Re: [Mikrotik Users] OpenVPN w/ Mikrotik + OpenWrt

Roy Mon, 22 Dec 2014 12:15:35 -0800

I run OpenVPN and MIkrotik

Re port 1194. Add it to your firewall rules for Input chain. Port 1194 protocol TCP action Accept

Hope this helps.

Roy

On 12/22/2014 11:32 AM, Brian Wilson wrote:

Anyone out there working with OpenVPN + Mikrotik??

I am trying to set up OpenVPN on an OpenWRT (Barrier Breaker) client and connect to a Mikrotik (RouterOS 6.23) as the OpenVPN server.

Currently I am testing on virtual machines so that I can watch both sides of the conversations without cutting myself off. In deployment, this is the hardware I have right now, I can't substitute a second Mikrotik or OpenWRT box to make life easier.

One problem I see right off the bat is that the Mikrotik is listening on port 1194 but not on the WAN interface. I checked this by running port scans. That makes it pretty useless, but I can't see where to tell it what interface to listen on.

Another problem is that I can't see anyplace on OpenWRT to put an auth-user file or to specify the user/password.

OpenWRT client -- /etc/config/openvpn looks like this --

config openvpn 'cds-vpn'

option enabled '1'

option dev 'tun'

option proto 'udp'

option log '/tmp/openvpn.log'

option verb '3'

option ca '/etc/openvpn/ca.crt'

option cert '/etc/openvpn/buffalo.crt'

option key '/etc/openvpn/buffalo.key'

option client '1'

option remote_cert_tls 'server'

option remote '76.0.0.2 1194'

Mikrotik server --

[admin@MikroTik] /interface ovpn-server server> print

   enabled: yes

port: 1194

mode: ip

   netmask: 24

   mac-address: FE:BD:B7:57:BA:17

   max-mtu: 1500

   keepalive-timeout: disabled

   default-profile: ovpn_profile

   certificate: cert_1

require-client-certificate: no

auth: sha1,md5

cipher: blowfish128,aes128,aes192,aes256

/ppp profile print

Flags: * - default

0 * name="default" use-mpls=default use-compression=default use-vj-compression=default

   use-encryption=default only-_one_=default change-tcp-mss=yes address-list=""

1 name="ovpn_profile" local-address=10.8.0.1 remote-address=ovpn-pool use-mpls=default

   use-compression=default use-vj-compression=default use-encryption=required only-_one_=default

   change-tcp-mss=default address-list=""

2 * name="default-encryption" use-mpls=default use-compression=default use-vj-compression=default

   use-encryption=yes only-_one_=default change-tcp-mss=yes address-list=""

/ppp secret print

Flags: X - disabled

# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS

0 ovpn any mypasswd   default

/certificate print

Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked,

E - expired, T - trusted

# NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT

0 K T cert_1 rb750 DNS:rb750 6488f54c1996...

1 T cert_2 CDS Wireless CA email:[email protected] e5716f686e01...

I am using OpenVPN because I have used it with good results in the past with OpenWRT client and a Debian Linux based server. The client roams so it has to be able to build a tunnel from behind NAT gateways that I don't control.

(Generally I feel like Mikrotik RouterOS is an annoying mantle of proprietary obscurity over the basically straightforward Linux but I am heavily biased. :-) I feel the same way about Android. I have to use both Android and Mikrotik. But I digress.)

--

Brian Wilson

currently in Gold Beach, OR
_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users

_______________________________________________
Mikrotik-users mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/mikrotik-users

Re: [Mikrotik Users] OpenVPN w/ Mikrotik + OpenWrt

Reply via email to