Community discussions

MikroTik App
  4. RouterOS
  5. General

Mikrotik OpenVPN Certificate Issue

Post Reply
 
TechKiwi
just joined
Topic Author
Posts: 4
Joined: Mon Nov 04, 2013 6:12 am

Mikrotik OpenVPN Certificate Issue

Mon Nov 04, 2013 11:19 pm

I have been following this to the letter (and have redone the steps a number of times) without any luck. http://wiki.mikrotik.com/wiki/OpenVPN_C ... ep_by_Step

I can complete this tutorial, and get it to connect via an OpenVPN connection on the router, but when I try to get it working via OpenVPN Gui in Windows I cannot get it going.

I am testing this internally, but the OpenVPN server is on a different subnet.

The error I am getting is:
Tue Nov 05 10:13:37 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Tue Nov 05 10:13:40 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Tue Nov 05 10:13:40 2013 Attempting to establish TCP connection with [AF_INET]10.10.0.66:1194
Tue Nov 05 10:13:40 2013 TCP connection established with [AF_INET]10.10.0.66:1194
Tue Nov 05 10:13:40 2013 TCPv4_CLIENT link local: [undef]
Tue Nov 05 10:13:40 2013 TCPv4_CLIENT link remote: [AF_INET]10.10.0.66:1194
Tue Nov 05 10:13:40 2013 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: OU=Domain Control Validated, CN=vpn.***.co.nz
Tue Nov 05 10:13:40 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Tue Nov 05 10:13:40 2013 TLS Error: TLS object -> incoming plaintext read error
Tue Nov 05 10:13:40 2013 TLS Error: TLS handshake failed
Tue Nov 05 10:13:40 2013 Fatal TLS error (check_tls_errors_co), restarting
Tue Nov 05 10:13:40 2013 SIGUSR1[soft,tls-error] received, process restarting

I have a GoDaddy Certificate installed on the Mikrotik box and it has had the key imported as well and is displaying.

My OpenVPN config is:
client
dev tap
proto tcp
remote vpn.****.co.nz 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca AC.crt
cipher AES-256-CBC
auth MD5
auth-user-pass
auth-nocache
register-dns
redirect-gateway def1

The certificate is in the same folder as the config file (I have done it like this on other OpenVPN installs and it works fine).

I have tried googling the errors and cannot find a definitive answer, I have tried recreating the certificates multiple times.
I am running RouterOS 6.3 ( I have tried 6.4 & 6.5 also)


Any help would be greatly appreciated.
Top
Post Reply

Who is online

Users browsing this forum: almdandi, densenator, GoogleOther [Bot], Huy0880, lubara, vikashdh and 68 guests
  4. RouterOS
  5. General