Hello all!
Is openvpn on current router os 3.4 possible to use without generating any certificates, i.e. create a ovpn tunnel with just username/password like l2tp / pptp ?
I have tried this already but always getting TLS handshake errors, so i guess it isnt possible without generating certificates on router os.
However, maybe i configured something wrong (was setting up a simple ovpn server/client without any special rules).
Anyone got this to work that way ?
Thanks in advance,
Juergen
/interface ovpn-server server set require-client-certificate=no
IF you set this option to no, then clients will be able to connect to server without certificate, only username and password.
Yes this is what i thought - the checkbox is also disabled by default.
This is my test-configuration (username/password is replaced by xxx):
Server:
/interface ovpn-server server
set auth=sha1,md5 certificate=none cipher=blowfish128,aes128 \
default-profile=default enabled=yes keepalive-timeout=60 \
mac-address=FE:EB:00:01:45:E1 max-mtu=1500 mode=ip netmask=24 port=1194 \
require-client-certificate=no
/interface ovpn-server
add comment="" disabled=no name="ovpn-in" user="xxx"
Client:
/interface ovpn-client
add add-default-route=no auth=sha1 certificate=none cipher=aes128 comment="" connect-to=212.114.xxx.xx \
disabled=no mac-address=00:00:00:00:00:00 max-mtu=1500 mode=ip name="ovpn-out" \
password="xxx" port=1194 profile=default user="xxx"
But not getting it to work (TLS handshake error).
What about NAT with OVPN, could this be the problem ? The OVPN client is behind a NAT router.
Juergen.
You have to set certificate for OVPN server, even if client certificates are not required.
Ok thank you, i will test this.