import-ovpn-configuration timed out

JohnConnett · March 29, 2023, 3:47pm

I have an OpenVPN client configuration that works with NetworkManager on Ubuntu 22.04.2 LTS (Jammy Jellyfish) and with OpenVPN Connect v3 on Windows 11 Pro. Couldn’t persuade it to work on RouterOS 7.8. Saw that RouterOS 7.9beta has ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file and decided to give it a whirl.

[admin@router] > /interface ovpn-client import-ovpn-configuration
filename: profile-9.ovpn
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)
[admin@router] >

Here is an edited copy of the profile-9.ovpn file:

cipher AES-256-CBC
client
proto udp
nobind
remote 11.22.33.44
port 1194
dev tun
dev-type tun
remote-cert-tls server
tls-version-min 1.2
reneg-sec 604800
auth-user-pass
verb 3
push-peer-info

<ca>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
[...]
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
[...]
-----END OpenVPN Static key V1-----
</tls-crypt>

The OpenVPN Static Key V1 at the end of the file might suggest TLS authentication, a currently unsupported OpenVPN feature. Can anyone more familiar with OpenVPN confirm? If so, an error message would be useful.

rextended · March 29, 2023, 4:02pm

You have the exact steps of the instructions to follow, in the answer.
Did you do what is clearly written???

JohnConnett · March 29, 2023, 4:32pm

Yes, with a link back to this thread.
(MikroTik support #[SUP-112121]: import-ovpn-configuration timed out)

JohnConnett · March 31, 2023, 3:35pm

Also tried RouterOS 7.9beta4 with a ProtonVPN generated profile (also confirmed to work with OpenVPN Connect v3 on Windows 11 Pro).

[admin@router] /interface/ovpn-client> import-ovpn-configuration
file-name: node-uk-12.protonvpn.net.udp.ovpn
  progress: unsupported option 'key-direction'
[admin@router] /interface/ovpn-client>

Here is an edited copy of the node-uk-12.protonvpn.net.udp.ovpn file:

client
dev tun
proto udp
remote 11.22.33.44 4569
remote 11.22.33.44 80
remote 11.22.33.44 1194
remote 11.22.33.44 51820
remote 11.22.33.44 5060
remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
verb 3
setenv CLIENT_CERT 0
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
reneg-sec 0
remote-cert-tls server
auth-user-pass
pull
fast-io
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

This quickly responded with an error message.

JohnConnett · March 31, 2023, 9:09pm

Same behaviour for both profile files in RouterOS 7.9rc1.

JohnConnett · April 3, 2023, 9:25am

Received this today:

MikroTik support #[SUP-112121]: import-ovpn-configuration timed out
OpenVPN in RouterOS doesn’t support “tls-auth” option.

Will submit a feature request to support the OpenVPN “tls-auth” option.
Still think a clear error message would be useful.

JohnConnett · April 3, 2023, 10:05am

Here’s the Feature Request.