. Fri Jun 03 22:06:45 2016 Socket Buffers: R=[8192->8192] S=[8192->8192]
  15. Fri Jun 03 22:06:45 2016 MANAGEMENT: >STATE:1464962805,RESOLVE,,,
  16. Fri Jun 03 22:06:46 2016 Attempting to establish TCP connection with [AF_INET]RemoteIP:1194 [nonblock]
  17. Fri Jun 03 22:06:46 2016 MANAGEMENT: >STATE:1464962806,TCP_CONNECT,,,
  18. Fri Jun 03 22:06:47 2016 TCP connection established with [AF_INET]RemoteIP:1194
  19. Fri Jun 03 22:06:47 2016 TCPv4_CLIENT link local: [undef]
  20. Fri Jun 03 22:06:47 2016 TCPv4_CLIENT link remote: [AF_INET]RemoteIP:1194
  21. Fri Jun 03 22:06:47 2016 MANAGEMENT: >STATE:1464962807,WAIT,,,
  22. Fri Jun 03 22:06:47 2016 MANAGEMENT: >STATE:1464962807,AUTH,,,
  23. Fri Jun 03 22:06:47 2016 TLS: Initial packet from [AF_INET]58.152.193.210:1194, sid=e49a408a 40d7a85c
  24. Fri Jun 03 22:06:47 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
  25. Fri Jun 03 22:06:47 2016 OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
  26. Fri Jun 03 22:06:47 2016 TLS_ERROR: BIO read tls_read_plaintext error
  27. Fri Jun 03 22:06:47 2016 TLS Error: TLS object -> incoming plaintext read error
  28. Fri Jun 03 22:06:47 2016 TLS Error: TLS handshake failed
  29. Fri Jun 03 22:06:47 2016 Fatal TLS error (check_tls_errors_co), restarting
  30. Fri Jun 03 22:06:47 2016 SIGUSR1[soft,tls-error] received, process restarting
  31. Fri Jun 03 22:06:47 2016 MANAGEMENT: >STATE:1464962807,RECONNECTING,tls-error,,
  32. Fri Jun 03 22:06:47 2016 Restart pause, 5 second(s)
複製代碼
請問那裹出錯

係咪用最新Version Windows OpenVPN Client?

.ovpn 入面加
  1. cipher AES-256-CBC
  2. auth SHA1
複製代碼

TOP

是~~OpenVPN 2.3.11-- released on 2016.05.10

TOP

1. 個 vpn 有 bug 吾出奇
2. 要知有冇 set 錯野,最好列曬 server 同 client 既 config 出黎。

TOP

1. 個 vpn 有 bug 吾出奇
2. 要知有冇 set 錯野,最好列曬 server 同 client 既 config 出黎。 ...
milanolarry 發表於 2016-6-4 14:21


Windows Client
  1. proto tcp-client

  2. remote RemoteIP 1194 # Remote OpenVPN Servername or IP address
  3. dev tap

  4. nobind
  5. persist-key

  6. tls-client
  7. ca ca.crt # Root certificate in the same directory as this configuration file.
  8. cert client.crt
  9. key  client.key

  10. ping 10
  11. verb 3

  12. cipher AES-256-CBC
  13. auth SHA1
  14. pull

  15. auth-user-pass auth.cfg
複製代碼
Server RouterOS v6.35.2
  1. [admin@MikroTik] /interface ovpn-server server> print
  2.                      enabled: yes
  3.                         port: 1194
  4.                         mode: ethernet
  5.                      netmask: 24
  6.                  mac-address: xx:xx:xx:xx:xx:xx
  7.                      max-mtu: 1500
  8.            keepalive-timeout: 60
  9.              default-profile: openvpn
  10.                  certificate: ca.crt_0
  11.   require-client-certificate: no
  12.                         auth: sha1,md5
  13.                       cipher: blowfish128,aes128,aes192,aes256
複製代碼

TOP

系Windows OpenVPN Client問題,你裝2.3.10個version 

TOP

系Windows OpenVPN Client問題,你裝2.3.10個version 
s886168 發表於 2016-6-4 19:04



    裝了2.3.10都是"TLS Error: TLS handshake failed"

TOP

裝了2.3.10都是"TLS Error: TLS handshake failed"
炎冬 發表於 2016-6-4 23:48



換CERT

TOP

裝了2.3.10都是"TLS Error: TLS handshake failed"
炎冬 發表於 2016-6-4 23:48



   我個OVPN
-----------------------------------------
client
dev tun
proto tcp
remote xxxx 1194
ca ca.crt
tls-client
keepalive 10 120
cipher AES-256-CBC
auth-user-pass auth.cfg
verb 3
redirect-gateway def1

---------------------------------------------
用2.3.10時就冇問題,轉咗2.3.11就連唔到

TOP

.ovpn 試下再加
  1. tls-cipher DEFAULT
複製代碼

TOP