Community discussions

 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

OpenVPN connection with certificates authorisation

Sat Nov 21, 2015 3:18 pm

Hello,

Please help me to configure my OpneVPN connection to OpenVPN Server.

I have generated from server my certs:
ca.crt
my.crt
my.key

I have found some instructions how to configure ovpn client, but most of them have user name and passwords.

My authorization is based on certificates.

Please help me how to connect from my Mikrotik Router to ovpn server (linux based).
Last edited by MikroTikFan on Mon Nov 23, 2015 3:47 pm, edited 1 time in total.
 
slech
Long time Member
Long time Member
Posts: 533
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: OpenVPN connection with certificates authorisation

Sat Nov 21, 2015 10:21 pm

MikroTikFan
Try this: Configure OpenVPN client
sorry for my english
 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: OpenVPN connection with certificates authorisation

Sun Nov 22, 2015 12:07 am

Thanks, this is very important, especially user=CN <common name of client cert>

Now go to PPP/Profiles and create a new profile named openvpn-client. Set as follows...
Use IPv6: no
Use MPLS: no
Use Compression: no
Use VJ Compression: no
Use Encryption: yes
All other fields can be left empty or at their defaults.

Now go to PPP/Interface and add a new OVPN Client. Set as follows...
Connect to: <server ip address>
Port: 1194 <or whatever port your server uses>
Mode: ip
User: <common name of client cert>
Profile: openvpn-client
Certificate: <your client cert>
Auth: <match your server>
Cipher: <match your server>

but after this I have still problem in NAT rule:

Chain:srcnat
Out.Interface:ovpnclient
Action:masquerade

RED: ovpn-client not ready ;-(

IP->Routes

BLUE: ovpn-client unreachable

Please help me to find connection problem.
 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: OpenVPN connection with certificates authorisation

Mon Nov 23, 2015 1:01 pm

I have checked informations from OpenVPN server logs.

Unfortunately in OpenVPN server logs I don't see any connections tyres from my client.

On the other hand from OpenVPN Client side I see that each connection is ended - disconnected

Please look at my log (attachment) and help me why Mikrotik is not going to establish connection to OpenVPN Server ?
You do not have the required permissions to view the files attached to this post.
 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: OpenVPN connection with certificates authorisation

Mon Nov 23, 2015 11:43 pm

I think that I just found reason in post

http://forum.mikrotik.com/viewtopic.php?f=1&t=77898

about problems to use UDP with OpenVPN (1194)

Is there any way to connect as OpenVPN client to UDP 1194 port ?

Default protocol for OpenVPN is 1194 (UDP) and this is not working ?
 
User avatar
MTeeker
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Tue Jun 14, 2011 2:42 pm
Location: Australia

Re: OpenVPN connection with certificates authorisation

Tue Nov 24, 2015 3:21 am

Is there any way to connect as OpenVPN client to UDP 1194 port ?
I think you missed the point that unless and until MikroTik implements it, a MikroTik router (as OpenVPN server) accepts only tcp protocol for openVPN connection.
Default protocol for OpenVPN is 1194 (UDP) and this is not working ?
As above. The line below is included in the OpenVPN script on client machine for this reason.

proto tcp-client
 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: OpenVPN connection with certificates authorisation

Tue Nov 24, 2015 7:22 am

proto tcp-client
but I need UDP, so how can I run ovpn client with udp-proto?
 
trainwreck
just joined
Posts: 4
Joined: Thu Oct 29, 2015 1:35 am

Re: OpenVPN connection with certificates authorisation

Tue Nov 24, 2015 9:42 am

Nah, you won't be able to do it. Not at least without what seems like a significant performance hit.

In your linked thread, one post tells you that you can use the "Metarouter" feature to enable OpenVPN with UDP, but be aware that the router's performance will be noticeably less.

I'm not sure I understand the technical reasons why it is this way, but it is...
 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: OpenVPN connection with certificates authorisation

Tue Nov 24, 2015 1:58 pm

Solution based on MetaRouter (OpenWRT) is not efficient and quite complicated.
I'm owner of Mikrotik router and Mikrotik OS not OpenWRT.

I just expect from Mikrotik to support market standards solutions like OpenVPN UDP and TCP.
I need to connect to OpenVPN 1194 (UDP) which is a standard solution and really I don't know how I can I do this using Mikrotik OS.
 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: OpenVPN connection with certificates authorisation

Tue Nov 24, 2015 2:03 pm

Frequent Visitor explained

I think you missed the point that unless and until MikroTik implements it, a MikroTik router (as OpenVPN server) accepts only tcp protocol for openVPN connection.
that Mikrotik implements this, so I understand that using

1) Mikrotik OpenVPN server I can't use UDP

but other case is if I use

2)Mikrotik as OpenVPN client which is immplemented.

My problem is 2) so how can I run OpenVPN Client on UDP port ?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN connection with certificates authorisation

Tue Nov 24, 2015 2:10 pm

You can't. UDP mode is currently unsupported.
 
MikroTikFan
Member Candidate
Member Candidate
Topic Author
Posts: 196
Joined: Sat Aug 02, 2014 1:13 am

Re: OpenVPN connection with certificates authorisation

Wed Nov 25, 2015 12:22 am

UDP mode is currently unsupported in both openvpn roles client (server other router) and server on Mikrotik ;-(

Why this is so popular in other routers and UDP port is simply faster !
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN connection with certificates authorisation

Wed Nov 25, 2015 6:22 pm

Who is online

Users browsing this forum: No registered users and 106 guests