Openvpn server site to site with mikrotik client

Summer

Hi,

I've just upgraded to 23.05.1 and openvpn SITE TO SITE server got this error:

TLS error: Unsupported protocol. This typically indicates that client and server have no common TLS version enabled. This can be caused by mismatched tls-version-min and tls-version-max options on client and server. If your OpenVPN client is between v2.3.6 and v2.3.2 try adding tls-version-min 1.0 to the client configuration to use TLS 1.0+ instead of TLS 1.0 only

OpenSSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol

The client is mikrotik device:

ovpn-out1: connecting...
ovpn-out1: initializing...
ovpn-out1: using encoding - AES-128-CBC/SHA1
PUSH_REPLY,comp-lzo no,route 192.168.208.0 255.255.255.0>
IV_PROTO=746
warning: recvd <WIV_CIPHERS=AES-128-CBC:AES-128-CFB1:AES-128-CFB8:AES-128-OFB:AES-128-GCM
ovpn-out1: disconnected <peer disconnected>
ovpn-out1: terminating... - peer disconnected

I've tried the Check Depth trick, but did not work, any idea?

Thanks, BR

viragomann

@Summer
Did you already check the hint in the error message?

Which OpenVPN version is the client running?
What are the configurations of both?

Summer

@viragomann I've tried forcing tls version on both to only 1.2.

Now client says link is established but won't get the ip from the tunnel
Server display Connected but no communication at all.

Server is pfsense 23.05.1, client ROS is 7.10.2.

After timeout it keep reconnecting.

rfmendes

@Summer

You resolved this is problem? I have the problem too...