Community discussions

MikroTik App
  4. RouterOS
  5. General

OpenVPN Cloud

Post Reply
 
User avatar
stek
newbie
Topic Author
Posts: 47
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland

OpenVPN Cloud

Sat May 28, 2022 11:13 am

Hi,
I am trying to connect routerOS 7.2.3 to OpenVPN Cloud.
On OpenVPN claud there are instructions to connect different routers but not Mikrotik. The .ovpn file containing the certificates is provided which I can without problems import to RouterOS.
I try to reproduce the instructions on RouterOS, but upon connection I get "TSL failed"



file .ovpn:
Code: Select all
etenv USERNAME "stek/connector/baff8c61-2d91-4cbe-833b-01aac4268c72_9510df84-cd6f-4bd0-b2dd-dc61afc27175"
# OVPN_WEBAUTH_FRIENDLY_USERNAME=stek/stekhome/connector01
# OVPN_FRIENDLY_PROFILE_NAME=stekhome@stek.openvpn.com [Zurich]
client
dev tun
remote ch-zrh.gw.openvpn.com 1194 udp
remote ch-zrh.gw.openvpn.com 1194 udp
remote ch-zrh.gw.openvpn.com 443 tcp
remote ch-zrh.gw.openvpn.com 1194 udp
remote ch-zrh.gw.openvpn.com 1194 udp
remote ch-zrh.gw.openvpn.com 1194 udp
remote ch-zrh.gw.openvpn.com 1194 udp
remote ch-zrh.gw.openvpn.com 1194 udp
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
persist-tun
nobind
verb 3
socket-flags TCP_NODELAY
<ca>
-----BEGIN CERTIFICATE-----
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Mxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
...
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END OpenVPN Static key V1-----
</tls-crypt>

Please help
regards
Stefano
Last edited by stek on Sat May 28, 2022 11:42 am, edited 1 time in total.
Top
 
User avatar
stek
newbie
Topic Author
Posts: 47
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland

Re: OpenVPN Cloud

Sat May 28, 2022 11:41 am

This is the debug llog
Code: Select all
10:38:30 ovpn,info ovpn-out3: initializing...
 10:38:30 ovpn,info ovpn-out3: connecting...
 10:38:30 ovpn,debug,packet sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f0e7d91cbf78a22 pid=0 DATA len=0
 10:38:30 ovpn,debug,packet sent P_CONTROL kid=0 sid=f0e7d91cbf78a22 pid=1 DATA len=132
 10:38:31 ovpn,debug,packet rcvd P_CONTROL_SOFT_RESET kid=7 sid=f442fdd44af14e8f pid=0 DATA len=0
 10:38:31 ovpn,debug,packet sent P_CONTROL_SOFT_RESET kid=7 sid=f1da25608ce6b4a6 [0 sid=f442fdd44af14e8f] pid=0 DATA len=0
 10:38:31 ovpn,debug,packet sent P_CONTROL kid=7 sid=f1da25608ce6b4a6 pid=1 DATA len=132
 10:38:31 ovpn,debug,packet rcvd P_ACK kid=7 sid=f442fdd44af14e8f [0 sid=f1da25608ce6b4a6] DATA len=0
 10:38:31 ovpn,debug,packet rcvd P_CONTROL kid=7 sid=f442fdd44af14e8f [1 sid=f1da25608ce6b4a6] pid=1 DATA len=1170
 10:38:31 ovpn,debug,packet sent P_ACK kid=7 sid=f1da25608ce6b4a6 [1 sid=f442fdd44af14e8f] DATA len=0
 10:38:31 ovpn,debug,packet rcvd P_CONTROL kid=7 sid=f442fdd44af14e8f pid=2 DATA len=1046
 10:38:31 ovpn,debug,packet sent P_ACK kid=7 sid=f1da25608ce6b4a6 [2 sid=f442fdd44af14e8f] DATA len=0
 10:38:31 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f0e7d91cbf78a22 pid=0 DATA len=0
 10:38:31 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0e7d91cbf78a22 pid=1 DATA len=132
 10:38:31 ovpn,debug,packet sent P_CONTROL kid=7 sid=f1da25608ce6b4a6 pid=2 DATA len=1400
 10:38:31 ovpn,debug,packet sent P_CONTROL kid=7 sid=f1da25608ce6b4a6 pid=3 DATA len=704
 10:38:31 ovpn,debug,packet rcvd P_ACK kid=7 sid=f442fdd44af14e8f [2 sid=f1da25608ce6b4a6] DATA len=0
 10:38:32 ovpn,debug,packet rcvd P_CONTROL kid=7 sid=f442fdd44af14e8f [3 sid=f1da25608ce6b4a6] pid=3 DATA len=51
 10:38:32 ovpn,debug,packet sent P_ACK kid=7 sid=f1da25608ce6b4a6 [3 sid=f442fdd44af14e8f] DATA len=0
 10:38:32 ovpn,debug,packet sent P_CONTROL kid=7 sid=f1da25608ce6b4a6 pid=4 DATA len=287
 10:38:32 ovpn,debug,packet rcvd P_CONTROL kid=7 sid=f442fdd44af14e8f [4 sid=f1da25608ce6b4a6] pid=4 DATA len=233
 10:38:32 ovpn,debug,packet sent P_ACK kid=7 sid=f1da25608ce6b4a6 [4 sid=f442fdd44af14e8f] DATA len=0
 10:38:32 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f0e7d91cbf78a22 pid=0 DATA len=0
 10:38:32 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0e7d91cbf78a22 pid=1 DATA len=132
 10:38:33 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f0e7d91cbf78a22 pid=0 DATA len=0
 10:38:33 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0e7d91cbf78a22 pid=1 DATA len=132
 10:38:34 ovpn,debug,packet re-sent P_CONTROL_HARD_RESET_CLIENT_V2 kid=0 sid=f0e7d91cbf78a22 pid=0 DATA len=0
 10:38:34 ovpn,debug,packet re-sent P_CONTROL kid=0 sid=f0e7d91cbf78a22 pid=1 DATA len=132
 10:38:35 ovpn,info ovpn-out3: terminating...
 10:38:35 ovpn,info ovpn-out3: disabled
 10:38:35 system,info device changed by admin
 10:38:47 system,info,account user admin logged in from 172.16.8.102 via local
Top
 
User avatar
stek
newbie
Topic Author
Posts: 47
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland

Re: OpenVPN Cloud

Sat May 28, 2022 2:58 pm

OpenVPN Cloud support is saying that RouterOS doesn't support sha256

https://support.openvpn.com/hc/en-us/re ... 592?page=1

On RouterOS7.2-3 should be supported, is correct?

regards
Stefano
Top
 
Sob
Forum Guru
Forum Guru
Posts: 9121
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVPN Cloud

Sat May 28, 2022 5:22 pm

Yes, but you will have problem with tls-crypt, RouterOS doesn't have that.
Top
 
User avatar
stek
newbie
Topic Author
Posts: 47
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland

Re: OpenVPN Cloud

Mon May 30, 2022 3:41 pm

Yes, I read here about the limitations: https://help.mikrotik.com/docs/display/ROS/OpenVPN

imitations
Currently, unsupported OpenVPN features:

LZO compression
TLS authentication
authentication without username/password
OpenVPN username is limited to 27 characters and password to 233 characters.

is really a shame, I will have to think about getting another router!

Regards
Top
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1348
Joined: Mon Sep 23, 2019 1:04 pm

Re: OpenVPN Cloud

Mon May 30, 2022 7:16 pm

Shame you didn't test RouterOS in a VM first.
Top
 
User avatar
stek
newbie
Topic Author
Posts: 47
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland

Re: OpenVPN Cloud

Mon May 30, 2022 9:25 pm

don't worry, I started with Mikrotik because I have been using them for years for many things, I am surprised though at these limitations.
I had already used OpenVPN server (not cloud) successfully.
No problem, I will find an alternative solution.

Regards
Stefano
Top
Post Reply

Who is online

Users browsing this forum: gene, loloski, maldridge and 109 guests
  4. RouterOS
  5. General