OpenVPN for Mikrotik client

From this setup for OpenVPN Server on Ubuntu 16.04..

We need to unbolt some of the security features of the server config for Mikrotik compatibility… took some tinkering to solve this

I just dragged my ovpn file into the Mikrotik WinBox files window, then imported that into the certificates window.

Then the fun. Mikrotik doesn’t doesn’t support TLS auth.. apparently.. so we have to remove that, after changing to TCP.

Changes in the server config:
# TCP or UDP server?
proto tcp
;proto udp
#tls-auth ta.key 0 # This file is secret
#key-direction 0


;comp-lzo

;auth SHA256 #default is sha1
#commented this out for Mikrotik support

I actually spent ages trying to auth with the tls-auth left on, before realizing passwords arent required.. despite the mikrotik client demanding it.
#auth-user-pass-verify /etc/openvpn/script.sh via-file

I tried to run this script to get the server to authenticate for any user/password…

#!/bin/bash
exit 0

Before realizing that I had to disable the TLS Auth components, and downgrade the auth level to sha1. Then I can just use any username with no password on the client interface.
The client config file settings aren’t so significant, as mikrotik will just use the certs and seemingly nothing else

I couldn’t actually get this server config to work on a windows client, which in itself isn’t a big deal.

3 Replies to “OpenVPN for Mikrotik client”

  1. Great post although Im still struggling with mikrotik

    Did you use the .ovpn on mikrotik or import all the files?

    Could you do an end to end post and include the complete server.conf and client.conf

    1. I just drag and dropped the .ovpn file to the router files window. This is then selected as a cert in the VPN interface

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.