How to configure Mikrotik OPENVPN Server

How to configure Mikrotik OPENVPN Server

1- Create IP Pool  for OpenVpn Clients

IP > IP Pool > Add IP Pool

 

 

For Example I have taken range 172.16.100.100-172.16.100.150

This IP address will be assigned to OpenVpn Clients and Mikrotik Routers.

 

 

2- Create OpenVPN Profile

Go to     PPP >  Profiles >  Add New Profile

 

 

Name open-vpn-profile

Local Address 10.34.100.1       This will be the gateway of address pool which we created for open-vpn-pool

Remote Address    choose from dropdown  open-vpn-pool

Click on Apply  and OK

 

 

 

 

 

 

 

 

 

3- Now  create a secret username and password for remote user .

Go to PPP > Secrets > Add New Secret

 

Name  user will provide while connecting

Password   user will provide while connecting

Service   ovpn

Profile   Choose from dropdown which we have created  Open-VPN-Profile

Click Apply and OK

 

 

 

 

 

3- Create Certificates for  CA  and For  Server and for the Remote users or Remote Sites

Go to    System  >  Certificates  > Add new Certificate

 

 

 

Name    ca       “this is for certificate authority ”

 

 

 

 

 

Common Name        “ca”

 

Date Valid  3650   for 10 years I have given

 

 

 

Click on Key Usage

 

 

Click only

crl sign

key cert sign

 

 

 

 

 

 

 

 

 

Click on Apply

Click on Sign

 

Certificate ca

CA CRL Host   127.0.0.1

Click on Start

 

Progress  should be showing done

Click on close

Now Click on Export

 

 

 

 

 

 

 

 

 

 

Click on Export

 

 

 

 

 

Click on Export

 

 

Now Create Certificate for Open VPN Server

 

 

 

 

 

 

Name  OpenVpnServer

 

 

 

 

Common Name  OpenVpnServer

 

Days Valid 3650

 

 

 

 

 

Now Click on Key Usage

 

 

 

Choose three Keys

digital signature

key enciphement

tls server

 

 

 

 

 

 

 

 

Now Click on Apply   and click on Sign

 

 

 

Click on start

 

 

 

 

 

 

Click on close after progress done

 

Now Create Certificate for Remote User

 

 

Name   Give the remote user name

 

 

 

 

 

Common name   give the same user name

 

Days Valid  3650

 

 

 

 

 

 

Choose three Key Usage

 

digital signature

key enciphement

tls client

 

Click on Apply

Click on Sign

 

 

 

 

Choose CA  your ca

Click on start

 

 

Click on close after Progress done

 

 

 

Now Click on Export on main window  new window will be open as below

 

 

Export Passphrase     give any password

 

Now Check the files which you have exported in Files tab

 

 

 

Click on Files

 

 

 

 

 

Three Files are there

one for CA

two for  gkhan  for remote user

 

 

Now enable the openvpn server

Go to PPP > Interface > OVPN Server

 

Click on OVPN Server

Check on Enabled

 

 

 

 

 

 

 

 

 

 

Check Enabled

 

 

 

 

Certificate   Choose which you have created for Openvpn server

Click on Apply and OK

 

 

 

 

 

Now Download OpenVPN Client on your Computer

Community Downloads

Open your Notepad  create a file with extension ovpn  for example gkhan.ovpn    copy below content and change according to your requirement.

client
dev tun
proto tcp
remote X.X.X.X  1194       #X.X.X.X  replace with your public IP Address
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca cert_export_ca.crt          #Change the name certificates you exported for CA
cert cert_export_gkhan.crt     #Change the name certificates you exported For Remote user 
key cert_export_gkhan.key      #Change the name key you exported For Remote user

cipher AES-128-CBC
auth SHA1
pull
auth-user-pass
verb 3
route 192.168.10.0 255.255.255.0    # Publish your Network which you want to make reachable
route 192.168.20.0 255.255.255.0    # Behind the Mikrotik Router

 

Now save and close it

 

Put together all certificates files and config file  and move to below folder

C:\Program Files\OpenVPN\config\

 

 

 

 

 

 

 

 

Now Connect OpenVpn  client with the profile you just created

 

 

 

Your email address will not be published. Required fields are marked *