Troubleshooting OpenVPN Server issues on a MikroTik CHR
In this article you can find how to resolve any issues that might occur while setting up your OpenVPN server in one of our MikroTik CHR plans.
Problem: Authentication Failed: user <username> authentication failed
Cause: Incorrect PPP secret credentials
Solution: Make sure that the PPP secrets are right.
Check the ones set in the CHR by going in PPP>Secrets. Make sure that the account is set either to all or ovpn.
Check either the file containing the secrets, usually the secrets file, or check the embeded credentials in the .ovpn file in the <auth-user-pass> brackets.
Re-import the .ovpn file if changed.
Problem: Connection Failed: PKey::parse_pem: error in private key:: error 1C80064::Provider routines::bad decrypt....
Cause: Incorrect client private key password
Solution: If the password is forgotten, go to Certificates and export the client certificate again. then reimport the .ovpn configuration with the new client certificate set
Problem: PKCS12 Import Error: An error occured during encode or decode operation
Cause: Possible bug while parsing the .ovpn configuration file, the imported file might have the .OVPN extension in all caps
Solution: Rename your .ovpn file's extension with all letters small. Another possible solution might be to recreate the .ovpn configuration.
Problem: Connection Timeout
Cause: The OpenVPN client can't communicate with the OpenVPN server in your Mikrotik CHR
Solution: Make sure that the OVPN server in your MikroTik CHR is running. Check by going to PPP>OVPN Server.
Check if the OpenVPN port is correct in both the server settings and the .ovpn configuration. Re-import the .ovpn configuration if changed.
Make sure that that port is opened and it's rule in the firewall is above all drop rules. You may need to check your device's firewall too if it allows the OpenVPN client.
Problem: Connected, but i still see my IP address in what is my IP. The traffic is not redirected.
Cause: An option in the .ovpn file is not enabled
Solution: Make sure that the following line is added to your .ovpn configuration file.
redirect-gateway def1
Make sure that it is without the semicolon, in order to redirect the traffic. Re-import the .ovpn file if changed.
Problem: Connection Failed: Peer certificate validation failure
Cause: The wrong certificate is chosen in the OVPN Server settings or the certificate is invalid
Solution: Make sure that the right SERVER certificate is chosen in PPP>OVPN Server settings.
Check if the clocks of both the client and the server are right.
Check if the Client certificate is the right one.
Reimport the .ovpn file if changed.
If you still experience issues, you can open a ticket to our support team, or ask our assistant in our chat.
