Is it possible to configure OpenVPN server in RouterOS 6.15 ato authenticate users only by certificates? I'm migrating my old linux based PC router/vpn server to MikroTik CCR 1016 and I wanted to keep the same OpenVPN connection scenario, which is:
* each new user gets his own certificate and private key (and ca).
* users do not need password to authenticate, here's the sample client config:
Currently when I don't set password for my vpn user, I get this log message on the client side:
Code: Select all
client dev tun proto tcp remote SERVER_ADDRESS 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert MY.crt key MY.key cipher AES-128-CBC # Set log file verbosity. verb 3 ;auth-user-pass
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
I'm able to succesfully connect to VPN network when I set username and password in MikroTik and I uncomment auth-user-pass option. I don't want it though. It's safer for me to generate certificate/key pair for each user and let them authenticate only with those.