OpenVPN

Server configuration

RouterOS as server

OpenVPN server configuration:

 /interface ovpn-server server 
 set auth=sha1,md5 certificate=router_cert \
 cipher=blowfish128,aes128,aes192,aes256 default-profile=your_profile \
 enabled=yes keepalive-timeout=disabled max-mtu=1500 mode=ip netmask=32 \
 port=1194 require-client-certificate=yes

Client configuration

Linux as client

This is a working client.conf file for the Linux OpenVPN client. The certificates are signed by CAcert.org.

 dev tun0
 proto tcp-client
 
 remote openvpn.example.com 1194 # Remote OpenVPN Servername or IP address
 
 ca   rootCA.cert
 cert client.cert
 key  client.key
 
 tls-client
 tls-remote openvpn.example.com # FQDN, the same as in the certificate
 
 port 1194 # necessary?
 
 user nobody
 group nogroup
 
 #comp-lzo # Do not use compression. It doesn't work with RouterOS (tested with 3.0rc9)
 
 # More reliable detection when a system loses its connection.
 ping 15
 ping-restart 45
 ping-timer-rem
 persist-tun
 persist-key
 
 # Silence  the output of replay warnings, which are a common false
 # alarm on WiFi networks.  This option preserves the  security  of
 # the replay protection code without the verbosity associated with
 # warnings about duplicate packets.
 mute-replay-warnings
 
 # Verbosity level.
 # 0 = quiet, 1 = mostly quiet, 3 = medium output, 9 = verbose
 verb 3
 
 cipher AES-256-CBC
 auth SHA1
 pull
 
 auth-user-pass auth.conf 

The file auth.conf holds your username/password combination. On the first line must be the username and on the second line your password.

 username
 password

RouterOS as client

comming soon ...