openvpn_inc wrote: ↑Fri Jan 07, 2022 5:59 pm
Hello boehamian,
Probably with Mikrotik you're better off using the OpenVPN GUI open source program that comes with OpenVPN 2.5.5 available in the community downloads on our website. But probably that won't work either given your particular error message. Mikrotik's OpenVPN implementation is a bit... interesting.
Regarding the error message, is it possible the private key you got is not in the format that follows this pattern?
-----BEGIN PRIVATE KEY-----
(lots of random text here)
-----END PRIVATE KEY-----
If it says -----BEGIN ENCRYPTED PRIVATE KEY----- (with the ENCRYPTED part in there) you might want to try decrypting that key first before using it.
Good luck,
Johan
thanks mate much appreciated. Had a look at the key file and it has that exact layout you speak of. Would it be worth not encrypting the client certificate? If so is there anything I have to put in the OVPN profile file that tells it not to look for an encryption key?
Have changed over to the other software as you suggested. Not sure where I connect the other version from.
This was the error log I got when I tried to connect
Sat Jan 8 11:34:11 2022 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Sat Jan 8 11:34:11 2022 Current Parameter Settings:
Sat Jan 8 11:34:11 2022 config = 'Client.ovpn'
Sat Jan 8 11:34:11 2022 mode = 0
Sat Jan 8 11:34:11 2022 show_ciphers = DISABLED
Sat Jan 8 11:34:11 2022 show_digests = DISABLED
Sat Jan 8 11:34:11 2022 show_engines = DISABLED
Sat Jan 8 11:34:11 2022 genkey = DISABLED
Sat Jan 8 11:34:11 2022 genkey_filename = '[UNDEF]'
Sat Jan 8 11:34:11 2022 key_pass_file = '[UNDEF]'
Sat Jan 8 11:34:11 2022 show_tls_ciphers = DISABLED
Sat Jan 8 11:34:11 2022 NOTE: --mute triggered...
Sat Jan 8 11:34:11 2022 292 variation(s) on previous 10 message(s) suppressed by --mute
Sat Jan 8 11:34:11 2022 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
Sat Jan 8 11:34:11 2022 Windows version 10.0 (Windows 10 or greater) 64bit
Sat Jan 8 11:34:11 2022 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
Sat Jan 8 11:34:11 2022 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jan 8 11:34:11 2022 Need hold release from management interface, waiting...
Sat Jan 8 11:34:11 2022 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'state on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'log all on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'echo all on'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'bytecount 5'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'hold off'
Sat Jan 8 11:34:12 2022 MANAGEMENT: CMD 'hold release'
Sat Jan 8 11:34:16 2022 MANAGEMENT: CMD 'password [...]'
Sat Jan 8 11:34:16 2022 OpenSSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
Sat Jan 8 11:34:16 2022 OpenSSL: error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
Sat Jan 8 11:34:16 2022 OpenSSL: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
Sat Jan 8 11:34:16 2022 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Sat Jan 8 11:34:16 2022 Cannot load private key file client.key
Sat Jan 8 11:34:16 2022 SIGUSR1[soft,private-key-password-failure] received, process restarting
Sat Jan 8 11:34:16 2022 MANAGEMENT: >STATE:1641607456,RECONNECTING,private-key-password-failure,,,,,
Sat Jan 8 11:34:16 2022 Restart pause, 5 second(s)
Sat Jan 8 11:34:29 2022 MANAGEMENT: CMD 'password [...]'
Sat Jan 8 11:34:29 2022 OpenSSL: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
Sat Jan 8 11:34:29 2022 OpenSSL: error:23077074:PKCS12 routines:PKCS12_pbe_crypt:pkcs12 cipherfinal error
Sat Jan 8 11:34:29 2022 OpenSSL: error:2306A075:PKCS12 routines:PKCS12_item_decrypt_d2i:pkcs12 pbe crypt error
Sat Jan 8 11:34:29 2022 OpenSSL: error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib
Sat Jan 8 11:34:29 2022 Cannot load private key file client.key
Sat Jan 8 11:34:29 2022 SIGUSR1[soft,private-key-password-failure] received, process restarting
Sat Jan 8 11:34:29 2022 MANAGEMENT: >STATE:1641607469,RECONNECTING,private-key-password-failure,,,,,
Sat Jan 8 11:34:29 2022 Restart pause, 5 second(s)
Again, like I said, a bit new to this so slowly working it out