I’ve never used openVPN before so I was using the guide at http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step for assistance. However once I got to the point where I enter “certificate create-certificate-request” It then asks for a template (the step-by-step doesn’t mention this or indicate how to respond). I entered a 1 (random guess). I’m asked for a passphrase, which I enter. After that it just returns to the main prompt. The guide says it will ask a number of questions, but I didn’t get that far.
Is it because I guessed “1” for the template or something else?
There is a file with the .pem extension, two of them actually dated 1 second apart. But since it didn’t ask me for any of the information the Wiki said it would, is it valid? I’ve given it zero input as it never asked.
Its a little more intuitive if you use winbox instead of CLI.
Go to system, certificates. Create new (press red + sign) , fill in the info. Add it, then select from the window and press the ‘create certicate request’.
There’s no red plus in the 6-13 release. I used the Add New button and guessed and what I was supposed to do from there. It says there’s a Certificate there now but I don’t see anything in the Files so I’m not sure it worked. I thought it was supposed to create a .pem file or something. I don’t see anything that looks like a certificate I’ve used in the past but I’ll move forward and see if the rest of the instructions follow close enough to finish.
Still no success on setting up OpenVPN on this thing. Pretty frustrating to spend so much time trying to do something so routine on other routers. I’m about ready to throw this thing in the trash.
Yep, throwing this thing in the trash is what I’m doing right now. This box is 100% effing useless to me. If MikroTik does not support OpenVPN why do they claim they do??? It takes 5 minutes to setup OpenVPN server on pfsense. I’m well into my 8th hour with Mikrotik. This script kiddie piece of junk is going in the trash and I’m going back to pfsense.
I can finally connect (no UDP support WTF???) but now when I connect I can not ping across the tunnel. I see these warnings on my client:
Jun 27 10:50:10: WARNING: ‘link-mtu’ is used inconsistently, local=‘link-mtu 1544’, remote=‘link-mtu 1543’
Jun 27 10:50:10: WARNING: ‘comp-lzo’ is present in local config but missing in remote config, local=‘comp-lzo’
Is this what’s preventing my pings? Who knows and I’ve spent enough time trying to figure it out.
I haven’t made any progress either. I purchased the Mikrotik routers based on advice from a friend of mine so I’ve reached out to him for help, but haven’t gotten any. I think I flushed my money down the drain on these things. I bought two of them. The other one isn’t even out of the box yet. I’m pretty disappointed.
Well long and short of it is I can never just give up. Throwing this thing away was wishful thinking and I kept at it and finally got openVPN up between Viscosity on my Mac and Mikrotik. Setting use compression: yes (not default) and use vj compression yes on the mikrotik profile and setting LZO Compression: Not specified on viscosity seems to be the magic incantation. Also I have to setup the route to my internal network in the viscosity networking tab since mikrotik openvpn does not push the route, unlike a correct openvpn implementation.
My OpenvpnConnect clients on iOS still do not work. Everything openvpn works out of the box with pfsense so the mikrotik is still not a 1 to 1 replacement for my old pfsense firewall and as soon as I get the time I’m going to swap it back out. Full OpenVPN support is the one feature I can’t live without.
I am trying to get OpenVPN working on my Mikrotik, too, and ran into the same road block (the main OpenVPN page not talking about certificate templates at all). Can you please post what you did to get it working?
I gave up and bought new routers. As I couldn’t return the bricks, er, Mikrotik routers I’m using them as access points. I would NEVER suggest the Mikrotik products to anyone.