Hello,
New to the forum o7.
I'm trying to setup a VPN connection using OpenVPN Connect for our remote employees to our secondary router that I just set up (Mikrotik Cloud Core).
It's my very first time trying to deal with something like this, so apologies in advance is something doesn't make sense.
I'm following https://wiki.mikrotik.com/wiki/Manual:C ... rtificates as a starting point for creating a Certificate Authority on the router using its public IP, a Server signed by the same CA and one Client - also signed by the same CA.
I've also gone to the router's PPP interface and made sure that "OpenVPN Server" is enabled and on the correct port (1194). Down that selection I've used "Certificate : Server" as the authentication method, which I'm not too sure of if it's correct still.
I went to the certificates and used "Export" on Server and Client and used a passphrase on the Client so it would generate a .key file - I was told that these three should suffice to make the connection between the OpenVPN Connect and my router.
I downloaded all three files on my desktop and edited them with Notepad+, copy pasted all the stuff in there onto my .ovpn file.
My .ovpn config file is like this :
client
dev tun
proto tcp-client
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
auth-nocache
mute 10
remote X.X.X.X
port 1194
auth SHA1
cipher AES-256-CBC
redirect-gateway def1
auth-user-pass credentials
<ca>
stuff goes here
</ca>
<cert>
stuff goes here
</cert>
<key>
stuff goes here
</key>
Using it like this gives a weird private key error message, so I went looking for a bit and it seems that I needed openssl to convert the .key file to a RSA format. I did that with cygwin and after all the shenanigans, I get
Peer Certificate Verification Failure.
I've been trying for a couple of days and failing horribly, is there anyone who has overlapping knowledge of Mikrotik Routers and OpenVPN Connect?
Novice sysadmin facing issues with Mikrotik router setup and ovpn configuration file.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Nov 17, 2021 1:50 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Nov 17, 2021 1:50 pm
Re: Novice sysadmin facing issues with Mikrotik router setup and ovpn configuration file.
On which line would this be? I've already added a line for authentication just before <ca>, which takes the credentials automatically from a file. Does --askpass serve another function?TinCanTech wrote: ↑Wed Nov 17, 2021 2:29 pmYou probably need to add --askpass to your client config.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Nov 17, 2021 1:50 pm
Re: Novice sysadmin facing issues with Mikrotik router setup and ovpn configuration file.
Thanks for the help because I did manage to make the VPN connection after reading some more in the two links provided.
For anyone looking at this post in the future, I learned that you import the CA.crt, the client.crt and the client.key values in the opvn config file. My mistake was that I was using Server.crt in the configuration, which isn't needed at all apparently.
For anyone looking at this post in the future, I learned that you import the CA.crt, the client.crt and the client.key values in the opvn config file. My mistake was that I was using Server.crt in the configuration, which isn't needed at all apparently.