Mikrotik-OVPN server vs iOS client, Please HELP!

Post Reply
J
OpenVpn Newbie
Posts: 1
Joined: Thu Jul 20, 2017 1:37 pm

Mikrotik-OVPN server vs iOS client, Please HELP!

Post by J » Thu Jul 20, 2017 2:16 pm

Dear All!

Please help with configuration openVPN on Mikrotik+iOS

I follow this instruction
http://techiezone.rottigni.net/2016/09/ ... nt-page-1/
and got everything worked on my Mac+TunnelBlick

For first, on iOS, i have following problem:
2017-07-17 16:47:38 ----- OpenVPN Start -----
OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-07-17 16:47:38 Frame=512/2048/512 mssfix-ctrl=1250
2017-07-17 16:47:38 EVENT: CORE_ERROR PolarSSL: error parsing config private key : PKCS5 - Requested encryption or digest alg not available [ERR]
2017-07-17 16:47:38 Raw stats on disconnect:
2017-07-17 16:47:38 Performance stats on disconnect:
CPU usage (microseconds): 7069
Network bytes per CPU second: 0
Tunnel bytes per CPU second: 0
2017-07-17 16:47:38 EVENT: DISCONNECT_PENDING
2017-07-17 16:47:38 ----- OpenVPN Stop -----


To use .key file on ios, i convert them by commands:

From a shell, to decrypt the key (remove the passphrase):
openssl rsa -in [key-encrypted-old].key -out [key-unencrypted].key

To re-encrypt the key w. T-DES:
openssl rsa -in [key-unencrypted].key -des3 -out [key-encrypted-new].key

And it was solved.

And now i get next error.

2017-07-17 17:47:42 VERIFY OK: depth=0
cert. version : 3
serial number : 09:07:E5:64:03:9B:66:EA
issuer name : CN=RoarinCA
subject name : CN=RoarinCA
issued on : 2017-07-17 06:13:33
expires on : 2018-07-17 06:13:33
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
key usage : Key Cert Sign, CRL Sign

2017-07-17 17:47:42 Client exception in transport_recv_excode: PolarSSL: SSL read error : SSL - Processing of the Certificate handshake message failed
2017-07-17 17:47:42 Client terminated, restarting in 2000 ms...
2017-07-17 17:47:44 EVENT: RECONNECTING
2017-07-17 17:47:44 EVENT: RESOLVE
2017-07-17 17:47:44 Contacting 85.95.153.209:1194 via TCP
2017-07-17 17:47:44 EVENT: WAIT
2017-07-17 17:47:44 SetTunnelSocket returned 1
2017-07-17 17:47:44 Connecting to [85.95.153.209]:1194 (85.95.153.209) via TCPv4
2017-07-17 17:47:44 EVENT: CONNECTING
2017-07-17 17:47:45 Tunnel Options:V4,dev-type tun,link-mtu 1559,tun-mtu 1500,proto TCPv4_CLIENT,cipher AES-256-CBC,auth SHA1,keysize 256,key-method 2,tls-client
2017-07-17 17:47:45 Creds: Username/Password
2017-07-17 17:47:45 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2

I can send my .ovpn file

Pleasssseeee HELP

Best Regards,
Sergey L. Mityurev

roger.hermes
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 28, 2017 8:51 pm

Re: Mikrotik-OVPN server vs iOS client, Please HELP!

Post by roger.hermes » Mon Jul 31, 2017 10:50 am

i'm getting exactly the same error...
if i use the client certificate and enable the option askpass on ovpn file, then i get the error

"PolarSSL: error parsing config private key : PKCS5 - Requested encryption or digest alg not available [ERR]"

But if i Disable the option AskPass and remove the client cert, i get this another error:

"Client exception in transport_recv_excode: PolarSSL: SSL read error : SSL - Processing of the Certificate handshake message failed"

Please heellp!

roger.hermes
OpenVpn Newbie
Posts: 2
Joined: Fri Jul 28, 2017 8:51 pm

Re: Mikrotik-OVPN server vs iOS client, Please HELP!

Post by roger.hermes » Tue Dec 26, 2017 5:15 pm

I was able to solve the problem.
In short, they were the sum of several small errors ...
the main thing was to find out that the certificate key needs to be decrypted with OpenSSL.
I had to locate an installer for windows to be able to do this. Later I will post a tutorial on how I did the configuration of my MK and the .OVPN configuration file.

for any questions, 14905rlh (@) gmail.com

Post Reply