BREBER: tcp tam je, o je dobre, co komprese? ta nesmi byt povolena

MIKZ: práve že nic, server je na Mikrotiku, ale je tam je TCP connection established from...a to stále dokola, jak se zkousu klient pripojit

BREBER: a server říká něco?

AHARAZ: tady je, jen podotykam, ze jsem k tomuto reseni byl vicemene dotlacen...mel jsem tam PPTP, ale to nevyhovuje :-(

log:

Thu Jun 16 10:42:46 2011 OpenVPN 2.1.1 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Dec 11 2009
Thu Jun 16 10:42:46 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 16 10:42:46 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 16 10:42:46 2011 LZO compression initialized
Thu Jun 16 10:42:46 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 16 10:42:47 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 16 10:42:47 2011 Local Options hash (VER=V4): '69109d17'
Thu Jun 16 10:42:47 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Jun 16 10:42:47 2011 Attempting to establish TCP connection with 212.71.152.195:1194
Thu Jun 16 10:42:47 2011 TCP connection established with 212.71.152.195:1194
Thu Jun 16 10:42:47 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jun 16 10:42:47 2011 TCPv4_CLIENT link local: [undef]
Thu Jun 16 10:42:47 2011 TCPv4_CLIENT link remote: 212.71.152.195:1194
Thu Jun 16 10:42:48 2011 Connection reset, restarting [-1]
Thu Jun 16 10:42:48 2011 TCP/UDP: Closing socket
Thu Jun 16 10:42:48 2011 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jun 16 10:42:48 2011 Restart pause, 5 second(s)
Thu Jun 16 10:42:53 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 16 10:42:53 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 16 10:42:53 2011 Re-using SSL/TLS context
Thu Jun 16 10:42:53 2011 LZO compression initialized
Thu Jun 16 10:42:53 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 16 10:42:53 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 16 10:42:53 2011 Local Options hash (VER=V4): '69109d17'
Thu Jun 16 10:42:53 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Jun 16 10:42:53 2011 Attempting to establish TCP connection with 212.71.152.195:1194
Thu Jun 16 10:42:53 2011 TCP connection established with 212.71.152.195:1194
Thu Jun 16 10:42:53 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Thu Jun 16 10:42:53 2011 TCPv4_CLIENT link local: [undef]
Thu Jun 16 10:42:53 2011 TCPv4_CLIENT link remote: 212.71.152.195:1194
Thu Jun 16 10:42:53 2011 Connection reset, restarting [0]
Thu Jun 16 10:42:53 2011 TCP/UDP: Closing socket
Thu Jun 16 10:42:53 2011 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jun 16 10:42:53 2011 Restart pause, 5 second(s)
Thu Jun 16 10:42:58 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 16 10:42:58 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 16 10:42:58 2011 Re-using SSL/TLS context
Thu Jun 16 10:42:58 2011 LZO compression initialized
Thu Jun 16 10:42:58 2011 Control Channel MTU parms [ L:1544 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jun 16 10:42:58 2011 Data Channel MTU parms [ L:1544 D:1450 EF:44 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jun 16 10:42:58 2011 Local Options hash (VER=V4): '69109d17'
Thu Jun 16 10:42:58 2011 Expected Remote Options hash (VER=V4): 'c0103fa8'
Thu Jun 16 10:42:58 2011 Attempting to establish TCP connection with 212.71.152.195:1194
Thu Jun 16 10:42:58 2011 TCP/UDP: Closing socket
Thu Jun 16 10:42:58 2011 SIGTERM[hard,init_instance] received, process exiting

AHARAZ: ja delal certifikaty rovnez pres easy-rsa na win z OpenVPN .net

log hodim

BREBER: Jen z WinXP? koukal jsi jake jine tunely MK umi, je OpenVPN spravna volba? To se mne vzdycky ptali ostatni ;-)
Ad spojeni muzes-li dej konec logu z klienta.

MARECEK: Ja vzdy delal certifikaty pomoci easy-rsa na Linuxu, jinou zkusenost nemam...

MARECEK: vlastní CA a vlastní certifikáty
tak to dělám já

BREBER: resim ted uplne to samy.... mate nekdo nejakej lepsi postup nez je na wiki mikrotiku? hlavne okolo tech certifikatu...

se mi klient pripoji, probehne nejaky inicializacni proces, ale pak je spojeni resetovano a klient se spojuje znova :-(
nedojde ani na heslo a td

AHARAZ: optrebuju na MK rozjet OVPN ke kterymu se budu pripojovat z WinXP

BREBER: jj bezi mi tunel Mikrotik, Mikrotik i jsem pouzival Mirkotik Win Vista

dotaz: rozchodil jste nekdo na Mikrotiku OVPN server? Mě se to nejak nedaří :-(

MARECEK: Zkus na test vypnout to overovani MAC adres... pokud nepomuze, tak nekompatibilita chipsetu wifin...

rad bych vas poprosil o radu...
mam na mikrotiku rozjety ap a vsechno mi funguje uplne v pohode. jediny s cim mam problem je jedno zarizeni ktery se pripojuje pres wifi.
co par vterin mi zaloguje "<DEV>: data from unknown device <MAC>, sent deauth [(XXX events suppressed, YYY deauths suppressed)]"
samozrejme s doplnenejma promennejma... :-)
a popis tyhle hlasky "The likely cause of such a message is that the Station previously connected to the AP, which does not yet know it has been dropped from AP registration table, sending data to AP. Deauthentication message tells the Station that it is no longer connected."

podle mac adresy jsem zjistil ze se jedna o moji blackberry ale nevim proc se tohle deje vzhledem k tomu ze mac adresa je v registraci povolena, pripojeni a autorizace z telefonu taky probehla ok a telefon se tvari ze je z jeho pohledu vsechno ok...
Nejaka rada kde hledat problem nebo co zkusit?

MARECEK: aktuální verze není a nebude

existuje nekde nejakej aktualni seznam viru a wormu a jejich beznejch portu?
Vice mene shanim to co je tady: http://wiki.mikrotik.com/wiki/Protecting_your_customers ale nejakou aktualnejsi verzi...

MARECEK: ne, to ne - to USB je tam kvuli 3G modemu

NETWORK: na to moje vyuziti to bude bohate stacit - budu to mit osazeny jenom jednou wlankou...
mate zkusenosti s vyuzitim tech usb??- umi to treba nasharovat disk a podobne?

MARECEK: jo, vcera sem tenhle kousek instaloval na site ;) vykonnostne je to vphode - jen je problem kdyz osadis vsechny 3miniPCI sloty na 5Ghz - rusi se to mezi sebou.. proto vzdy max 2x 5Ghz (ve vzdalenejsich slotech) a mezi nimi 2,4G...