I have issues with ovpn server running on Mikrotik - like tons of other people here as I saw, but here it was a perfectly working ovpn server for years, while running ROS6 up to 6.48.6. Unfortunately I thought it was safe to upgrade now and I have updated it to ROS 7.8 a few days ago - well, it was not.
Code: Select all
OVPN server: enabled: yes port: 1194 mode: ip protocol: tcp netmask: 24 mac-address: xxx max-mtu: 1500 keepalive-timeout: 60 default-profile: profile1-ovpn certificate: xxx.crt_0 require-client-certificate: yes tls-version: any auth: sha1 cipher: aes256-cbc reneg-sec: 3600 redirect-gateway: disabled enable-tun-ipv6: no tun-server-ipv6: :: ipv6-prefix-len: 64
ovpn config file:
remote xx.xx.xx.xx 1194
remote-cert-eku "TLS Web Server Authentication"
log errors:Flags: K - PRIVATE-KEY; T - TRUSTED
Columns: NAME, COMMON-NAME, FINGERPRINT
# NAME COMMON-NAME FINGERPRINT
0 KT xx.crt_0
1 T xxx.crt_0
It was pretty common V6 setup with SHA1/AES-256-cbc, tcp, working like a charm. First, after the upgrade to 7.8, I received "TLS error: ssl: unsupported certificate algo (6)". If I enable sha256 in ovpn settings, it changes to "TLS failed" - but still no luck. I tried to allow all auth/cipher options except the gcm versions, but it is the same.<xx.xx.xx.xx>: disconnected <TLS failed>
Now the important question - what the hell has happened in ROS7, that it destroyed a working ovpn server? Mikrotik ignores all the ovpn posts.. thank you for any suggestions