Community discussions

MikroTik App
 
januszm
just joined
Topic Author
Posts: 2
Joined: Fri Jul 04, 2014 10:30 pm

OpenVPN with certificate authentication only, no password

Fri Jul 04, 2014 10:41 pm

Hi, I've found some information about OpenVPN and username/password authentication in older threads and I'm not sure if it is still relevant.

Is it possible to configure OpenVPN server in RouterOS 6.15 ato authenticate users only by certificates? I'm migrating my old linux based PC router/vpn server to MikroTik CCR 1016 and I wanted to keep the same OpenVPN connection scenario, which is:

* each new user gets his own certificate and private key (and ca).
* users do not need password to authenticate, here's the sample client config:
client
dev tun
proto tcp
remote SERVER_ADDRESS 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert MY.crt
key MY.key
cipher AES-128-CBC

# Set log file verbosity.
verb 3

;auth-user-pass
Currently when I don't set password for my vpn user, I get this log message on the client side:

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)


I'm able to succesfully connect to VPN network when I set username and password in MikroTik and I uncomment auth-user-pass option. I don't want it though. It's safer for me to generate certificate/key pair for each user and let them authenticate only with those.

Who is online

Users browsing this forum: Baidu [Spider], FoxJr and 115 guests