Jump to content
Калькуляторы

mikrotik openvpn server

Подскажите пожалуйста, кто имел дело с настройкой openvpn на микротике?

Пытаюсь настроить openvpn server на микротике и подключить к нему клиента (windows).

 

Конфиг сервера такой:

post-118437-069015400 1391273117_thumb.png post-118437-039874300 1391273118_thumb.png post-118437-010994800 1391273119_thumb.png post-118437-078933100 1391273119_thumb.png

 

 

Конфиг клиента:

proto tcp-client
remote xxx.xxx.xxx.xxx 1194
dev tun
nobind
persist-key
tls-client
ca ca.crt
cert keys/client.crt
key keys/client.key
ping 10
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass auth.cfg

 

 

На клиенте получаю ошибку:

 

Sat Feb 01 22:52:06 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Feb 01 22:52:11 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Feb 01 22:52:16 2014 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Feb 01 22:52:16 2014 PUSH: Received control message: 'PUSH_REPLY,ping 20,ping-restart 60,route 192.168.16.0 255.255.255.248,ifconfig 192.168.16.5 192.168.16.1'
Sat Feb 01 22:52:16 2014 OPTIONS IMPORT: timers and/or timeouts modified
Sat Feb 01 22:52:16 2014 OPTIONS IMPORT: --ifconfig/up options modified
Sat Feb 01 22:52:16 2014 OPTIONS IMPORT: route options modified
Sat Feb 01 22:52:16 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sat Feb 01 22:52:16 2014 MANAGEMENT: >STATE:1391273536,ASSIGN_IP,,192.168.16.5,
Sat Feb 01 22:52:16 2014 MANAGEMENT: Client disconnected
Sat Feb 01 22:52:16 2014 There is a problem in your selection of --ifconfig endpoints [local=192.168.16.5, remote=192.168.16.1].  The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.  This is a limitation of --dev tun when used with the TAP-WIN32 driver.  Try 'openvpn --show-valid-subnets' option for more info.
Sat Feb 01 22:52:16 2014 Exiting due to fatal erro

 

Edited by matrix_ekb

Share this post


Link to post
Share on other sites

There is a problem in your selection of --ifconfig endpoints [local=192.168.16.5, remote=192.168.16.1]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet.

 

т.е. нужно чтобы адреса клиента и сервера были из /30 подсети

Проще всего указать их в secrets

Local address - 192.168.16.1

Remote address - 192.168.16.2

для следующих клиентов

local - 192.168.16.5 потом 9 затем 13 и тд

remote - 192.168.16.6 потом 10 затем 14 и тд

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.