Hi guys,
I am trying to setup a Client VPN connection to my VPN provider, ExpressVPN.
The following is the content of the ovpn file which I am using as reference.
dev tun
fast-io
persist-key
persist-tun
nobind
remote foo.bar.com 1195
remote-random
pull
comp-lzo
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1450
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
<cert>
some cert
</cert>
<key>
some key
</key>
<tls-auth>
2048 bit OpenVPN static key
</tls-auth>
<ca>
some cert
</ca>
Before you waste time on this, I see that the requirements are:
cipher AES-256-CBC
keysize 256
auth SHA512
In the MT, all that I can find is:
SHA1
AES256
Seeing as I know virtually nothing about certificates and such, I can not figure out if the MT can handle the above config. On the off-chance it can, this is what I did:
I extracted then imported all three certificates and named them
switzerland.key
switzerland.crt
ca.crt
Steps I took:
> /certificate print
3 T evpn_ca.crt_0 SomeVPN CA
4 K T evpn_switzerland.crt_0 1234567...
PPP profile:
name="evpn_ovpn_ppp" remote-ipv6-prefix-pool=*0 use-ipv6=no use-mpls=default use-compression=default use-encryption=default only-one=default change-tcp-mss=default
use-upnp=default address-list="" on-up="" on-down=""
Interface:
name="evpn_interface" type="ovpn-out" mac-address=FE:D4:C4:DD:54:9B link-downs=0
Firewall NAT:
chain=srcnat action=masquerade out-interface=evpn_interface log=yes log-prefix="evpn_ovpn"
Firewall Mangle:
chain=prerouting action=mark-routing new-routing-mark=evpn_ovpn passthrough=yes src-address=192.168.88.100/31 log=no log-prefix=""
IP Route:
dst-address=0.0.0.0/0 gateway=evpn_interface gateway-status=evpn_interface unreachable distance=1 scope=30 target-scope=10 routing-mark=evpn_ovpn
Can anyone confirm if the MT can handle such a connection and if so, can you help set it up?
