Hello,
I’m having an issue where I’m using a Mikrotik Device as an OVPN Server
The CA certificate(CA CRL host as WAN IP) and the Client Certificate(with password) was exported, and then imported into a Mikrotik device to be the OVPN Client.
Any help on this? is it possible this just won’t work?
If you want to verify server certificate (which is good idea), then whatever client has in Connect To needs to be in server certificate as either Common Name or Subject Alt. Name.
I made the common name the WAN address of the OVPN as well.
I’ve spent roughly 4 hours doing every variation of tutorial and option.
https://www.youtube.com/watch?v=LxxF7YFL3Ds
https://www.youtube.com/watch?v=ssrRrY8bDiA
https://www.medo64.com/2016/12/simple-openvpn-server-on-mikrotik/
https://support.safervpn.com/hc/en-us/articles/360035919413-Setup-OpenVPN-manually-on-Mikrotik-Router
https://systemzone.net/mikrotik-openvpn-setup-with-windows-client/
https://wiki.mikrotik.com/wiki/OpenVPN
https://systemzone.net/mikrotik-openvpn-setup-with-windows-client/
We’ve talked on discord and think there is an issue with the ros system and OVPN functionality. My OVPN client is having essentially the same issue. I’ve been forced to “report a bug” and hope for the best.
Daily bump.
Don’t do that! There have been problems with OpenVPN for 10 years already and bumping has had no other effect than that there now finally is an improved version in the RouterOS v7 beta (which had been promised for several years already).
You can try the beta (considering the normal things when running a beta) or otherwise please shut up until it is released.
There have been some problems with OpenVPN in RouterOS, but it’s not like it doesn’t work at all. I normally use certificates created outside of RouterOS (using e.g. OpenVPN’s easy-rsa scripts), mainly because I find ability to back them up from RouterOS problematic. But in the past I tried certificates created in RouterOS too, when somebody complained that it didn’t work (unfortunately I can’t find the post), and it worked too.
Yall have me so impressed with your support, I went ahead and bought 153k worth of cisco devices
Comes with 3 year good support 
https://imgur.com/a/lOPPDwC
Maybe next year mikro-whatever.
Also, if you manage to get routerOS install on an X86 without a cd-rom, please shoot me a message.
Does it support OpenVPN?
Did you compare with the cost of other brands (not only low-end like MikroTik but also a bit higher like UBNT or similar)?
If you want anyone to learn a lesson or something, you should probably direct this to someone from MikroTik. A feedback from unsatisfied potential customer. This is just user forum. We do like to help others. But in the end, if you’re happy or unhappy with MikroTik, if you spend not 153k but 153M on their hardware or hardware from other manufacturers, our cut is still zero. 
If I wanted to install x86 version on hardware without CD drive, I’d connect one temporarily, because it should be the easiest solution. If it’s not possible, then another machine with CD, install it there and then move the drive. Or write image to disk. MikroTik doesn’t provide one for x86, but you can install RouterOS in VM and create disk image from that. I didn’t try it, but it could work. Just start without license, because the clone will have different software ID.
“If you want anyone to learn a lesson or something, you should probably direct this to someone from MikroTik”
Let’s be serious, of course I want them to learn a lesson, the same lesson I want my dog to learn when I leave steaks on the floor and he eats them when he shouldn’t.
Do you think it’s possible to teach my dog to not eat steaks on the floor when I’m not in the room? This may sound petty and trite, but hey, turnabout is fairplay for the support ive gotten.
I understand you aren’t mikrotik support, but maybe mikrotik support should monitor the forums.
Completely OT, but since you mentioned it…
I also thought that it would be nice if they were more active in forum. But the longer I’m here, the less I think that it would work well. It would most likely be just enormous waste of resources.
People who come here asking for help are very different, their expectations are different, and same for their ability to cooperate. On one end is someone skilled, with complex problem, who does maximum to provide all info, is open to suggestions, etc. On the other is person who doesn’t have a clue about anything, getting any info from them feels like interrogation of captured enemy, refuses any advice anyway, but insists that someone else does all the work. On top of that, you never know who really wants the help.
Over the years I’ve spent many hours testing things, writing configs and explanations, only to get no response at all. So personally I now use rough filter:
I’m willing to go into more details, if it seems that poster is trying hard, i.e. posts detailed info, explains what’s clear to them or not and why, what they tried and what results they got, etc.
If I see post like yours with obvious mistake (wrong CN), I point it out. If it’s enough, good. If not, then ideally the next response is more detailed and we can continue. “I tried all these tutorials” is not the best choice, because it doesn’t tell anyone what exactly you did.
Some posts are clearly hopeless, e.g. the “I don’t even know how to use Google” kind, all I can do with those is to wish poster good luck.
Now imagine support dealing with all this. Or better, dealing with all this, in addition to loads of the same they undoubtedly get through official support channel. I don’t know how many people they have now, but they would need many more. Especially when everyone would ideally want priority support without much waiting.