Hello,

I'm trying to configure the Mikrotik OpenVPN server to accept connections from Windows openvpn.net client.

I'm using ROS v6 long-term.

The issue that I'm having is that

1. My current configuration isn't working. doh! - that's why I'm here.
2. And I can't find any relevant configuration example to use as a reference point.

While I'm happy to share my current configuration if that is the best way to progress.

If someone is aware of an example configuration that works, I can probably use that to see what my issue is.

The Mikrotik OpenVPN documentation that I have seen doesn't refer to the openvpn.net use case at all.

And so far I haven't been able to find a Mikrotik example on the openvpn.net documentation (not saying that it doesn't exist - but I'm yet to locate it).

I've been using a Youtube example, which matches my use-case perfectly, but unfortunately is 2 years old; and among other things it is clear that the openvpn.net client has changed significantly since the video was created.

Thanks

VW

OpenVPN support in v6 is really limited. e.g. it does not support UDP transport, only TCP. and does not support more advanced ways of authentication and several newer OpenVPN features.
In RouterOS v7 it is a bit better. But the situation basically remains that MikroTik has written their own OpenVPN clone, they are not using the opensource version. So it is incomplete, and always is lagging behind openvpn.net developments.

Getting correct documentation for v6 may become more challenging, as MikroTik has the habit of updating the manual without always mentioning at which version a feature is available. What you find on the help system now, mostly refers to v7 only.
You can use the old WiKi manual https://wiki.mikrotik.com/wiki/Main_Page to find information for v6.

Depending on what router you are using, it may be your best recourse to first upgrade to v7.
But on older devices, and particularly on devices with small flash storage like the hAP ac2, it may be unwise to do that now.

Hello pe1chl,

Thanks for responding, your post provides some clarity.

I'm trying to connect with the OpenVPN client configured to use: AES-256-CBC or AES-256-GCM

Neither work and fail with:
Mar/27/2024 21:15:01 ovpn,debug ovpn: <xx.xx.xx.xx>: disconnected <unknown cipher alg or key size>

But according to the Mikrotik wiki: aes256 is supported / allowed.

Do you happen to know which implementations are supported or how I might figure this out?

I have tried configuring the OpenVPN client to aes256, but it doesn't like that.

VW

No, I have never wasted my time on a RouterOS OpenVPN server, I am using Linux with the openvpn.net server instead.

Also, my usecase does not require paranoid encryption parameters, so I just use AES-128-GCM. But I don't know if that affects the situation with MikroTik.

Hello pe1chl,

Thanks for the response.

That is probably what I should be looking at as well.

Really appreciate your assistance.

I have wasted some time on this, but you have provided some useful explanation and probably the path going forward as well.

Cheers,
VW