We help IT Professionals succeed at work.

mikrotik openvpn problem

Amin El-Zein
Amin El-Zein asked
on
2,841 Views
Last Modified: 2018-10-10
Hello,
I have OpenVPN server I try to set a mikrotik as client ….  but the connection not established.
for example I using this profile :
###############################
# FreeOpenVPN.Org config file #
# https://www.freeopenvpn.org #
###############################
dev tun
proto tcp
remote 136.25.x.x 1890
cipher AES-128-CBC
auth SHA1
resolv-retry infinite
nobind
persist-key
persist-tun
client
verb 3
<ca>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
</key>

Open in new window

but it's not work ….
should I use user name and password ?
it there any configuration I should use it from server side ?
thanks.
Comment
Watch Question

Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
You should try to read the log file. It should identify the main reason for connection failure.
It can also help if you run OpenVPN client on a PC for test, as that is usually easier to debug.

Author

Commented:
on pc it's work , on mikrotik it's get my duplicated packet dropping….
does mikrotik workout  password ?
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Duplicated packets? Which ones - establishing the connection or transferring data?
And why should "password" change anything?

Author

Commented:
hello,
as I read on the other forums over internet , that the connection should have user name and password and it's not working without password.... in case we are using client cert.
thanks,
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
I don't know how mikrotik or freeOpenVPN manages its connections, but OpenVPN itself does not allow for providing user name and password in the config file. That only works if it uses a management connection, whose port then needs to be configured either on command line or in the config file (in short, as part of the client config).
And then you need to have user authentication as requirement on the server side.

So doing that adds complexity on both ends. I do not see any reason why it should work better with explicit authentication, and you cannot just decide if to use it or not - both ends need to be configured the same.

Author

Commented:
i give you an example of client configuration file that is not working on mikrotik … but in other profile it's work if the server required user and password.
thanks.
Qlemo"Batchelor", Developer and EE Topic Advisor
CERTIFIED EXPERT
Top Expert 2015

Commented:
Sorry, but you mix up concepts and configurations, and so I'm not able to understand what your issues are.

If the server requires a user and password, you need to provide it. If it does not, you do not. That one is simple. And it is not related to duplicate packets, as you wrote in #a42701348.

The Mikrotik OpenVPN Wiki at https://wiki.mikrotik.com/wiki/OpenVPN describes the command for starting a client with user authentication - if that is the solution here. Easy to check out.

Author

Commented:
Hello,
I think that you didn't understand me
I have OpenVPN access server …
I disbaled the tls authentication but mikrotik as client still not working and not connected... no error just P Control_ Hard Reeset V2
 so where the problem
?
could please give me the correct conf for openvpen access server and mikrotik ?
thanks.
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.