Problems OpenVPN

Hi
I’m new at Mikrotik and unfortunatelly i’m stuck when I would like to set the openvpn connection between mikrotik router and PC
I generated the certificates on Mikrotik. (When I sign the CA I set the CA CRL HOST: to WAN IP Address, and I tested with local IP address as well (192.168.1.1.), The other preblem was, when I created the certificates, I couldn’t set the the Subj. alt. name . I left it as DNS and I left the field empty. I thought it is good, but It is set as IP in the youtube videos, but the field next to stayed blank)
I activated the openvpn at PPP->openvpn PORT 1197 Certificate name: Server, Req. Client Cert: checked, Auth: sha1, cipher AES256,
Firewall: input rule protocol: tcp , Dst. port 1197 Accept
The profile is set, the secret is set also. (The profile works with pptp connection, and the service is set to any)
My ovpn config file is the following:
client
dev tun
proto tcp-client
remote xx.xxx.xxx.xxx ( WAN IP address )
port 1197
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca CA3.crt
cert Client.crt
key Client.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache

The client log file:
Fri Mar 20 13:17:43 2020 us=546106 Current Parameter Settings:
Fri Mar 20 13:17:43 2020 us=546106 config = ‘mobilmikrotik.ovpn’
Fri Mar 20 13:17:43 2020 us=546106 mode = 0
Fri Mar 20 13:17:43 2020 us=546106 show_ciphers = DISABLED
Fri Mar 20 13:17:43 2020 us=546106 show_digests = DISABLED
Fri Mar 20 13:17:43 2020 us=546106 show_engines = DISABLED
Fri Mar 20 13:17:43 2020 us=546106 genkey = DISABLED
Fri Mar 20 13:17:43 2020 us=546106 key_pass_file = ‘[UNDEF]’
Fri Mar 20 13:17:43 2020 us=546106 show_tls_ciphers = DISABLED
Fri Mar 20 13:17:43 2020 us=546106 Connection profiles [default]:
Fri Mar 20 13:17:43 2020 us=546106 NOTE: --mute triggered…
Fri Mar 20 13:17:43 2020 us=546106 275 variation(s) on previous 10 message(s) suppressed by --mute
Fri Mar 20 13:17:43 2020 us=546106 OpenVPN 2.3.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 7 2014
Fri Mar 20 13:17:43 2020 us=546106 library versions: OpenSSL 1.0.1i 6 Aug 2014, LZO 2.05
Enter Management Password:
Fri Mar 20 13:17:43 2020 us=547103 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Fri Mar 20 13:17:43 2020 us=547103 Need hold release from management interface, waiting…
Fri Mar 20 13:17:44 2020 us=36140 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Fri Mar 20 13:17:44 2020 us=137908 MANAGEMENT: CMD ‘state on’
Fri Mar 20 13:17:44 2020 us=138774 MANAGEMENT: CMD ‘log all on’
Fri Mar 20 13:17:44 2020 us=175618 MANAGEMENT: CMD ‘hold off’
Fri Mar 20 13:17:44 2020 us=177613 MANAGEMENT: CMD ‘hold release’
Fri Mar 20 13:17:47 2020 us=837205 MANAGEMENT: CMD ‘password […]’
Fri Mar 20 13:17:47 2020 us=842184 Control Channel MTU parms [ L:1559 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Mar 20 13:17:47 2020 us=842184 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Mar 20 13:17:47 2020 us=842184 Data Channel MTU parms [ L:1559 D:1450 EF:59 EB:4 ET:0 EL:0 ]
Fri Mar 20 13:17:47 2020 us=842184 Local Options String: ‘V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client’
Fri Mar 20 13:17:47 2020 us=842184 Expected Remote Options String: ‘V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server’
Fri Mar 20 13:17:47 2020 us=842184 Local Options hash (VER=V4): ‘5cb3f8dc’
Fri Mar 20 13:17:47 2020 us=842184 Expected Remote Options hash (VER=V4): ‘898ae6c6’
Fri Mar 20 13:17:47 2020 us=842184 Attempting to establish TCP connection with [AF_INET]86.101.239.17:1197
Fri Mar 20 13:17:47 2020 us=842184 MANAGEMENT: >STATE:1584706667,TCP_CONNECT,
Fri Mar 20 13:18:08 2020 us=845949 TCP: connect to [AF_INET]86.101.239.17:1197 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)
Fri Mar 20 13:18:13 2020 us=848097 MANAGEMENT: >STATE:1584706693,TCP_CONNECT,
Fri Mar 20 13:18:34 2020 us=851863 TCP: connect to [AF_INET]86.101.239.17:1197 failed, will try again in 5 seconds: Connection timed out (WSAETIMEDOUT)


I’m totally lost… Any Idea very very welcome.

THX Adam

It doesn’t look like it’s able to connect at all. Do you see any activity on server? Incoming packets to port 1197?

Hi,
I can not see any what is related to openvpn in the log file. ( I don’t know how can I download the log file to show it…I’m a beginer about Mikrotik ) By the way, I 've choosen the openvpn topics In the log settings. I can connect to the Mikrotik via PPTP and I can see the new lines in the log.

It is strange, that I have to type the secret’s username and password and the client sign password . So maybe the client is trying to connect to the Mikrotik…
So I’m lost

Thank in advance
Adam

Make sure that port 1197 is really open. You can use some online port checker. If it’s not, check your firewall rules. Order of rules matters, you need the accept rule before others that would block the port.

Oh my Gosh!!
Thank you your idea!
The port is not accesable from the WAN! Our provider has already opened it. At least they sad. But it is closed. ( I didn’t test it.) Probably this is the problem! I’ll send an email to them at once.
Thank you again your idea! You saved my evening!

Adam