How to configure Mikrotik OPENVPN Server

How to configure Mikrotik OPENVPN Server

1- Create IP Pool  for OpenVpn Clients

IP > IP Pool > Add IP Pool



For Example I have taken range

This IP address will be assigned to OpenVpn Clients and Mikrotik Routers.



2- Create OpenVPN Profile

Go to     PPP >  Profiles >  Add New Profile



Name open-vpn-profile

Local Address       This will be the gateway of address pool which we created for open-vpn-pool

Remote Address    choose from dropdown  open-vpn-pool

Click on Apply  and OK










3- Now  create a secret username and password for remote user .

Go to PPP > Secrets > Add New Secret


Name  user will provide while connecting

Password   user will provide while connecting

Service   ovpn

Profile   Choose from dropdown which we have created  Open-VPN-Profile

Click Apply and OK






3- Create Certificates for  CA  and For  Server and for the Remote users or Remote Sites

Go to    System  >  Certificates  > Add new Certificate




Name    ca       “this is for certificate authority ”






Common Name        “ca”


Date Valid  3650   for 10 years I have given




Click on Key Usage



Click only

crl sign

key cert sign










Click on Apply

Click on Sign


Certificate ca


Click on Start


Progress  should be showing done

Click on close

Now Click on Export











Click on Export






Click on Export



Now Create Certificate for Open VPN Server







Name  OpenVpnServer





Common Name  OpenVpnServer


Days Valid 3650






Now Click on Key Usage




Choose three Keys

digital signature

key enciphement

tls server









Now Click on Apply   and click on Sign




Click on start







Click on close after progress done


Now Create Certificate for Remote User



Name   Give the remote user name






Common name   give the same user name


Days Valid  3650







Choose three Key Usage


digital signature

key enciphement

tls client


Click on Apply

Click on Sign





Choose CA  your ca

Click on start



Click on close after Progress done




Now Click on Export on main window  new window will be open as below



Export Passphrase     give any password


Now Check the files which you have exported in Files tab




Click on Files






Three Files are there

one for CA

two for  gkhan  for remote user



Now enable the openvpn server

Go to PPP > Interface > OVPN Server


Click on OVPN Server

Check on Enabled











Check Enabled





Certificate   Choose which you have created for Openvpn server

Click on Apply and OK






Now Download OpenVPN Client on your Computer

Community Downloads

Open your Notepad  create a file with extension ovpn  for example gkhan.ovpn    copy below content and change according to your requirement.

dev tun
proto tcp
remote X.X.X.X  1194       #X.X.X.X  replace with your public IP Address
resolv-retry infinite
remote-cert-tls server
ca cert_export_ca.crt          #Change the name certificates you exported for CA
cert cert_export_gkhan.crt     #Change the name certificates you exported For Remote user 
key cert_export_gkhan.key      #Change the name key you exported For Remote user

cipher AES-128-CBC
auth SHA1
verb 3
route    # Publish your Network which you want to make reachable
route    # Behind the Mikrotik Router


Now save and close it


Put together all certificates files and config file  and move to below folder

C:\Program Files\OpenVPN\config\









Now Connect OpenVpn  client with the profile you just created




Your email address will not be published.