From this setup for OpenVPN Server on Ubuntu 16.04..
We need to unbolt some of the security features of the server config for Mikrotik compatibility.
I guess this isn’t explained in bright colours on their wiki examples cos they’re not proud of not being up with latest crypto. Which is more annoying cos it took a day, where as getting the server online took 20 minutes on a digital ocean instructional.
I was able to actually just import my ovpn file into the Mikrotik WinBox ui, then import that into the certificates window.
Then the fun. Mikrotik doesn’t doesn’t support TLS auth.. apparently.. so we have to remove that, after changing to TCP.
# TCP or UDP server?
#tls-auth ta.key 0 # This file is secret
#commented for mikrotik
#commented this out for Mikrotik support
I actually spent ages trying to auth with the tls-auth left on, before realizing passwords arent required.. despite the mikrotik client demanding it.
#auth-user-pass-verify /etc/openvpn/script.sh via-file
I tried to run this script to get the server to authenticate for any user/password…
Before realizing that I had to disable the TLS Auth components, and downgrade the auth level to sha1. Then I can just use any username with no password on the client