mkt openvpn is older so we are adapting
this client config works
openvpn --version # 2.5.5
only tcp is supported by mkt openvpn
apt install openvpn
make sure the server is available either by TCP or UDP
nmap -sTUV -T4 -p 1194 VPN-SERVER
we are using login/password and not PKI client certificate.
there’s no compression enabled (comp-lzo
).
we are using data-ciphers-fallback
.
the route is manually forced.
openvpn --show-ciphers | grep AES vi USER.ovpn dev tun proto tcp-client remote REMOTE-SERVER-ADDRESS-HERE 1194 tls-client user nobody group nogroup ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key mute-replay-warnings verb 3 ca localca.crt cert USER.crt key USER.key cipher AES-256-CBC #data-ciphers-fallback AES-256-CBC auth SHA1 pull route 192.168.100.0 255.255.255.0 192.168.87.254 auth-user-pass USER.cfg auth-nocache
and setup the auth file
vi USER.cfg openvpn-USER PASSWORD-HERE
connect to the mkt openvpn server
openvpn --config USER.ovpn (enter passphrase to unlock the privkey)
check the route to reach the mkt local bridge
route -n ping 192.168.100.1 nmap -p 80,2222,8443 192.168.100.1
https://forum.mikrotik.com/viewtopic.php?t=116774
http://openvpn.net/howto.html#mitm
https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-android-keychain/
Настройка VPN через MikroTik - OpenVPN https://lantorg.com/article/nastrojka-vpn-cherez-mikrotik-openvpn
OpenVPN With Mikrotik Not As Primary Router https://forum.mikrotik.com/viewtopic.php?t=184237 –> nice config