Hello! I’m trying to use mikrotik’s OpenVPN client with tls auth option. As mentioned in help, I’ve prepared .ovpn config:
client
dev tun
resolv-retry infinite
nobind
remote ip port
proto tcp
comp-lzo yes
tls-client
key-direction 1
remote-cert-tls server
keepalive 10 120
persist-key
persist-tun
verb 0
cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
ca...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
cert...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
key...
-----END PRIVATE KEY-----
</key>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
key...
-----END OpenVPN Static key V1-----
</tls-auth>
Also tryed to use tls-crypt tag instead of tls-auth tag.
After this - import this file:
/interface/ovpn-client/import-ovpn-configuration skip-cert-import=no
Mikrotik returns 3 errors in log:
unsupported configuration parameter 'comp-lzo'
unsupported configuration parameter 'keepalive'
configuration does not specify auth, using default
And after connecting to server:
ovpn-import1737366261: initializing...
ovpn-import1737366261: connecting...
ovpn-import1737366261: disconnected <could not connect>
ovpn-import1737366261: terminating... - could not connect
Logs on server side:
TLS error : cannot locate HMAC in incoming packet
As far as I can understand, the tls auth key was not imported. How to solve the problem?