connect to mkt openvpn server

intro

mkt openvpn is older so we are adapting

this client config works

openvpn --version # 2.5.5

only tcp is supported by mkt openvpn

install

    apt install openvpn

req

make sure the server is available either by TCP or UDP

    nmap -sTUV -T4 -p 1194 VPN-SERVER

setup

we are using login/password and not PKI client certificate. there’s no compression enabled (comp-lzo). we are using data-ciphers-fallback. the route is manually forced.

openvpn --show-ciphers | grep AES

vi USER.ovpn

dev tun
proto tcp-client

remote REMOTE-SERVER-ADDRESS-HERE 1194

tls-client

user nobody
group nogroup

ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key

mute-replay-warnings

verb 3

ca localca.crt
cert USER.crt
key USER.key

cipher AES-256-CBC
#data-ciphers-fallback AES-256-CBC
auth SHA1
pull
route 192.168.100.0 255.255.255.0 192.168.87.254

auth-user-pass USER.cfg
auth-nocache

and setup the auth file

vi USER.cfg

openvpn-USER
PASSWORD-HERE

ready to go

connect to the mkt openvpn server

openvpn --config USER.ovpn

(enter passphrase to unlock the privkey)

check the route to reach the mkt local bridge

route -n
ping 192.168.100.1
nmap -p 80,2222,8443 192.168.100.1

resources

https://forum.mikrotik.com/viewtopic.php?t=116774

http://openvpn.net/howto.html#mitm

https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-android-keychain/

Настройка VPN через MikroTik - OpenVPN https://lantorg.com/article/nastrojka-vpn-cherez-mikrotik-openvpn

OpenVPN With Mikrotik Not As Primary Router https://forum.mikrotik.com/viewtopic.php?t=184237 –> nice config


HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun