From this setup for OpenVPN Server on Ubuntu 16.04..
We need to unbolt some of the security features of the server config for Mikrotik compatibility… took some tinkering to solve this
I just dragged my ovpn file into the Mikrotik WinBox files window, then imported that into the certificates window.
Then the fun. Mikrotik doesn’t doesn’t support TLS auth.. apparently.. so we have to remove that, after changing to TCP.
Changes in the server config:
# TCP or UDP server?
#tls-auth ta.key 0 # This file is secret
;auth SHA256 #default is sha1
#commented this out for Mikrotik support
I actually spent ages trying to auth with the tls-auth left on, before realizing passwords arent required.. despite the mikrotik client demanding it.
#auth-user-pass-verify /etc/openvpn/script.sh via-file
I tried to run this script to get the server to authenticate for any user/password…
Before realizing that I had to disable the TLS Auth components, and downgrade the auth level to sha1. Then I can just use any username with no password on the client interface.
The client config file settings aren’t so significant, as mikrotik will just use the certs and seemingly nothing else
I couldn’t actually get this server config to work on a windows client, which in itself isn’t a big deal.