MikroTik

I have installed the OpenVPN server on my RB. However I cannot connect from a remote win7 PC. I tested it with a win8 PC, same thing. The issue might be with the OpenVPN client on windows, since when I push connect, it shows an empty window for about a minute . Then it gives an error window: Connection to VPNserver has failed. It does not even create a log file!

Yes I run the OpenVPN GUI as administrator.

What can be the problem?

Mikrotik only supports TCP for OpenVPN.

When using OpenVPN software, default is UDP. In your client.opvn on Windows you have to set it to TCP and turn off compression (mikrotik's don't support compression in OpenVPN).

You also have to use a username and password with mikrotik and not just client side certs. And the cert the Mikrotik OpenVPN server is using must be trusted by OpenVPN on the windows machine.

In your client.ovpn on Windows you can set to the Verbose setting higher/lower to change how much info is written to the log.

Here is my ovpn (config) file:
----
client
dev tap
proto tcp-client
<connection>
remote remote.domain.domain 1194
</connection>
resolv-retry infinite
nobind
persist-key
persist-tun
ca clienttrusted.crt
ping 15
ping-restart 45
ping-timer-rem
mute-reply-warnings
verb 3
auth-user-pass user.cfg
redirect-gateway
------
Since I get zero error message and no log file is written, I suspect that this should be a client side issue. As I wrote, I run Open GUI with administrator prviligies.

Change verb to 6, it should output debug info.

In the Mikrotik OVPN server, your mode should be ethernet. ethernet=tap, ip=tun

Also don't forget to add an input firewall rule on the Mikrotik. Chain=input, accept tcp port 1194

not sure about this, but when using the gui the log may be redirected to the gui window and not written to disk.

I changed verb to 6, same result: no log file, no message in the window. Only a message in a pop-up window: Connecting to gaal has failed.

Could it be a win7 rights issue? I run OpenGUI as supervisior...

I think it should work when run under elevated privileges. You could run it as a service to see if it outputs to the log file.

Do you have the firewall rule set up on your Mikrotik to allow the incoming connection? It counts the packets that applied to the rule. Each time you try and connect, it should increment the packet count. If it doesn't then either the firewall rule is incorrect or your OpenVPN isn't actually connecting out.

If you run Wireshark on your PC and then try and connect the OpenVPN, that'll tell you if it's sending packets out.

Yes, I do have firewall rule chain=input, accept tcp port 1194...
Count is 0B 0

Next step is to run Wireshark on your PC, see if OpenVPN is even trying to connect out.

Finally, I installed wireshark. Nothing is leaving my PC... Obviously a windows client problem.