setting up/debugging ovpn-client

sejtam · December 23, 2014, 2:39pm

I am trying to connect to my HQ using my new RB2011

I have upgraded to the latest OS

My HQ gave me OVPN configuration consisting of

a ca root cert
a ovpn config file
in.key and out.key for tls-auth

The .ovpn file looks like this:

client
dev tap
proto tcp
remote VPNSERVER 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca root.crt
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
auth-user-pass
tls-auth in.key 1
tls-auth out.key 0
route-method exe
route-delay 2

There is no client key

I tried this setup:

0 name=“HQ” mac-address=FE:CD:81:30:86:B8 max-mtu=1500 connect-to=VPNSERVER port=1194 mode=ethernet user=“myuserid” password=“mypassword” profile=default certificate=none auth=null cipher=aes256 add-default-route=no

but I always get;

22:35:18 ovpn,info HQ: initializing…
22:35:18 ovpn,info HQ: connecting…
22:35:18 ovpn,info HQ: terminating… - peer disconnected
22:35:18 ovpn,info HQ: disconnected

How can I debug this further? I tried

/system logging add topic,ovpn,debug action-memory

but that doesn’t provide much more info (other than an extra line:

22:29:12 ovpn,debug HQ: disconnected

)

Any help is appreciated.

sejtam · December 23, 2014, 5:39pm

I suspect I need to extract the tls-auth key from what HQ gave me, but i cannot find where to specify that in the ovpn-client settings.
Please don’t tell me tls-auth is not supported..

Sob · December 23, 2014, 6:03pm

As you probably know, or at least suspect, MikroTik’s OpenVPN support is far from complete. You won’t have much success with comp-lzo either.