Avatar of Amin El-Zein
Amin El-Zein
 asked on

mikrotik openvpn problem

Hello,
I have OpenVPN server I try to set a mikrotik as client ….  but the connection not established.
for example I using this profile :
###############################
# FreeOpenVPN.Org config file #
# https://www.freeopenvpn.org #
###############################
dev tun
proto tcp
remote 136.25.x.x 1890
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
</key>

Open in new window

but it's not work ….
should I use user name and password ?
it there any configuration I should use it from server side ?
thanks.
VPN

Avatar of undefined
Last Comment
Amin El-Zein

8/22/2022 - Mon
Qlemo

You should try to read the log file. It should identify the main reason for connection failure.
It can also help if you run OpenVPN client on a PC for test, as that is usually easier to debug.
Amin El-Zein

ASKER
on pc it's work , on mikrotik it's get my duplicated packet dropping….
does mikrotik workout  password ?
Qlemo

Duplicated packets? Which ones - establishing the connection or transferring data?
And why should "password" change anything?
Your help has saved me hundreds of hours of internet surfing.
fblack61
Amin El-Zein

ASKER
hello,
as I read on the other forums over internet , that the connection should have user name and password and it's not working without password.... in case we are using client cert.
thanks,
Qlemo

I don't know how mikrotik or freeOpenVPN manages its connections, but OpenVPN itself does not allow for providing user name and password in the config file. That only works if it uses a management connection, whose port then needs to be configured either on command line or in the config file (in short, as part of the client config).
And then you need to have user authentication as requirement on the server side.

So doing that adds complexity on both ends. I do not see any reason why it should work better with explicit authentication, and you cannot just decide if to use it or not - both ends need to be configured the same.
Amin El-Zein

ASKER
i give you an example of client configuration file that is not working on mikrotik … but in other profile it's work if the server required user and password.
thanks.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Qlemo

Sorry, but you mix up concepts and configurations, and so I'm not able to understand what your issues are.

If the server requires a user and password, you need to provide it. If it does not, you do not. That one is simple. And it is not related to duplicate packets, as you wrote in #a42701348.

The Mikrotik OpenVPN Wiki at https://wiki.mikrotik.com/wiki/OpenVPN describes the command for starting a client with user authentication - if that is the solution here. Easy to check out.
Amin El-Zein

ASKER
Hello,
I think that you didn't understand me
I have OpenVPN access server …
I disbaled the tls authentication but mikrotik as client still not working and not connected... no error just P Control_ Hard Reeset V2
 so where the problem
?
could please give me the correct conf for openvpen access server and mikrotik ?
thanks.
ASKER CERTIFIED SOLUTION
Amin El-Zein

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question