OpenVPN don't connect client

webroot · January 27, 2013, 4:16pm

Hello!

I have same problems. I can not connect to the OpenVPN server, which raised to Mikrotik RB750.
My configuration consists of:

dev tap
proto tcp
remote 192.168.88.1
port 443
client
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
persist-key
persist-tun
verb 1

After connecting, I see in the log Mikrotik

19:47:58 ovpn,info TCP connection established from 192.168.88.251
19:47:58 ovpn,info <ovpn-0>: dialing...
19:48:01 ovpn,info <ovpn-0>: using encoding - BF-128-CBC/SHA1
19:48:06 ovpn,info <ovpn-0>: terminating... - peer disconnected
19:48:06 ovpn,info <ovpn-0>: disconnected
19:48:29 ovpn,info TCP connection established from 192.168.88.251
19:48:29 ovpn,info <ovpn-0>: dialing...
19:48:32 ovpn,info <ovpn-0>: using encoding - BF-128-CBC/SHA1

More information can be found here:
for_OpenVPN.zip (16.7 KB)

tomi513 · January 27, 2013, 7:10pm

I have a similar problem. You show how to generate certificates?

webroot · January 28, 2013, 7:32am

A good article on setting up OpenVPN here - http://wiki.mikrotik.com/wiki/OpenVPN

I used the second part: Creating Certificates with Easy-RSA

I was told that could build a working configuration OpenVPN to version 5.20. I have set the router to 5.11.
Edit the file /etc/vars. I like it just changed the variables:

export KEY_COUNTRY="RU"
export KEY_PROVINCE="RUS"
export KEY_CITY="Vologda"
export KEY_ORG="MIAC"
export KEY_EMAIL="mnk@myhost.mydomain"

You can use your own.

#. vars

That point gap vars

Cleaning and initialize the folder keys.

#./clean-all

Creating a master Certificate Authority (CA) certificate & key. Executed 1 time.
Certificate and key generation - ca.crt, ca.key.

#. vars
#./build-ca

Generating key and certificate for the server
Executed 1 time

#. vars
#. / build-key-server ServerName

ServerName - server name. To some additional questions can be answered 2 times “empty” on the last 2 - “y”:

Sign the certificate? [y / n]: y
1 out of 1 certificate requests certified, commit? [y / n] y

This will create a key ServerName.key, certificate ServerName.crt, request Certificate Signing Request (CSR) ServerName.csr,? Weird file? 01.pem (copy ServerName.csr)

To create a certificate for the client:

# ./build-key client0

tomi513 · January 28, 2013, 8:49pm

How do you import certyfikat to Mikrotik?

tomi513 · January 31, 2013, 8:38pm

Hello webroot.
I did. It connects me with openvpn.
You do that:

vi vars
source vars
./clean-all

Create CA

./pkitool --initca

Create Server Certificate

./pkitool --pass --server RB450

Convert Server private key to .pem format

openssl rsa -in keys/RB450.key -out keys/RB450.pem

Very important!
You need to edit the file keys / index.txt.attr and change “unique_subject” to “no”

Create Client Certificate

./pkitool --pass client1

Convert Client private key to .pem format

openssl rsa -in keys/client1.key -out keys/client1.pem

Referring to easy-rsa example above upload following files via sftp to RouterBoard

RB450.crt
RB450.pem
ca.crt

Import certificate on Mikrotik

/certificate
import file=RB450.crt
import file=RB450.pem
import file=ca.crt

My configuration on windows 7

dev tap
proto tcp-client
remote 192.168.178.11 1194
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
tls-client
port 1194
persist-tun
persist-key
verb 3
auth SHA1
pull
auth-user-pass userpass.txt

Settings on mikrotik:
ppp/OVPN Server
Mode: ethernet
Default profile: cert1

ppp/Secrets
add user and settings:
local address: 10.8.8.1
remote address: 10.8.8.3

How would you have a problem, write.
Good luck.