This works for mikrotik - mikrotik tunneling, gentoo - mikrotik, mac - mikrotik and windows - mikrotik.
However, ubuntu - mikrotik returns "error=unsupported certificate purpose"
On gentoo I've tested client versions 2.4.2, 2.4.4 and 2.4.6. All works.
On ubuntu tested version is 2.4.4.
Both the mac and ubuntu got their config file copied from the gentoo client.
I suspect there is some default config on ubuntu that makes this client differ from the others. Does anyone have an idea of what needs to be done differently in ubuntu?
Client config
Code: Select all
dev tun
proto tcp-client
remote server.example.local 1194
tls-client
#user nobody
#group nogroup
ca /configs/etc/openvpn/cert_export_ovpn-ca.crt
#comp-lzo # Do not use compression.
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher BF-CBC
auth SHA1
pull
auth-user-pass /configs/etc/openvpn/auth.cfg
...
Code: Select all
TCP_CLIENT link remote: [AF_INET]xx.xx.xx.xx:1194
TLS: Initial packet from [AF_INET]xx.xx.xx.xx:1194, sid=f39e6cb9 1d26383b
VERIFY ERROR: depth=0, error=unsupported certificate purpose: CN=ovpn-ca
OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
Fatal TLS error (check_tls_errors_co), restarting
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 300 second(s)
mikrotik server config
...
Code: Select all
/interface ovpn-server server
set certificate=ovpn-ca cipher=blowfish128,aes128,aes192,aes256 default-profile=vpn-impact enabled=yes netmask=19