I have issues with ovpn server running on Mikrotik - like tons of other people here as I saw, but here it was a perfectly working ovpn server for years, while running ROS6 up to 6.48.6. Unfortunately I thought it was safe to upgrade now and I have updated it to ROS 7.8 a few days ago - well, it was not.
Code: Select all
OVPN server:
enabled: yes
port: 1194
mode: ip
protocol: tcp
netmask: 24
mac-address: xxx
max-mtu: 1500
keepalive-timeout: 60
default-profile: profile1-ovpn
certificate: xxx.crt_0
require-client-certificate: yes
tls-version: any
auth: sha1
cipher: aes256-cbc
reneg-sec: 3600
redirect-gateway: disabled
enable-tun-ipv6: no
tun-server-ipv6: ::
ipv6-prefix-len: 64
ovpn config file:
client
dev tun
proto tcp-client
remote xx.xx.xx.xx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ca xx.crt
cert xx.crt
key xx,key
remote-cert-tls server
tls-client
cipher AES-256-CBC
auth SHA1
auth-user-pass xx.conf
pull
verb 5
auth-nocache
remote-cert-eku "TLS Web Server Authentication"
tls-version-min 1.2
certificates:
log errors:Flags: K - PRIVATE-KEY; T - TRUSTED
Columns: NAME, COMMON-NAME, FINGERPRINT
# NAME COMMON-NAME FINGERPRINT
0 KT xx.crt_0
1 T xxx.crt_0
It was pretty common V6 setup with SHA1/AES-256-cbc, tcp, working like a charm. First, after the upgrade to 7.8, I received "TLS error: ssl: unsupported certificate algo (6)". If I enable sha256 in ovpn settings, it changes to "TLS failed" - but still no luck. I tried to allow all auth/cipher options except the gcm versions, but it is the same.<xx.xx.xx.xx>: disconnected <TLS failed>
Now the important question - what the hell has happened in ROS7, that it destroyed a working ovpn server? Mikrotik ignores all the ovpn posts.. thank you for any suggestions