I have a RB750 and RB450 as OpenVPN Server and Client.
This works fine when the OpenVPN only uses username/password.
But not with certificates. Then I get
17:40:03 ovpn,info TCP connection established from <MY.IP >
17:40:03 ovpn,info <ovpn-0>: dialing...
17:40:06 ovpn,info <ovpn-0>: terminating... - TLS handshake failed
17:40:06 ovpn,info <ovpn-0>: disconnected
OpenVPN server config:
/interface ovpn-server
add comment="" disabled=no name=ovpn-server-mngt user=""
/interface ovpn-server server
set auth=sha1 certificate=Certificate cipher=blowfish128,aes128,aes192,aes256 default-profile=profil_ovpn enabled=yes keepalive-timeout=60 \
mac-address=FE:D5:D8:B2:8D:BA max-mtu=1400 mode=ip netmask=24 port=1194 require-client-certificate=yes
I have added users and the certificate has the “KR” in front (as I presume an OK imported certificate is installed)
Then I have made another certificate for the client, from the same CA. This is also imported with success to the mikrotik (same KR in front in Winbox)
/interface ovpn-client
add add-default-route=no auth=sha1 certificate=CRT cipher=aes128 \
comment="" connect-to=1.2.3.4 disabled=no mac-address=\
00:00:00:00:00:00 max-mtu=1500 mode=ip name=ovpn-out1 password=hemmelig \
port=1194 profile=default-encryption user=username
There was a bug with OpenVPN with password in 3.28, and worked when upgrading both to 3.30.
Now I’ve also tried 4.1 but no luck…
