I want to connect my OpenVPN server (Ubuntu 16.4) in my office to my Mikrotik at home as client.
I already have OpenVPN server set based on this tutorial (link). If I try to connect it connects with OpenVPN client Windows app (no errors), and asks for username and password, with Client.ovpn added in Program Files/OpenVPN/config.
Here is my server.conf in OpenVPN server:
port 51333
proto tcp
dev tun5
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.20.10 255.255.255.255" #This is my server that I want to connect in Office
keepalive 10 120
tls-auth /etc/openvpn/ta.key
key-direction 0
cipher AES-256-CBC
auth SHA1
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
username-as-common-name
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so /etc/pam.d/openvpn
status /etc/openvpn/mikrotik.log
verb 5
mute-replay-warnings
client-config-dir ccd
management localhost 7505
Here is my configuration of base.conf in OpenVPN server (Ubuntu) for creating client.ovpn files:
client
dev tun
proto tcp
remote mydomain.com 51333 #in my DNS I redirect this domain to my public static domain in office there in firewall I am portforwarding this port to my server in office
resolv-retry infinite
nobind
user nobody
group nogroup
auth-user-pass
#ca ca.crt
#cert client.crt
#key client.key
remote-cert-tls server
tls-auth ta.key
cipher AES-256-CBC
auth SHA1
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
verb 5
key-direction 1
Now in Mikrotik (OS is: v6.42.12 in hAP lite (simps) I have:
Import my Client.ovpn in Files
Import Certificate Client.ovpn and set for T (name: ca.crt_0) and for KT (name: client.crt_0).
Create new PPP Profile: ppp profile add name=OVPN-client change-tcp-mss=yes only-one=yes use-encryption=required use-mpls=no
Create new interface: interface ovpn-client add connect-to=mydomain.com port 51333 add-default-route=no auth=sha1 certificate=client.crt_0 disabled=no user=vpnuser password=vpnpass name=myvpn profile=OVPN-client
But with this configuration, I cannot establish a connection. I cannot get "R - status" on OVPN-client, I only get this error:
* ovpn-out1: connecting
* ovpn-out1: terminating - peer disconnected
* ovpn-out1: disconnected
If I check logs in server I get this:
openVPN1 ovpn-server[2050]: MULTI: multi_create_instance called
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Re-using SSL/TLS context
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Control Channel MTU parms
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Data Channel MTU parms
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Local Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Expected Remote Options String: 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,keydir 1,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-client'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Local Options hash (VER=V4): '7ac8f09f'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: Expected Remote Options hash (VER=V4): '53276059'
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCP connection established with [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCPv4_SERVER link local: [undef]
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCPv4_SERVER link remote: [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 TLS: Initial packet from [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]XX.XXX.XXX.XX:60345
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 Fatal TLS error (check_tls_errors_co), restarting
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: XX.XXX.XXX.XX:60345 SIGUSR1[soft,tls-error] received, client-instance restarting
Oct 26 09:33:03 openVPN1 ovpn-server[2050]: TCP/UDP: Closing socket
MikroTik does not support UDP in OpenVPN only TCP.
ROS 7 will support it but it's still in development phase.
As of 2022 - you would need to use ROS version 7 or later, where UPP support for OpenVPN is implemented. Still, Mikrotik's implementation of OpenVPN is limited, eg. no support for TLS auth with a static key.
Related
I've setup an Ubuntu 16.04 EC2 t2.medium server and followed the instructions here http://docs.bigbluebutton.org/2.0/20install.html to install BigBlueButton 2.0-beta.
When I log into the Demo Meeting room and select Microphone it says calling... then changes to connecting... and then I get a message saying:
WebRTC Audio Failure
Detected the following WebRTC issue: Error 1010: ICE negotiation
timeout. Do you want to try Flash instead?
Here is the output from the console:
BigBlueButton call accepted
bbb_webrtc_bridge_sip.js?v=591:497 Waiting for ICE negotiation
sip.js?v=591:2900 Thu Sep 21 2017 11:27:19 GMT+0800 (WITA) | sip.invitecontext.mediahandler | stream added: fuEOgOt7p5aHrW58wGtGVszgTdGBcNKi
sip.js?v=591:2900 Thu Sep 21 2017 11:27:24 GMT+0800 (WITA) | sip.invitecontext.mediahandler | RTCIceChecking Timeout Triggered after 5000 milliseconds
bbb_webrtc_bridge_sip.js?v=591:499 5 seconds without ICE finishing
bbb_webrtc_bridge_sip.js?v=591:119 Stopping webrtc audio test
bbb_webrtc_bridge_sip.js?v=591:555 Hanging up current session
sip.js?v=591:2900 Thu Sep 21 2017 11:27:24 GMT+0800 (WITA) | sip.inviteclientcontext | terminating Session
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.transport | sending WebSocket message:
BYE sip:919673089#172.31.36.135:5060;transport=udp SIP/2.0
Via: SIP/2.0/WSS msk2aa46iuih.invalid;branch=z9hG4bK7275105
Max-Forwards: 70
To: <sip:919673089#staging.bigbluebutton.xxxxxx.com>;tag=SBBF64e6999Hm
From: "w_zqmgpmdukz39-bbbID-Mikhail" <sip:w_zqmgpmdukz39-bbbID-Mikhail#staging.bigbluebutton.xxxxxx.com>;tag=d6e9kj05rj
Call-ID: epjgsffnq2hi688jlvgl
CSeq: 9777 BYE
Supported: outbound
User-Agent: BigBlueButton
Content-Length: 0
bbb_webrtc_bridge_sip.js?v=591:465 call ended null
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.inviteclientcontext | closing INVITE session epjgsffnq2hi688jlvglj9cdnvthcr
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.invitecontext.mediahandler | closing PeerConnection
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.dialog | dialog epjgsffnq2hi688jlvgld6e9kj05rjSBBF64e6999Hm deleted
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.ua | user requested closure...
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.ua | closing registerContext
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.registercontext | already unregistered
LoggerFactory.print # sip.js?v=591:2900
LoggerFactory.(anonymous function) # sip.js?v=591:2917
Logger.(anonymous function) # sip.js?v=591:2911
unregister # sip.js?v=591:3579
close # sip.js?v=591:3570
UA.stop # sip.js?v=591:8929
(anonymous) # bbb_webrtc_bridge_sip.js?v=591:505
setTimeout (async)
(anonymous) # bbb_webrtc_bridge_sip.js?v=591:498
EventEmitter.emit # sip.js?v=591:115
accepted # sip.js?v=591:5641
onSuccess # sip.js?v=591:6851
Promise resolved (async)
receiveInviteResponse # sip.js?v=591:6832
receiveResponse # sip.js?v=591:3784
InviteClientTransaction.receiveResponse # sip.js?v=591:7832
onMessage # sip.js?v=591:8566
ws.onmessage # sip.js?v=591:8424
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.transport | received WebSocket text message:
SIP/2.0 200 OK
Via: SIP/2.0/WSS msk2aa46iuih.invalid;branch=z9hG4bK7275105;received=52.51.xx.xx;rport=38902
From: "w_zqmgpmdukz39-bbbID-Mikhail" <sip:w_zqmgpmdukz39-bbbID-Mikhail#staging.bigbluebutton.xxxxxx.com>;tag=d6e9kj05rj
To: <sip:919673089#staging.bigbluebutton.xxxxxx.com>;tag=SBBF64e6999Hm
Call-ID: epjgsffnq2hi688jlvgl
CSeq: 9777 BYE
User-Agent: FreeSWITCH-mod_sofia/1.9.0+git~20170822T213300Z~2ebdf42f2c~64bit
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, INFO, UPDATE, REGISTER, REFER, NOTIFY
Supported: timer, path, replaces
Content-Length: 0
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.transport | closing WebSocket wss://staging.bigbluebutton.xxxxxx.com/ws
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.transport | WebSocket disconnected (code: 1000)
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.ua | connection state set to 1
sip.js?v=591:2900 Thu Sep 21 2017 11:27:25 GMT+0800 (WITA) | sip.transaction.ict | transport error occurred, deleting INVITE client transaction z9hG4bK9694442
I've searched for anything related to bigbluebutton error 1010 but can't find anything.
Please check your firewall :
TCP ports 80, 443,and 1935 are accessible.
TCP port 7443 is accessible if you intend to configure SSL (recommended), otherwise port 5066 is accessible.
UDP ports 16384 - 32768 are accessible.
Port 80 is not in use by another application.
the problem is your sip ip and port.
Check /opt/freeswitch/etc/freeswitch/sip_profiles/external.xml settings firstly.
ws-binding: :5066
wss-binding: :7443
change it to like this:
ws-binding: your_external_ip_address:5066
wss-binding: your_external_ip_address:7443
Your external ip address is same with external_sip_ip address.
Then check your 5066 and 7443 port if you use firewall.
Then dont forget to restart bbb (bbb-conf --restart)
I have set up a licensed Shiny Server Pro on an AWS server. It seems to work basically, but I would like to change the default port from 3838 to 80, and this causes me grief, probably because port 80 doesn't handle the websockets as I expect.
So after installation the server dutifully delivers the default welcome.html page with the two embedded apps hello and rmd and everything works as expected. Bus as soon as I change the port in /etc/shiny-server/shiny-server.conf from 3838 to 80, the two embedded apps won't work anymore. They seem to load, but immediately after loading they are greyed out and a message is displayed on top "Disconnected from the Server / Reload".
I now believe that this is caused by the choice of port 80. The AWS instance's security group has a "Custom TCP rule" on port 3838 and allows all incoming traffic on this port. OTOH, port 80 is of type "HTTP" and I seem to be unable to change this to a "Custom TCP rule" (which makes sense, sort of).
When configuring the Shiny server for port 80 and looking at Chrome's dev console after loading the demo page I see websockets appear on the network tab, when the page is fully loaded. However, they're there only for a few milliseconds. Conversely, when using port 3838, the same websockets are persistent and are not terminated.
At the same time, when using port 80, a message appears on the console tab that the connection has been terminated:
Thu Mar 09 2017 08:47:46 [INF]: Connection opened. http://10.43.190.69/sample-apps/rmd/
Thu Mar 09 2017 08:47:46 [DBG]: Open channel 0
Thu Mar 09 2017 08:47:46 [INF]: Connection closed. Info:{"type":"close","code":4705,"reason":"Unable to open connection","wasClean":true}
Thu Mar 09 2017 08:47:46 [DBG]: SockJS connection closed
This message is absent when using port 3838:
Thu Mar 09 2017 09:09:28 [INF]: Connection opened. http://10.43.190.69:3838/sample-apps/hello/
Thu Mar 09 2017 09:09:28 [DBG]: Open channel 0
Thu Mar 09 2017 09:09:28 [INF]: Connection opened. http://10.43.190.69:3838/sample-apps/rmd/
Thu Mar 09 2017 09:09:28 [DBG]: Open channel 0
Thu Mar 09 2017 09:09:30 [DBG]: Open channel 1
Thu Mar 09 2017 09:09:30 [DBG]: 2 message(s) discarded from buffer
Thu Mar 09 2017 09:09:30 [DBG]: 4 message(s) discarded from buffer
To circumvent this problem I have also tried using nginx and apache2 as a reverse proxy, with very similar results, so I tried to use port 80 without a proxy in the first place.
Edit: netstat output when shiny server on port 3838 (all good):
/home/ubuntu# netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:ssh *:* LISTEN 1451/sshd
tcp 0 0 *:4151 *:* LISTEN 6996/shiny-server
tcp 0 0 *:3838 *:* LISTEN 6996/shiny-server
tcp6 0 0 [::]:ssh [::]:* LISTEN 1451/sshd
netstat output when Shiny server on port 80 (embedded apps not working, no websockets):
/home/ubuntu# netstat -tlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:http *:* LISTEN 11116/shiny-server
tcp 0 0 *:ssh *:* LISTEN 1451/sshd
tcp 0 0 *:4151 *:* LISTEN 11116/shiny-server
tcp6 0 0 [::]:ssh [::]:* LISTEN 1451/sshd
So I believe nothing else is listening on port 80.
Can anyone give a hint?
Cheers,
Enno
Today I configured a basic tinyproxy.
I expected it to act as proxy for ubuntu repositories.
But when trying to download stuff from repositories I got this on tinyproxy log
CONNECT Mar 27 17:30:46 [20348]: Connect (file descriptor 9): [unknown] [192.168.2.30]
CONNECT Mar 27 17:30:46 [20348]: Request (file descriptor 9): GET http://br.archive.ubuntu.com/ubuntu/pool/main/t/tdb/python-tdb_1.2.12-1_amd64.deb HTTP/1.1
INFO Mar 27 17:30:46 [20348]: No upstream proxy for br.archive.ubuntu.com
ERROR Mar 27 17:30:56 [20348]: opensock: Could not retrieve info for br.archive.ubuntu.com
INFO Mar 27 17:30:56 [20348]: no entity
I stuck on some misconcept. Do not tinyproxy send requests for outside servers directly?
I supllied an external proxy server to fix this
upstream 117.79.64.29:80
My AT Commands:
AT+CREG?
AT+SAPBR=3,1,"Contype","GPRS"
AT+SAPBR=3,1,"APN","mtnirancell"
AT+SAPBR=3,1,"USER","xxxx"
AT+SAPBR=3,1,"PWD","xxxxx"
AT+SAPBR=1,1
AT+FTPCID=1
AT+FTPSERV="yzd.ir"
AT+FTPPORT=21
AT+FTPUN="xxxx"
AT+FTPPW="xxxx"
AT+FTPPUTNAME="ehsan.txt"
AT+FTPPUTPATH="/"
AT+FTPPUT=1
AT+FTPPUT=2,10
server log:
Jul 21 13:42:36 yzd proftpd[2019] yzd (::ffff:5.116.194.141[::ffff:5.116.194.141]): FTP session opened.
Jul 21 13:42:36 yzd proftpd[2019] yzd (::ffff:5.116.194.141[::ffff:5.116.194.141]): USER xxxx: Login successful.
Jul 21 13:42:38 yzd proftpd[2019] yzd (::ffff:5.116.194.141[::ffff:5.116.194.141]): FTP session closed.
Just reinstalled Mongodb on my mac (fresh install of mountain lion 10.8) and now my apps are taking ~3 mins to connect.
I put together a simple node script to test this:
var start = (new Date()).getTime();
var mongoose = require('mongoose');
var db = mongoose.connect('mongodb://localhost/passport-mongox',function(err){
var stop = (new Date()).getTime();
console.log('Took this long: ',(stop-start) / 1000 );
});
Both times were 175.273 and 175.316 seconds.
When I connect to an external, hosted mongodb it connects in less than a second,
Any idea why this would happen? Here is my mongo.log:
Fri Feb 1 12:43:25 [initandlisten] MongoDB starting : pid=2262 port=27017 dbpath=/usr/local/var/mongodb 64-bit host=w
Fri Feb 1 12:43:25 [initandlisten] db version v2.2.2, pdfile version 4.5
Fri Feb 1 12:43:25 [initandlisten] git version: d1b43b61a5308c4ad0679d34b262c5af9d664267
Fri Feb 1 12:43:25 [initandlisten] build info: Darwin bs-osx-106-x86-64-1.local 10.8.0 Darwin Kernel Version 10.8.0: Tue Jun 7 16:33:36 PDT 2011; root:xnu-1504.15.3~1/RELEASE_I386 i386 BOOST_LIB_VERSION=1_49
Fri Feb 1 12:43:25 [initandlisten] options: { bind_ip: "127.0.0.1", config: "/usr/local/etc/mongod.conf", dbpath: "/usr/local/var/mongodb", logappend: "true", logpath: "/usr/local/var/log/mongodb/mongo.log" }
Fri Feb 1 12:43:25 [initandlisten] journal dir=/usr/local/var/mongodb/journal
Fri Feb 1 12:43:25 [initandlisten] recover : no journal files present, no recovery needed
Fri Feb 1 12:43:26 [websvr] admin web console waiting for connections on port 28017
Fri Feb 1 12:43:26 [initandlisten] waiting for connections on port 27017
Fri Feb 1 12:44:05 [initandlisten] connection accepted from 127.0.0.1:52137 #1 (1 connection now open)
Fri Feb 1 12:44:40 [initandlisten] connection accepted from 127.0.0.1:52152 #2 (2 connections now open)
Fri Feb 1 12:45:15 [initandlisten] connection accepted from 127.0.0.1:52201 #3 (3 connections now open)
Fri Feb 1 12:45:50 [initandlisten] connection accepted from 127.0.0.1:52298 #4 (4 connections now open)
Fri Feb 1 12:46:25 [initandlisten] connection accepted from 127.0.0.1:52325 #5 (5 connections now open)
Fri Feb 1 12:51:26 [conn5] end connection 127.0.0.1:52325 (4 connections now open)
Fri Feb 1 12:51:26 [conn3] end connection 127.0.0.1:52201 (4 connections now open)
Fri Feb 1 12:51:26 [conn4] end connection 127.0.0.1:52298 (4 connections now open)
Fri Feb 1 12:51:26 [conn1] end connection 127.0.0.1:52137 (4 connections now open)
Fri Feb 1 12:51:26 [conn2] end connection 127.0.0.1:52152 (4 connections now open)
Answer from mongoose.js
Cause:
The underlying MongoDB driver defaults to looking for IPv6 addresses,
so the most likely cause is that your localhost DNS mapping isn't configured to handle IPv6.
Solution :
Use 127.0.0.1 instead of localhost or use the family option as shown in the connection docs.
mongoose.connect(url, {family:4}, function(err, connection) {
connection.db(your_db_name);
});
So the answer came from #AdamMeghji on twitter.
My hosts file has always looked like this:
127.0.0.1 localhost
127.0.0.1 test.com
127.0.0.1 wes.dev
I switched that to:
127.0.0.1 localhost test.com wes.dev
and connections went back to 0.015 seconds.