I bought a vpn service and they provide me the conf file only, How to convert the conf to ROS?
openvpn.conf content as blew:

setenv FORWARD_COMPATIBLE 1
setenv UV_SERVERID 352
client
dev tun
proto udp
remote 118.163.202.118 8292
nobind
persist-key
persist-tun
ns-cert-type server
key-direction 1
push-peer-info
comp-lzo
explicit-exit-notify
verb 3
mute 20
reneg-sec 86400
mute-replay-warnings
max-routes 1000

-----BEGIN CERTIFICATE-----
MIIEFTCCAv2gAwIBAgIJAOt26+6pZCokMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
BAYTAi4uMQswCQYDVQQIEwIuLjELMAkGA1UEBxMCLi4xCzAJBgNVBAoTAi4uMQsw
CQYDVQQLEwIuLjEOMAwGA1UEAxMFQVNDQTIxETAPBgkqhkiG9w0BCQEWAi4uMB4X
DTE0MDQxMTIwNTgwMloXDTI0MDQwODIwNTgwMlowZDELMAkGA1UEBhMCLi4xCzAJ
BgNVBAgTAi4uMQswCQYDVQQHEwIuLjELMAkGA1UEChMCLi4xCzAJBgNVBAsTAi4u
MQ4wDAYDVQQDEwVBU0NBMjERMA8GCSqGSIb3DQEJARYCLi4wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC1gI7za3IjgZeUlOyMypx+vuABzGWANEW2Z0uK
/uOHEIxwB4/Xvaf+Xo3y416fayyo+dlPE/iFapKZCGRQbf/88YaK2ZTEgsMR9awX
eeP50rKD/9pJPf2fLDzbNnHYz5oF0oKzwc3msU2s/1xCCqSv8NoSpyqivA088UFd
OCuowps4QxQvc8jAdfO8saajnvsG/aXRMwJapuZ10G2ia6Ln9DYnM79Qg0iFzzGP
Q0EOE64eecqEeHmKgGTFl4VavfVkspgBhxn0c6ss1K8vS+J3sLth9XP1gMb0qNQz
Dfsz6KwxTJ/3p5OorCbNjW+HINT2+GZXrD+GOm4tBgEG+Dw9AgMBAAGjgckwgcYw
HQYDVR0OBBYEFHKIZ9TwU70GU9QzuQ9MsUFNjqkRMIGWBgNVHSMEgY4wgYuAFHKI
Z9TwU70GU9QzuQ9MsUFNjqkRoWikZjBkMQswCQYDVQQGEwIuLjELMAkGA1UECBMC
Li4xCzAJBgNVBAcTAi4uMQswCQYDVQQKEwIuLjELMAkGA1UECxMCLi4xDjAMBgNV
BAMTBUFTQ0EyMREwDwYJKoZIhvcNAQkBFgIuLoIJAOt26+6pZCokMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJKHXc4JABvR0bC4u56eTzTi+tQtzyl1
I2Sb2RwV5Z99QibIf1CwAUo6cO7TZUheDCBQ2zT9EvbBk6LH2HL8gRX5bRFMdEMU
8dAVBp01d6RWmwRA5X9LgjTzxaCiRPnfzpMBLlYT5SXwqVdHT6hniCr6QkLHIosU
WXBjRX3c7I0YlMxCIigUzkelJhMTsr9D8eRNtDsS2UvsfkCvh2gn6wZiUfZJIMFJ
rKWYJfvn1DN9Ri0k1OaryfEAeplsvxSj3nGC8kN5df9tnhU/kuei1rR7tYUiajMF
DWqvB+wv9DtX42uWOd4i4kmuivuw5zTMZFVborRUbO3IlODkx4sgRAE=
-----END CERTIFICATE-----


-----BEGIN CERTIFICATE-----
MIIEGzCCAwOgAwIBAgIDDBnEMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNVBAYTAi4u
MQswCQYDVQQIEwIuLjELMAkGA1UEBxMCLi4xCzAJBgNVBAoTAi4uMQswCQYDVQQL
EwIuLjEOMAwGA1UEAxMFQVNDQTIxETAPBgkqhkiG9w0BCQEWAi4uMB4XDTE2MDcz
MTA5MDUwMVoXDTI2MDczMDA4MDUwMVowLDEqMCgGA1UEAxMhQVMxNjk2MTU5LTIx
NTY0NTIyNzRFQi1GOTM3MjIxNzQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvxAT8CUdsNA1w1jLpZog864KrOAY5aUl5O0OtmoXLANrIAVWOHLN6++H
lVtRmf5R2EaER7Yjy7dkEeW89ukvNerNBA2qgTYZdyLR4jwIPYXwY/RgaxUqr6FQ
+PigRUhGB0+pr+lnJW6KUldSLTcM4du62hVrzwmnNf2l3uBAB3Aem6S1vLQvO/dj
wfUcbi/Nt51Ycsw5DLTkbtrz9u9/I3zsstj0tAuImOW9aWvEiozOOjafyxgoFOjA
PtZxZWbZNGZXCQGmI2LFVOu29YHwbvyFW3JbcCgQ2hKRLaBIfQ29TqQf5D2ylXy4
LcbyAi1AhJ8A/oalv61yuOhS4qtPswIDAQABo4IBDDCCAQgwCQYDVR0TBAIwADAh
BglghkgBhvhCAQ0EFBYSQ2xpZW50IENlcnRpZmljYXRlMB0GA1UdDgQWBBT62ycN
ujXzp7ujD0ROOW2lMlkvRzCBlgYDVR0jBIGOMIGLgBRyiGfU8FO9BlPUM7kPTLFB
TY6pEaFopGYwZDELMAkGA1UEBhMCLi4xCzAJBgNVBAgTAi4uMQswCQYDVQQHEwIu
LjELMAkGA1UEChMCLi4xCzAJBgNVBAsTAi4uMQ4wDAYDVQQDEwVBU0NBMjERMA8G
CSqGSIb3DQEJARYCLi6CCQDrduvuqWQqJDATBgNVHSUEDDAKBggrBgEFBQcDAjAL
BgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAC0VzRJHtE+uFoIvQBxeEOUD
QE0ZQENGoKQOZftZw8BtBC9VSLoYd5ykaCAI0WCjuHUaNoQkB2pG8nWcFPJ2wR7J
/wGHwyi7P/5eAta2pGwJevAcw3Kp7RKcj0bpe4hvtAhAFvERXiOr2d6XgXuhfHHr
dPA/dPhZChNU8At862409w/cqV9rrpBDjT7y0cjtbd9PjnBYDCb19vraAZZvNSP3
l8p24Mo+plGhrzbovmyJuqpMGkWQzd4wQ1A+PPKQpSAkn9hHFMrs+Zd8WsRYK4cI
1uJ2N8fsJ/uymvytwyMx1eEY36P9h/Fi2ZNwUFe6XOkwI3FDGOwyxNa3Um69GKA=
-----END CERTIFICATE-----

Lzo is not supported on mtk

Envoyé de mon SM-A510F en utilisant Tapatalk

can be connected without comp-lzo parameter

“proto udp” is not supported either.

both protocol can connect, it’s up to you
These parameters are not important, the most important is certificates.
How to import certificates to MTK.

Just save them to file, upload to router and import using:

/certificate import file-name=<your file>

It fact, you can use the config as is and import will find both certificates and key in it (but only certificates, it won’t import OpenVPN settings).

I knew hot to import certificates to ros
but when I imported it, it appears not correct Certs.
see below
[root@MikroTik] /certificate> print
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted

NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT

0 T 1.ovpn_0 ASCA2 d9ff4cc75892ceab131...
1 K T 1.ovpn_1 AS1696159-2150087CD... d676e3703712cf6cd87...


No KR Flags.

Looks fine to me. There shouldn’t be a R flag. R flag is for revoked certificates.

dec/21 00:04:14 ovpn,debug,packet sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=cb4ac4dc6e2dba3 pid=0 DATA len=0
dec/21 00:04:14 ovpn,debug ovpn-out1: disconnected

http://wiki.mikrotik.com/wiki/Manual:Create_Certificates

They said If everything is imported properly then certificate should show up with KR flag.

Fixed, it was left there from old versions.

The log shows the process went to interrupt before enterned to TLS Auth,the problem occurred during the certificate authentication phase.

Unfortunately I cannot tell anythign specific without logs and supout file. Try to contact support with attached supout file.

You should be aware that the config you posted lets anyone use your VPN account. Never post private keys.

This private key is a test key, and the conf file also contain the tls-auth field to authenticate the username and password.

Hello
I try to do the same thing.
What can i do?
I have to save the .ovpn file and import to mikrotik?? Only this 1 file or i have to save the key below separately to other 2 files?
I import only .ovpn and printed only T without K.

I bought me too a vpn service and they provide me the conf file .ovpn and other two files .key and .crt

I import .ovpn but show me only “T”. What can i do next steps. I try to import the others two files.key and .crt but still “T”

If you use .ovpn file in certificate import, RouterOS will recognize embedded certificates (blocks with BEGIN / END). If you have certificates/keys in separate files, you need to import those. First import certificate and then key and RouterOS should put them together.

OK i have this 2 files seperate:
.key
.crt
But when import this 2 files only appear left the letter “T” means trust. I think the right is with letters “KT” isn’t it?

Order is important. Are you importing .crt first and .key after that? If you do, check what’s in .key file. If it starts with “-----BEGIN PRIVATE KEY-----”, it should just work. If it’s “-----BEGIN ENCRYPTED PRIVATE KEY-----”, you need to use the right password for import.