I have been stuck for three days now to set up openVPN between two MTs.
Had to read several sites just to get to know that OVPN server needs a certifikate, even
if the MT offers "no" as an option.
Now I am trying to create certificate, but I just do not get it.
In the winbox > system > certificates > add I added a template (quite confusing)
After that I created a certificate request.
So far, so good, but what now ?
How can I create a (by the MT) self signed certificate ?
The Wiki says to use cacert.org. Did so.
-> Domain was not in the registered domains at cacert
Tried to register "domain":
- > cacert想know where to send the mail with the cert: admin@213.xxx.yyy.50
That is the MT which cannot receive mails.
Later the devices will have hostnames from dyndns.org, but I cannot register this domain to create certs.
Do I have to register an exclusive domain just to get a cert. for the tunnel ?
BTW: there is another wiki page for creating certs -> Create_Certificates
Followed step-by-step, well just to the second step and got the first error:
Code:Select all
failure: wrong CA key usage with CRLIn a Linux environment it is a question of minutes to create a SSC, but on MT it seems to be impossible.
It would be great, if someone could help me.
Other question:
有办法得到一些更多的调试信息吗about the OVPN in the logs ?
THX
