MikroTik

Trying to get openvpn working in my test network

I believe my immediate problem is that I have an "invalid"
entry in /ip address

[admin@sch-mt] /ip address> print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 ;;; LAN
172.25.1.1/24 172.25.1.0 172.25.1.255 bridge1
1 ;;; DMZ
172.25.2.1/24 172.25.2.0 172.25.2.255 ether4
2 I 172.25.0.1/24 172.25.0.0 172.25.0.255 ovpn
3 D 192.168.1.143/24 192.168.1.0 192.168.1.255 ether5

[admin@sch-mt] /ip address> export
# aug/14/2009 11:10:06 by RouterOS 3.27
# software id = EXBR-SH28
#
/ip address
add address=172.25.1.1/24 broadcast=172.25.1.255 comment=LAN disabled=no \
interface=bridge1 network=172.25.1.0
add address=172.25.2.1/24 broadcast=172.25.2.255 comment=DMZ disabled=no \
interface=ether4 network=172.25.2.0
add address=172.25.0.1/24 broadcast=172.25.0.255 comment="" disabled=no \
interface=ovpn network=172.25.0.0
[admin@sch-mt] /ip address>


Here's the interface

[admin@sch-mt] /interface ovpn-server> print
Flags: X - disabled, D - dynamic, R - running
# NAME USER MTU CLIENT-ADDRESS UPTIME ENCODING
0 ovpn
[admin@sch-mt] /interface ovpn-server> export
# aug/14/2009 11:08:26 by RouterOS 3.27
# software id = EXBR-SH28
#
/interface ovpn-server
add comment="" disabled=no name=ovpn user=""
/interface ovpn-server server
set auth=sha1,md5 certificate=sch-server cipher=blowfish128,aes128 \
default-profile=ovpn-server enabled=yes keepalive-timeout=60 \
mac-address=FE:AD:65:0B:07:5D max-mtu=1500 mode=ip netmask=24 port=1194 \
require-client-certificate=no
[admin@sch-mt] /interface ovpn-server>



removed sesitive info from certificate output
certificates were built using easy-rsa/2.0

[admin@sch-mt] /certificate> print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 KR name="sch-server" subject=C=US,ST=...,L=...,O=...,
CN=sch-server,emailAddress=...
issuer=...,ST=...,L=...,O=...,CN=ca,
emailAddress=...
serial-number="02" email=...
invalid-before=aug/10/2009 16:59:04 invalid-after=aug/08/2019 16:59:04
ca=yes

1 KR name="sch-client" subject=C=US,ST=...,L=...,O=...,
CN=sch-client,emailAddress=...
issuer=...,ST=...,L=...,O=...,CN=ca,
emailAddress=...
serial-number="06" email=...
invalid-before=aug/10/2009 17:00:19 invalid-after=aug/08/2019 17:00:19
ca=yes

2 D name="ca" subject=C=US,ST=...,L=...,O=...,CN=ca,
emailAddress=...
issuer=C=US,ST=...,L=...,O=...,CN=ca,
emailAddress=...
serial-number="EC9A16A29731395A" email=...
invalid-before=aug/10/2009 16:58:40 invalid-after=aug/08/2019 16:58:40
ca=yes
[admin@sch-mt] /certificate>



[admin@sch-mt] /ppp profile> print
Flags: * - default
0 * name="default" use-compression=default use-vj-compression=default
use-encryption=default only-one=default change-tcp-mss=yes

1 name="ovpn-server" local-address=172.25.0.160 remote-address=sch-ovpn
use-compression=default use-vj-compression=default
use-encryption=required only-one=default change-tcp-mss=default

2 * name="default-encryption" use-compression=default
use-vj-compression=default use-encryption=yes only-one=default
change-tcp-mss=yes
[admin@sch-mt] /ppp profile> export
# aug/14/2009 12:00:16 by RouterOS 3.27
# software id = EXBR-SH28
#
/ppp profile
set default change-tcp-mss=yes comment="" name=default only-one=default \
use-compression=default use-encryption=default use-vj-compression=default
add change-tcp-mss=default comment="" local-address=172.25.0.160 name=\
ovpn-server only-one=default remote-address=sch-ovpn use-compression=\
default use-encryption=required use-vj-compression=default
set default-encryption change-tcp-mss=yes comment="" name=default-encryption \
only-one=default use-compression=default use-encryption=yes \
use-vj-compression=default
[admin@sch-mt] /ppp profile>

So can anyone explain why the /ip address entry
is invalid and tell me how to make it valid?

Address is invalid because ovpn tunnel is not running. When tunnel is be established then it will show up as valid address.
Anyway you have to configure local and remote IP's in ppp configuration. When ovpn tunnel is established those addresses are added to address table.