How to setup mikrotik openvpn client?

A

Alexander2014-06-23 20:10:46

openvpn

Alexander, 2014-06-23 20:10:46

there is an openvpn server on freebsd
and there are a bunch of openvpn clients with a config

client
dev           tun
proto         tcp
remote        00.00.00.00
port          1195
tls-client	
tls-remote    test
resolv-retry infinite
route         10.0.0.1 255.255.255.0

ca            "C:\\vpn\\ca.crt"
cert          "C:\\vpn\\client.crt"
key           "C:\\vpn\\client.key"
tls-auth      "C:\\vpn\\ta.key" 1
ns-cert-type server
#comp-lzo
tun-mtu      1500
mssfix       1450
verb         3

I have Mikrotik, I want to make it another openvpn client.
everything seems to be set up, but it doesn’t want to connect to the server
in the logs
ovpn-out1: terminating... - peer disconnected
, and you’ll understand what it means figs .. can you somehow enable more advanced logs?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

N

nimbo, 2014-06-23
@nimbo

tls in mikrotik ovpn, as far as I remember, no.
ps: in general, if you are planning clients with Windows on board, I strongly recommend looking towards SSTP. It has its own charms such as native support and lower latency.

A

Alexander, 2014-06-23
@unix0

yes, the problem was in tls-auth,
you need to change the config on the server and the configs of all clients (
remove
and put

auth SHA1
cipher BF-CBC

Perhaps there is another way?

L

LazyGatto, 2015-02-17
@LazyGatto

I'll raise a similar question. R.B. v. 6.27
Turned on sort of like logging.
/system logging add topics=ovpn action=memory
However, only the following data is in the log:
16:27:06 ovpn,info ovpn-out1: initializing...
16:27:06 ovpn,info ovpn-out1: connecting...
16 :27:06 ovpn,debug ovpn-out1: disconnected
16:27:06 ovpn,info ovpn-out1: terminating... - peer disconnected
Here are the interface settings:
[admin mikrotik ] > /interface ovpn-client print
Flags: X - disabled, R - running
0 name="ovpn-out1" mac-address=02:EC:74:14:D6:44 max-mtu=1500 connect-to=XX.XX.XX.XX port=22 mode=ip user="none" password=""
Information on certificates
[admin mikrotik ] > /certificate print
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired ,
T - trusted
# NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT
1 KT cert_2 VCNbjLfR6CET 0671aff870a4f2a96... The config was
taken from the OVPN file settings.
Data in this file:
remote XX.XX.XX.XX
port 22
dev tun
proto tcp-client
tls-client
#tls-remote Beethoven
tls-auth ta.key 1
ca ca.crt
cert VCNbjLfR6CET.pem
key VCNbjLfR6CET.pem
comp-lzo
reneg-sec 36000
auth SHA1
cipher AES-256-CBC
keysize 256
persist-key
persist-tun
verb 3
ping 5
ping-restart 35
hand-window 150
ns-cert-type server
pull
# route-method exe
# route-delay 2
# win-sys 'env'
The pem certificate has been uploaded to Mikrotik.
And can't connect at all.
The point is that there is no access to the server. A connection purchased from one of the VPN channel providers was used.
Can you tell me which way to dig? :(

C

Cool Admin, 2014-06-23
@ifaustrue

Extended logs are enabled from the /system logging menu, then add a new type of log
/system logging action add name=ovpn topics=ovpn
By default, logs will be dumped into memory, maximum 1000 lines.
Throw a log, boom dig =)

A

ASPI, 2014-06-26
@ASPI

on the cipher algorithm server, for example, add AES 256
to the client (on Mikrotik), fill in the certificate, and use it for authentication.