Russian English German Ukrainian

Компьютерная помощь

(066) 72-00-654     (098) 44-74-068

г. Днепр

ж/м Левобережный-3

Mikrotik: OpenVPN server

Bellow you can find the steps I used to create a OVPN server using a Mikrotik router. In this example we will be using a router with the external IP, internal IP and the pool for the OVPN clinets will be

Generate and sign the certificates:
/certificate add name=CA country="UA" state="UA" locality="Dnipro" organization="home" unit="mk" common-name="CA" key-size=2048 days-valid=3650 key-usage=crl-sign,key-cert-sign
/certificate sign CA ca-crl-host= name="CA"
/certificate add name=server country="UA" state="UA" locality="Dnipro" organization="home" unit="mk" common-name="server" key-size=2048 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
/certificate sign server ca="CA" name="server"
/certificate add name=client country="UA" state="UA" locality="Dnipro" organization="home" unit="mk" common-name="client" key-size=2048 days-valid=3650 key-usage=tls-client
/certificate sign client ca="CA" name="client"
/certificate add name=client1 copy-from="client" common-name="client1"
/certificate sign client1 ca="CA" name="client1"

Export and download the certificates and key. Save the exported files to your PC:
/certificate export-certificate CA export-passphrase=""
/certificate export-certificate client1 export-passphrase=79830210

Set the OVPN server on the router. Create a new pool fot the ovpn server:
/ip pool
add name=ovpn ranges=
/ip dhcp-server network
add address= comment=vpn dns-server= gateway= netmask=24

Configure the OVPN server:
/ppp profile
add dns-server= local-address=ovpn name=ovpn remote-address=ovpn use-compression=no use-encryption=required
/interface ovpn-server server
set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=ovpn enabled=yes require-client-certificate=yes
Add username and password for the OVPN Client:
/ppp secret
add name=UserName password=pa$$w0rd profile=ovpn service=ovpn
Add OVPN exception to the firewall:
/ip firewall filter
add action=accept chain=input comment=OVPN dst-port=1194 protocol=tcp

Install OVPN on your PC and make sure you check the “EasyRSA 2 Certificate Management Script”. On windows pc open an elevated command prompt, navigate to the location where you saved the files and run:
"C:\Program Files\OpenVPN\bin\openssl.exe" rsa -in client1.key -out client1.key
Create file "client.ovpn" in "C:\Users\USER\OpenVPN\config" and past:
dev tun
proto tcp-client
port 1194
remote-cert-tls server
ca CA.crt
cert client1.crt
key client1.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass auth.cfg
redirect-gateway def1
Create file "auth.cfg" in "C:\Users\USER\OpenVPN\config" and past:

  • Сборка ПК для дома и офиса

  • Бесплатная диагностика

  • Гарантия

  • Самые низкие цены