Community discussions

MUM Europe 2020
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Sun Dec 14, 2014 4:23 pm

setting up/debugging ovpn-client

Tue Dec 23, 2014 4:39 pm

I am trying to connect to my HQ using my new RB2011

I have upgraded to the latest OS

My HQ gave me OVPN configuration consisting of

1. a ca root cert
2. a ovpn config file
3. in.key and out.key for tls-auth

The .ovpn file looks like this:
client
dev tap
proto tcp
remote VPNSERVER 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca root.crt
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
auth-user-pass
tls-auth in.key 1
tls-auth out.key 0
route-method exe
route-delay 2
There is no client key

I tried this setup:
0 name="HQ" mac-address=FE:CD:81:30:86:B8 max-mtu=1500 connect-to=VPNSERVER port=1194 mode=ethernet user="myuserid" password="mypassword" profile=default certificate=none auth=null cipher=aes256 add-default-route=no
but I always get;
22:35:18 ovpn,info HQ: initializing...
22:35:18 ovpn,info HQ: connecting...
22:35:18 ovpn,info HQ: terminating... - peer disconnected
22:35:18 ovpn,info HQ: disconnected
How can I debug this further? I tried
/system logging add topic,ovpn,debug action-memory
but that doesn't provide much more info (other than an extra line:
22:29:12 ovpn,debug HQ: disconnected <peer disconnected>
)


Any help is appreciated.
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 66
Joined: Sun Dec 14, 2014 4:23 pm

Re: setting up/debugging ovpn-client

Tue Dec 23, 2014 7:39 pm

I suspect I need to extract the tls-auth key from what HQ gave me, but i cannot find where to specify that in the ovpn-client settings.
Please don't tell me tls-auth is not supported..
 
Sob
Forum Guru
Forum Guru
Posts: 4889
Joined: Mon Apr 20, 2009 9:11 pm

Re: setting up/debugging ovpn-client

Tue Dec 23, 2014 8:03 pm

As you probably know, or at least suspect, MikroTik's OpenVPN support is far from complete. You won't have much success with comp-lzo either.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.

Who is online

Users browsing this forum: MSN [Bot] and 103 guests