So I have a little Hex with RouterOS updated to OS 7.13.2 that I wanted to use as a very simple low traffic OpenVPN client to a linux server I control.
I already have a separate certificate server.
I have several clients, both ipsec for routers, and Openvpn for mainly phones but some laptops too. I usually just import a ovpn conf file on the device and pretty well job done. I even managed to get my certificates installed on another Mikrotik router for ipsec - so not my first rodeo - but damned if I can do it now.
I first tried importing my certificates as either a bundle or individually but I couldn't import any beyond the CA cert.
I then tried the ovpn conf route with the certs embedded. All seems OK until the error:
I know my CRL is generated dynamically by calling a php file that generates the CRL on the fly. I suspect that may be the issue.
How on earth are you meant to get certificates in to the router? I have tried individually, bundled CA, key & cert as PEM and as bundled as a p12.
Arrghh - now get this when trying a ovpn import.
I would use ipsec but a) I can't import any certificates and b) the location has a router that is CG nat'd and ipsec won't play nice with it.
Just tried to login to my Mikrotik support account but can't remember the password. OK send password reset to the email address which has mails from last summer. Nada. Create account. Account with that email exists. FML.
Please don't suggest getting some paid support. I tried that before and had a very bad experience with it.....![:-(]( "Sad")
(Professionals who are making more money from teaching other people than actually fixing stuff so when push comes to shove in the real world they are stuck and can't actually fix it.... I digress)
Any advice appreciated. I keep coming back and trying Mikrotiks, and then remember why I gave up and went elsewhere again - this should be easy, and is on other stuff i have.
OpenWRT starting to look nice again......![;-)]( "Wink")
I already have a separate certificate server.
I have several clients, both ipsec for routers, and Openvpn for mainly phones but some laptops too. I usually just import a ovpn conf file on the device and pretty well job done. I even managed to get my certificates installed on another Mikrotik router for ipsec - so not my first rodeo - but damned if I can do it now.
I first tried importing my certificates as either a bundle or individually but I couldn't import any beyond the CA cert.
I then tried the ovpn conf route with the certs embedded. All seems OK until the error:
unsupported CRL protocol for URL
I know my CRL is generated dynamically by calling a php file that generates the CRL on the fly. I suspect that may be the issue.
How on earth are you meant to get certificates in to the router? I have tried individually, bundled CA, key & cert as PEM and as bundled as a p12.
Arrghh - now get this when trying a ovpn import.
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)
I would use ipsec but a) I can't import any certificates and b) the location has a router that is CG nat'd and ipsec won't play nice with it.
Just tried to login to my Mikrotik support account but can't remember the password. OK send password reset to the email address which has mails from last summer. Nada. Create account. Account with that email exists. FML.
Please don't suggest getting some paid support. I tried that before and had a very bad experience with it.....
(Professionals who are making more money from teaching other people than actually fixing stuff so when push comes to shove in the real world they are stuck and can't actually fix it.... I digress)
Any advice appreciated. I keep coming back and trying Mikrotiks, and then remember why I gave up and went elsewhere again - this should be easy, and is on other stuff i have.
OpenWRT starting to look nice again......
Statistics: Posted by reetp — Thu Jan 25, 2024 2:39 am