Pritunl and Mikrotik RouterOS 7

blueglowey · August 6, 2024, 9:42pm

Hi,

I am trying to connect a RouterOS 7 (7.12.1) device to a Pritunl server (v1.32.3805.95 ae9281) using config files as it seems they are now supported in RouterOS. The config imports but with warnings on RouterOS

 19:54:41 ovpn,warning unsupported configuration parameter 'setenv'                                                                                                                                                                           
 19:54:41 ovpn,warning unsupported configuration parameter 'setenv'                                                                                                                                                                           
 19:54:41 ovpn,warning unsupported configuration parameter 'dev-type'                                                                                                                                                                         
 19:54:41 ovpn,warning unsupported configuration parameter 'remote-random'                                                                                                                                                                    
 19:54:41 ovpn,warning unsupported configuration parameter 'mute'                                                                                                                                                                             
 19:54:41 ovpn,warning unsupported configuration parameter 'push-peer-info'                                                                                                                                                                   
 19:54:41 ovpn,warning unsupported configuration parameter 'hand-window'                                                                                                                                                                      
 19:54:41 ovpn,warning unsupported configuration parameter 'server-poll-timeout'                                                                                                                                                              
 19:54:41 ovpn,warning unsupported configuration parameter 'reneg-sec'                                                                                                                                                                        
 19:54:41 ovpn,warning unsupported configuration parameter 'sndbuf'                                                                                                                                                                           
 19:54:41 ovpn,warning unsupported configuration parameter 'rcvbuf'                                                                                                                                                                           
 19:54:41 ovpn,warning unsupported configuration parameter 'max-routes'                                                                                                                                                                       
 19:54:41 ovpn,warning unsupported configuration parameter 'comp-lzo'

The client then connects fine but I get the following in the Pritunl server logs and no traffic passes the tunnel

[thriving-forest-9169] Tue Aug  6 21:33:34 2024 Unrecognized option or missing or extra parameter(s) in /tmp/pritunl_3281e75ee67749e3bffd065206134725/46a055703ab148cfbf8d8bc2dcf55d79/openvpn.conf:31: allow-compression (2.4.12)
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 OpenVPN 2.4.12 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 27 2024
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 TUN/TAP device tun26 opened
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 /sbin/ip link set dev tun26 up mtu 1500
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 /sbin/ip addr add dev tun26 10.0.25.1/25 broadcast 10.0.25.127
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 setsockopt(IPV6_V6ONLY=0)
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 UDPv6 link local (bound): [AF_INET6][undef]:19588
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 UDPv6 link remote: [AF_UNSPEC]
[thriving-forest-9169] Tue Aug  6 21:33:34 2024 Initialization Sequence Completed
[thriving-forest-9169] 2024-08-06 21:33:36 COM> SUCCESS: bytecount interval changed
[thriving-forest-9169] Tue Aug  6 21:33:43 2024 90.155.95.178:42000 peer info: IV_PROTO=2
[thriving-forest-9169] Tue Aug  6 21:33:43 2024 90.155.95.178:42000 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
[thriving-forest-9169] Tue Aug  6 21:33:43 2024 90.155.95.178:42000 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
[thriving-forest-9169] Tue Aug  6 21:33:43 2024 90.155.95.178:42000 [6672d05428d11f8c8a189bab] Peer Connection Initiated with [AF_INET6]::ffff:90.155.95.178:42000
[thriving-forest-9169] 2024-08-06 21:33:43 COM> SUCCESS: client-auth command succeeded
[thriving-forest-9169] Tue Aug  6 21:33:43 2024 6672d05428d11f8c8a189bab/90.155.95.178:42000 MULTI_sva: pool returned IPv4=10.0.25.2, IPv6=(Not enabled)
[thriving-forest-9169] 2024-08-06 21:33:43 User connected user_id=6672d05428d11f8c8a189bab
[thriving-forest-9169] Tue Aug  6 21:33:54 2024 6672d05428d11f8c8a189bab/90.155.95.178:42000 Bad compression stub decompression header byte: 42
[thriving-forest-9169] Tue Aug  6 21:34:04 2024 6672d05428d11f8c8a189bab/90.155.95.178:42000 Bad compression stub decompression header byte: 42
[thriving-forest-9169] Tue Aug  6 21:34:14 2024 6672d05428d11f8c8a189bab/90.155.95.178:42000 Bad compression stub decompression header byte: 42
[thriving-forest-9169] Tue Aug  6 21:34:24 2024 6672d05428d11f8c8a189bab/90.155.95.178:42000 NOTE: --mute triggered...
[thriving-forest-9169] Tue Aug  6 21:35:04 2024 6672d05428d11f8c8a189bab/90.155.95.178:42000 5 variation(s) on previous 3 message(s) suppressed by --mute
[thriving-forest-9169] Tue Aug  6 21:35:04 2024 6672d05428d11f8c8a189bab/90.155.95.178:42000 [6672d05428d11f8c8a189bab] Inactivity timeout (--ping-restart), restarting
[thriving-forest-9169] 2024-08-06 21:35:04 User disconnected user_id=6672d05428d11f8c8a189bab

I think this maybe due to a comp-lzo mismatch as routeros does not support it at all so does not send it but the server has defined it.

Any thoughts?

Cheers

James

hl0r0f0s · September 12, 2024, 10:56am

On side server need write parametr comp-lzo adaptive.