Russian English German Ukrainian

Компьютерная помощь

(066) 72-00-654     (098) 44-74-068

г. Днепр

ж/м Левобережный-3

Mikrotik: OpenVPN server

Bellow you can find the steps I used to create a OVPN server using a Mikrotik router. In this example we will be using a router with the external IP 88.88.88.88, internal IP 192.168.89.1 and the pool for the OVPN clinets will be 192.168.87.0/24.


Generate and sign the certificates:
 
/certificate add name=CA country="UA" state="UA" locality="Dnipro" organization="home" unit="mk" common-name="CA" key-size=2048 days-valid=3650 key-usage=crl-sign,key-cert-sign
/certificate sign CA ca-crl-host=127.0.0.1 name="CA"
 
/certificate add name=server country="UA" state="UA" locality="Dnipro" organization="home" unit="mk" common-name="server" key-size=2048 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
/certificate sign server ca="CA" name="server"
 
/certificate add name=client country="UA" state="UA" locality="Dnipro" organization="home" unit="mk" common-name="client" key-size=2048 days-valid=3650 key-usage=tls-client
/certificate sign client ca="CA" name="client"
 
/certificate add name=client1 copy-from="client" common-name="client1"
/certificate sign client1 ca="CA" name="client1"
 

Export and download the certificates and key. Save the exported files to your PC:
 
/certificate export-certificate CA export-passphrase=""
/certificate export-certificate client1 export-passphrase=79830210
 

Set the OVPN server on the router. Create a new pool fot the ovpn server:
 
/ip pool
add name=ovpn ranges=192.168.87.20-192.168.87.100
/ip dhcp-server network
add address=192.168.87.0/24 comment=vpn dns-server=192.168.89.1 gateway=192.168.89.1 netmask=24
 

Configure the OVPN server:
 
/ppp profile
add dns-server=192.168.89.1 local-address=ovpn name=ovpn remote-address=ovpn use-compression=no use-encryption=required
/interface ovpn-server server
set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn enabled=yes require-client-certificate=yes
 
Add username and password for the OVPN Client:
 
/ppp secret
add name=UserName password=pa$$w0rd profile=ovpn service=ovpn
 
Add OVPN exception to the firewall:
 
/ip firewall filter
add action=accept chain=input comment=OVPN dst-port=1194 protocol=tcp
 

Install OVPN on your PC and make sure you check the “EasyRSA 2 Certificate Management Script”. On windows pc open an elevated command prompt, navigate to the location where you saved the files and run:
 
"C:\Program Files\OpenVPN\bin\openssl.exe" rsa -in client1.key -out client1.key
 
 
Create file "client.ovpn" in "C:\Users\USER\OpenVPN\config" and past:
 
client
dev tun
proto tcp-client
remote 88.88.88.88
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca CA.crt
cert client1.crt
key client1.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass auth.cfg
auth-nocache
redirect-gateway def1
 
Create file "auth.cfg" in "C:\Users\USER\OpenVPN\config" and past:
 
UserName
pa$$w0rd

  • Сборка ПК для дома и офиса

  • Бесплатная диагностика

  • Гарантия

  • Самые низкие цены