I'm a Mikrotik noob but have been working in networking for a long time, and have a lot of experience with Ubiquiti. I'm moving some of the systems away from them and this is causing me some issues.
OpenVPN with Cert Based Auth is easy on EdgeRouters and USG but I now want to connect a remote hEX router to an existing deployment.
This has caused issues as I needed to run a different OpenVPN server set up to allow password auth, but I have this OpenVPN server running on the USG and can connect to it from an OpenVPN client on a laptop without issues.
However, the Mikrotik router will not connect, it simply shows the following in a loop in the log:
Code: Select all
09:28:52 ovpn,info ovpn-DoraAve: initializing...
09:28:52 ovpn,info ovpn-DoraAve: connecting...
09:28:53 ovpn,info ovpn-DoraAve: terminating... - could not connect
09:28:53 ovpn,info ovpn-DoraAve: disconnected
09:29:03 ovpn,info ovpn-DoraAve: initializing...
09:29:03 ovpn,info ovpn-DoraAve: connecting...
09:29:03 ovpn,info ovpn-DoraAve: terminating... - could not connect
09:29:03 ovpn,info ovpn-DoraAve: disconnected
09:29:13 ovpn,info ovpn-DoraAve: initializing...
09:29:13 ovpn,info ovpn-DoraAve: connecting...
09:29:13 ovpn,info ovpn-DoraAve: terminating... - could not connect
09:29:13 ovpn,info ovpn-DoraAve: disconnected
09:29:23 ovpn,info ovpn-DoraAve: initializing...
09:29:23 ovpn,info ovpn-DoraAve: connecting...
09:29:24 ovpn,info ovpn-DoraAve: terminating... - could not connect
09:29:24 ovpn,info ovpn-DoraAve: disconnected
Code: Select all
[admin@MikroTik] > interface ovpn-client print
Flags: X - disabled, R - running
0 name="ovpn-DoraAve" mac-address=02:84:0F:3E:FF:1E max-mtu=1500 connect-to=82.69.xxx.yyy port=1194
mode=ip user="XXXX" password="XXXX" profile=default certificate=XXXXX
verify-server-certificate=no auth=sha1 cipher=aes128 use-peer-dns=no add-default-route=no
[admin@MikroTik] >
How can I work out what is happening? I've tried to set the ovpn logs on the Mikrotik to debug but that didn't give me anything.
On the server, the logs show nothing, not even a connection attempt from the Mikrotik, but do give me output when the laptop connects.
Ideally I'd like a verbose log of a connection attempt, or at least some sort of clue what is actually going on here to allow me to deploy the Mikrotik to the remote site. All testing has been done with the Mikrotik on a different network to the USG, with a different WAN provider, so it's not a hairpin NAT type of issue.
Can anyone give me some pointers?
Stefan