Problem with Site-to-Site OpenVPN

az1984 · Thu Sep 21, 2017 4:50 pm

Hi,

I have a little problem with an OpenVPN setup.

In our central we have running a RB3011 as OpenVPN-Server. Clients can connect fine via PC or smartphone - works good so far.

Now I want to connect mikrotik routers on customer site via OpenVPN. I just followed the tutorial I found on the web and get an TLS failure on remote-site.

Server is configured:

/interface ovpn-server server
set certificate=server-certificate cipher=aes128,aes192 default-profile=OVPN \
    enabled=yes port=1195 require-client-certificate=yes

Client config is:

/interface ovpn-client
add auth=md5 certificate=cert_export_client01.crt_0 cipher=aes128 connect-to=\
    1.2.3.4  name= "client01" password=12345678 port=1195 user=client01

I'am using the same certificates who work with all other clients connecting to our RB3011.

Logging on the central side only tells me that there is an established TCP connection (on OpenVPN port), a few ovpn-packets and short after this tcp session is disconnected.

Anyone got some hints about that? Thx.

tangram · Mon Sep 25, 2017 11:14 am

TLS failure is usually certificate related. Make sure your cert on client has KT(import crt and key) and that cipher and encryption match.

az1984 · Tue Sep 26, 2017 10:57 am

Thanks for answer.

You are a right, but it is a little tricky. My client certificate did'nt hat the "K" in status. I tried to import the .key file (which was'nt written in the tutorial I used) but got an error. The trick is to rename the .key file to .pem and everything is working well.

Problem with Site-to-Site OpenVPN

Problem with Site-to-Site OpenVPN

Re: Problem with Site-to-Site OpenVPN

Re: Problem with Site-to-Site OpenVPN

Who is online