I’ll mostly go with CLI commands here, showing the outcome in Mikrotik Webfig for your reference Setup the certificates Otherwise the support is perfect for what I wanted: certificate based authentication and TCP, VPN in routed mode (tun). Then I started dealing with the Mikrotik part: although enormously flexible, Mikrotik configuration might seem a bit dispersed at first… which is the main reason why I’ve decided to write this post ?įirst, be aware of two limitations of OpenVPN Support in Mikrotik as I’m writing (RouterOS 6.45.7):
OPENVPN MIKROTIK SOFTWARE
I tried L2TP but had issues with the very few settings allowed by the VFR.Īlso, OpenVPN is available as App for iOS and on the Mac you have great software such as TunnelBlick. I choose OpenVPN since IMHO it allows the greater flexibility, requiring only one port to be forwarded. I started by setting the Vodafone Station Revolution (VFR) to forward port TCP 1194 from the public IP to The Mighty Mikrotik (TMM) external net IP address. Which was this (naturally IP info has been sanitized ? ): It took me a while to find the right combination of configurations, given the constraints of what I was aiming to. I needed to build VPN access from outer space to my own network, mainly using my two preferred tools: iOS device and OS X on my Mac.
OPENVPN MIKROTIK PASSWORD
Write Private key decryption password (you created it by using this command: export-certificate client-certificate export-passphrase= 12345678).
And while at it, create a bit more secure user/password: Assumption is your MikroTik will also be a DNS server. Instead of editing the default encrypted profile, we need to create a new one. Now go back to Terminal and create a separate pool of IP addresses for clients by using this command: Now go to Files and export those certificates by simply dragging them to your desktop. Now you need to export those certificates:Įxport-certificate ca-certificate export-passphrase=""Įxport-certificate client-certificate export-passphrase= 12345678 Sign client-template name=client-certificate ca=ca-certificate Sign server-template name=server-certificate ca=ca-certificate Now create certificates by using these commands (these will be valid for 10 years):Īdd name=ca-template common-name= days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-signĪdd name=server-template common-name=*. days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-serverĪdd name=client-template common-name= days-valid=3650 key-size=2048 key-usage=tls-clientĬreated certificates will need signing, use these commands:
OPENVPN MIKROTIK HOW TO
This guide provides a configuration example with details on how to configure OpenVPN connection between MikroTik and RUTxxx routers. OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.