core icon indicating copy to clipboard operation
core copied to clipboard
verified publisher icon opnsense

Fix OpenVPN client config for MikroTik OpenVPN server

Open fabianfrz opened this issue 5 months ago • 3 comments

MikroTik provides OpenVPN with a very old OpenSSL version. If it is used as a server, the OPNsense version cannot be configured to connect to it as the required cipher cannot be selected on the web interface.

Also the form hides those entries from the user in the client configuration.

Also improve the UI slightly. Data Ciphers and Data Ciphers Fallback use different select styles currently, which makes it look strange.

fabianfrz avatar Aug 10 '25 07:08 fabianfrz

Why don't you use the aes256-gcm that mikrotik provides and openvpn recommends as default.

CBC doesn't provide authentication and has to be handled by mikrotik...

sopex avatar Aug 10 '25 14:08 sopex

@sopex depends on the ROS version maybe. The version of ROS 6 I am contacting, does not support GCM at all.

fabianfrz avatar Aug 10 '25 16:08 fabianfrz

@sopex depends on the ROS version maybe. The version of ROS 6 I am contacting, does not support GCM at all.

Yes, you are correct, it was added 2-3 years ago in 7 something. ;)

sopex avatar Aug 10 '25 16:08 sopex

Merged, thanks!

fichtner avatar Dec 17 '25 10:12 fichtner