After many years of suffering with bad routers aimed at non-techies, I made the switch to a Mikrotik. I’ve been trying to get OpenVPN set up so I can connect to my home network while on the road, but I’ve had no luck so far.
-
I started with the documentation in the Wiki - specifically this page (http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step). It refers to a command that’s expecting a template in the latest version of RouterOS (certificate create-certificate-request). That’s fine, I’ll look at a different set of instructions.
-
I then found this page (https://rbgeek.wordpress.com/2014/09/10/openvpn-server-setup-on-mikrotik-routeros/). I created a set of self-signed certificates in an Ubuntu Server virtual machine for the Mikrotik device, as well as for the client that I’ll be connecting from. I also found this page (http://forum.mikrotik.com/t/solved-cant-import-client-private-key-for-ovpn/48330/1) on the forums that mentions that .key files can’t be imported, so I converted the .key to .pem and uploaded them to the Mikrotik via the web UI.
-
I then went to the Certificates page, and read them. I was able to read ca.crt without issue as well as the server certificate (home.crt). I then read the .key/.pem file to match home.crt. Should I be seeing the cert as showing KT (which would make sense based on the text below) or KR (as every blog that I read said it should be)? /certificate print output below:
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority,
I - issued, R - revoked, E - expired, T - trusted
# NAME CO.. SUBJECT-ALT-NAME FI..
0 T CA_CRT st.. email:****@**********.*** 9a..
1 K T cert_2 ho.. DNS:home 07..
- When I go into PPP → OVPN Server, check the “Enabled” box, and set the certificate to cert index 1 (above), and click apply → OK, the server never shows up in the Interface tab. What are the correct steps to set up an OpenVPN server through the command line?
So, what am I doing wrong here? How can I get the proper certificates loaded so I can get VPN working?