Community discussions

MikroTik App
 
ico747
just joined
Topic Author
Posts: 1
Joined: Tue Feb 09, 2021 11:06 am

openvpn certicates problem

Wed Feb 23, 2022 2:12 pm

With certificates for openvpn generated with RouterOS 6.42.9 my openvpn server on Mikrotik router works properly. When certificates are generated with Openssl and imported as per https://wiki.mikrotik.com/wiki/Manual:C ... n_RouterOS Mikrotik openvpn server does not work. Below is log from the openvpn client running under UBUNTU 20.4.
OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Control Channel MTU parms [ L:1623 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Data Channel MTU parms [ L:1623 D:1450 EF:123 EB:406 ET:0 EL:3 ]
Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client'
Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_SERVER,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-server'
TCP/UDP: Preserving recently used remote address: [AF_INET]62.2.157.138:1194
Socket Buffers: R=[131072->131072] S=[16384->16384]
Attempting to establish TCP connection with [AF_INET]62.2.157.138:1194 [nonblock]
TCP connection established with [AF_INET]62.2.157.138:1194
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]62.2.157.138:1194
TLS: Initial packet from [AF_INET]62.2.157.138:1194, sid=340fa99f 8590a612
ERIFY OK: depth=1, C=CH, ST=Aargau, L=xxx, O=xxx, OU=xxx, CN=xxxxxx, emailAddress=xxxx
Certificate does not have key usage extension
VERIFY KU ERROR
OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
BIO read tls_read_plaintext error
TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
TCP/UDP: Closing socket

Could you please advice?
 
adroman
just joined
Posts: 15
Joined: Tue May 29, 2018 3:54 pm

Re: openvpn certicates problem

Tue Mar 29, 2022 5:51 pm

I have same problem. No resulution.
 
User avatar
MickeyT
Member Candidate
Member Candidate
Posts: 125
Joined: Tue Feb 18, 2020 7:06 am
Location: Australia

Re: openvpn certicates problem

Fri Apr 01, 2022 11:14 am

Can you, please, attach your RouterOS configuration and a sanitized (i.e.: remove all sensitive data) copy of your OpenVPN configuration file. Also, if you can post the specific commands (sanitized) you used when generating the certificate files with OpenSSL that would be helpful.

I have used RoS OpenVPN server with the OpenVPN client (Windows, Mac, Linux and mobile devices) without a problem but there are some specific items that aren't supported by MikroTik routers (yet) so your configuration needs to be adjusted accordingly.

Who is online

Users browsing this forum: hatred, holvoetn, VinceKalloe and 53 guests