Hi!
Today i set up Mikrotik device as OpenVPN client for PFSense gateway.
All is ok, but i have one trouble - tls-auth.
When i choose "Enable authentication of TLS packets." in PFSense, Mikrotik not connecting.
What wrong?

Mikrotik config: PFSense log: How i can use PFSense tls.key?

Hi ZZerg,

Can you share your settings on Pfsense and mikrotik with just dummy ip address and will try to resolve your problem. we can exchange email : jollyrecto@gmail.com...I have experience on pfsense wiht openvpn but none on mikrotik..

thanks.


//jollyr

I am also trying to do this, I have quite a few pfsense VPN's that use IPSEC and I'd like to switch them all over to open vpn and connect the mikrotik vpn's to the main pfsense as well.

I am also trying to do this, I have quite a few pfsense VPN's that use IPSEC and I'd like to switch them all over to open vpn and connect the mikrotik vpn's to the main pfsense as well.

This might come a little late but ...

Things that got me up and running(on the microtik hAPs):

1) Import certificate is relatively standard (.crt) I also imported CA, not sure it's needed.
2) Import key should be done in pem format "openssl rsa -in cert-key.key -out cert-key.pem" + import is necessary not automated, you should see KT in front of cert after successful import.
3) compression(no pref) on pf.
4) tcp not udp.
5) match crypto params AES-128 + SHA1 or anything else.
6) last but not least profile with local + remote IP in PPP menu.

Hope this helps

Kind regards

I am also trying to do this, I have quite a few pfsense VPN's that use IPSEC and I'd like to switch them all over to open vpn and connect the mikrotik vpn's to the main pfsense as well.

This might come a little late but ...

Things that got me up and running(on the microtik hAPs):

1) Import certificate is relatively standard (.crt) I also imported CA, not sure it's needed.
2) Import key should be done in pem format "openssl rsa -in cert-key.key -out cert-key.pem" + import is necessary not automated, you should see KT in front of cert after successful import.
3) compression(no pref) on pf.
4) tcp not udp.
5) match crypto params AES-128 + SHA1 or anything else.
6) last but not least profile with local + remote IP in PPP menu.

Hope this helps

Kind regards

Thank you for the advise! I'll give it a call when I get things setup again, I gave up a while ago due to lack of success.

I have a working Mikrotik to pfSense tunnel via OpenVPN working. This is not a full guide but here are some steps to help you:


You must set up the VPN server on pfSense's side using the "Remote Access (User Auth)" Server Mode. The reason for this is that Mikrotik requires usernames/passwords for OpenVPN operation. So you will need to add VPN users to pfSense's side and use the login(s) from the Mikrotik device. Im not going to cover SSL + User Auth as that will just add complexity right now.

TLS authentication (Static keys) is not supported in RouterOS right now. Unfortuantely this restricts from being able to use the peer-to-peer modes directly You need to ensure the "Enable authentication of TLS packets" is unchecked on pfSense.

Due to constraints in this mode, you must use /29 for your ipv4 tunnel network. Make sure you check "Allocate only one IP per client" in the topology section

You will need to ensure the CA cert generated (if one doesnt exist you will need it for Remote Access mode) is imported into your Mikrotik device. Note, you do NOT set this as the certificate in the Mikrotik OpenVPN client interface