Server: ER605
Client: HEX-S
The problem:
The setup on the ER605 is quite simple and straightforward:
After that, it creates a certificate file for the clients. An example:
client
dev tun
proto tcp
float
nobind
cipher AES-128-CBC
comp-lzo no
resolv-retry infinite
remote-cert-tls server
persist-key
auth-user-pass
remote "wanip" 1194
<ca>
-----BEGIN CERTIFICATE-----
Redacted stuff
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Redacted stuff
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
Redacted stuff
-----END PRIVATE KEY-----
</key>
So far simple. BUT, on the mikrotik client, after loading the file in the storage, loading the certificate, all good.
I believed that was it, since I am able to connect, BUT for some odd reason, the routing has issues.
When I connect, the following route shows unreachable.
From the TP-Link manual, the ER605 SHOULD be able to ping the Mikrotik, and viceversa. But, they can’t. And I cannot understand why. The firewall is pretty stock and do not have weird rules that can block traffic. I torch the interface and I see the traffic going but not being responded.
If I ping from the ER605, I get the same result, no response. Right now, I do not know WHO is at fault, is it the ER605 no routing correctly? or the HEX-S? And why? And how to correct the issue?
