Problems configuring OpenVPN Client on RouterOS

RouterOS Beginner Basics
1

Hi all,

I really would appreciate any help here. I have the following configuration running.

  1. LINUX server with OpenVPN Server running
    – port 1194
    – encryption: AES256-CBC-fixed
    – option - client-to-client yes
    – Additional configurations –
    topology subnet
    script-security 2

  2. Clients configured on that server

On the router where server is running - port 1194 is forwarded on UDP to the OPENVPN Server. This is all working.

I can connect to that server just fine using OpenVPN GUI in windows or OVPN connect from Ubuntu Desktop. I export the key / crt for (testclient) and import them in Certificates. I now have 2 entries under certificates - 1) for ca.crt and another for testclient.key & testclient.crt with the MARK KR - so that should be ok

Now the ovpn-client config: (RouterOS 5.20)

PROFILE

/ppp profile
add change-tcp-mss=default comment="" name=openvpn-out only-one=default use-compression=default use-encryption=default use-vj-compression=default

ovpn-client

/interface ovpn-client
add add-default-route=no auth=sha1 certificate=testclient cipher=aes256 comment="" connect-to=8x.xx.xx.xx disabled=no mode=ip name=OVPN-Client user=user1 port=1194 profile=openvpn-out

Logs look like that:

OVPN-Client: initializing....
OVPN-Client: dialing...
OVPN-Client: terminating...
OVPN-Client: disconnected...

I am not sure what am I doing wrong, I have tried changing auth to none etc but no luck. I am also very confused about the user= value since I do not use users but crt/key to identify clients… If anyone could help I would greatly appreciate this.

Thanks a lot :sunglasses:

EDIT:::
After more reading and digging through old posts on the forum, i found out that the server had to be TCP, thats now changed. New certs etc generated. LZO compression seems also not supported so that is turned off as well.

AFTER further investigation::: the following ovpn config is working and connects just fine to my OVPN Server

client
proto tcp-client
dev tun
ca ca.crt
dh dh2048.pem
cert client1.crt
key client1.key
remote <IPOFYOURSERVER> 1194
cipher AES-256-CBC
verb 2
mute 20
keepalive 10 120
persist-key
persist-tun
float
resolv-retry infinite
nobind