mikrotik openvpn problem

Amin El-Zein
Amin El-Zein used Ask the Experts™
on
Hello,
I have OpenVPN server I try to set a mikrotik as client ….  but the connection not established.
for example I using this profile :
###############################
# FreeOpenVPN.Org config file #
# https://www.freeopenvpn.org #
###############################
dev tun
proto tcp
remote 136.25.x.x 1890
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
</key>

Open in new window

but it's not work ….
should I use user name and password ?
it there any configuration I should use it from server side ?
thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
You should try to read the log file. It should identify the main reason for connection failure.
It can also help if you run OpenVPN client on a PC for test, as that is usually easier to debug.

Author

Commented:
on pc it's work , on mikrotik it's get my duplicated packet dropping….
does mikrotik workout  password ?
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Duplicated packets? Which ones - establishing the connection or transferring data?
And why should "password" change anything?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
hello,
as I read on the other forums over internet , that the connection should have user name and password and it's not working without password.... in case we are using client cert.
thanks,
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
I don't know how mikrotik or freeOpenVPN manages its connections, but OpenVPN itself does not allow for providing user name and password in the config file. That only works if it uses a management connection, whose port then needs to be configured either on command line or in the config file (in short, as part of the client config).
And then you need to have user authentication as requirement on the server side.

So doing that adds complexity on both ends. I do not see any reason why it should work better with explicit authentication, and you cannot just decide if to use it or not - both ends need to be configured the same.

Author

Commented:
i give you an example of client configuration file that is not working on mikrotik … but in other profile it's work if the server required user and password.
thanks.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Commented:
Sorry, but you mix up concepts and configurations, and so I'm not able to understand what your issues are.

If the server requires a user and password, you need to provide it. If it does not, you do not. That one is simple. And it is not related to duplicate packets, as you wrote in #a42701348.

The Mikrotik OpenVPN Wiki at https://wiki.mikrotik.com/wiki/OpenVPN describes the command for starting a client with user authentication - if that is the solution here. Easy to check out.

Author

Commented:
Hello,
I think that you didn't understand me
I have OpenVPN access server …
I disbaled the tls authentication but mikrotik as client still not working and not connected... no error just P Control_ Hard Reeset V2
 so where the problem
?
could please give me the correct conf for openvpen access server and mikrotik ?
thanks.
hello,
the problem was because mk doesn't support tls AUTH
I add a chipper and auth parameter to open vpn access server and its work fine.
thanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial