Open VPN client

KristVB · June 6, 2016, 5:39am

Hi all,

I try to get Open VPN client working on a Mikrotik Router. So far without success.

Connecting to the VPN using the openvpn on linux works.
I have the following information:

Host Name and password.
Host uses tcp, no LZO.
I have the CA certificate used to sign the host certificate.

I uploaded the CA certificate, and created an ovpn-client interface. This is what it looks like:

[admin@MikroTik] /interface ovpn-client> print
Flags: X - disabled, R - running
0 name=“ovpn-out1” mac-address=02:BE:C7:59:65:06 max-mtu=1500 connect-to=ovpn.example.com port=443 mode=ip user=“me” password=“1234”
profile=default certificate=newca.crt_0 auth=sha1 cipher=aes256 add-default-route=no

This however does not work: I keep getting “TLS Failed” errors.
What does this error indicate in this case?

tic85linux · June 7, 2016, 9:07pm

Please I also need answer to this question !!!

dnadih · June 8, 2016, 4:04am

OpenVPN server is running on linux host? Are you sure that you are not running ovpn service on udp port?
RouterOS ovpn works only on tcp protocol.

emils · June 8, 2016, 10:10am

Upgrade to the latest Release Candidate version, it should solve the issue.

KristVB · August 25, 2016, 2:56pm

I am now on 6.36.2

I am again trying to get ovpn working, and again unsuccessful.

[admin@officerouter] /interface ovpn-client> print
Flags: X - disabled, R - running
0 ;;; VPN
name=“rhbrq” mac-address=02:3F:5A:E4:39:AC max-mtu=1360 connect-to=1.2.3.4 port=443
mode=ip user=“me” password=“123456” profile=default-encryption
certificate=newca.crt_0 auth=md5 cipher=aes256 add-default-route=no

All I get in the log now is:

16:54:45 ovpn,info rhbrq: initializing…
16:54:45 ovpn,info rhbrq: connecting…
16:55:05 ovpn,info rhbrq: terminating… - could not connect

No info as to what could be the reason why the connection fails…

I managed to get the opvn working from my laptop (with fedora), so the server works, and I have the correct credentials etc…
There is a NAT router (my internet egress router) between the mikrotik and the internet. But that should not be a problem.

So how do I proceed here? How do I find out more about what is keeping this from working?

(Edit turned out that I had a firewall problem as well. Fixed that now the error is:)
17:26:38 ovpn,info rhbrq: connecting…
17:26:38 ovpn,info rhbrq: terminating… - TLS failed
17:26:38 ovpn,info rhbrq: disconnected

… So same problem as before

emils · August 26, 2016, 7:31am

TLS failed usually points to an issue with certificates. Make sure the client has correct certificates.

KristVB · August 26, 2016, 7:34am

I am pretty sure the certificate is correct. I am using the same certificate witrh openvpn on a fedora 24 laptop, and there it works.

pacman88 · August 26, 2016, 8:58am

Hi

if i read your question correctly you are not using client certificates but added the ca used to sign your server cert as client cert. that probably is the issue. try to remove the client cert param from you client config.

there seems to be a serious problem with openvpn client on mikrotik - the client connects to the server without checking the server cert at all…

i was about to open a post for that already… maybe someone from mikrotik could give a statement about that?

best regards
alex