Jump to content
Калькуляторы

mikrotik openvpn server

Подскажите пожалуйста, кто имел дело с настройкой openvpn на микротике?

Пытаюсь настроить openvpn server на микротике и подключить к нему клиента (windows).

 

Конфиг сервера такой:

post-118437-069015400 1391273117_thumb.png post-118437-039874300 1391273118_thumb.png post-118437-010994800 1391273119_thumb.png post-118437-078933100 1391273119_thumb.png

 

 

Конфиг клиента:

proto tcp-client
remote xxx.xxx.xxx.xxx 1194
dev tun
nobind
persist-key
tls-client
ca ca.crt
cert keys/client.crt
key keys/client.key
ping 10
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass auth.cfg

 

 

На клиенте получаю ошибку:

 

Sat Feb 01 22:52:06 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Feb 01 22:52:11 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Feb 01 22:52:16 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Feb 01 22:52:16 2014 PUSH: Received control message: 'PUSH_REPLY,ping 20,ping-restart 60,route 192.168.16.0 255.255.255.248,ifconfig 192.168.16.5 192.168.16.1'
Sat Feb 01 22:52:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sat Feb 01 22:52:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sat Feb 01 22:52:16 2014 OPTIONS IMPORT: route options modified
Sat Feb 01 22:52:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Feb 01 22:52:16 2014 MANAGEMENT: >STATE:1391273536,ASSIGN_IP,,192.168.16.5,
Sat Feb 01 22:52:16 2014 MANAGEMENT: Client disconnected
Sat Feb 01 22:52:16 2014 There is a problem in your selection of --ifconfig endpoints [local=192.168.16.5, remote=192.168.16.1].  The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.  This is a limitation of --dev tun when used with the TAP-WIN32 driver.  Try 'openvpn --show-valid-subnets' option for more info.
Sat Feb 01 22:52:16 2014 Exiting due to fatal erro

 

Edited by matrix_ekb

Share this post


Link to post
Share on other sites
There is a problem in your selection of --ifconfig endpoints [local=192.168.16.5, remote=192.168.16.1]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.

 

т.е. нужно чтобы адреса клиента и сервера были из /30 подсети

Проще всего указать их в secrets

Local address - 192.168.16.1

Remote address - 192.168.16.2

для следующих клиентов

local - 192.168.16.5 потом 9 затем 13 и тд

remote - 192.168.16.6 потом 10 затем 14 и тд

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this