wiki:mikrotik_openvpn_setup
No ACL setup yet! Denying access to everyone.
No ACL setup yet! Denying access to everyone.
Table of Contents
Mikrotik OpenVPN setup
Create certificates
mkdir mikrotik_certs cd mikrotik_certs openssl genrsa -des3 -out mikrotik_ca.key 4096
Use different Common name (CN) for ca.crt here then for server.crt below:
openssl req -new -x509 -days 3650 -key mikrotik_ca.key -out mikrotik_ca.crt -config openssl.cnf
Generate server.key and .crt and sign with mikrotik_ca.crt:
openssl genrsa -des3 -out server.key 4096 openssl req -new -key server.key -out server.csr openssl x509 -req -days 3650 -in server.csr -CA mikrotik_ca.crt -CAkey mikrotik_ca.key -set_serial 01 -out server.crt
Then upload server.crt and server.key to Mikrotik.
In Mikrotik terminal execute
/ip pool add name=openvpn-pool range=10.21.21.2-10.21.21.254 /ppp profile add name=openvpn local-address=10.21.21.1 remote-address=openvpn-pool
Add desired users and passwords:
/ppp secret add name=user1 password=pwd1234 profile=openvpn /ppp secret add name=user2 password=pwd5678 profile=openvpn ...
Import cert and key:
/certificate> import file-name=server.crt /certificate> import file-name=server.key
/interface ovpn-server server set enabled=yes certificate=server.crt_0 /ip firewall filter add action=accept chain=input comment="OpenVPN" disabled=no dst-port=1194 protocol=tcp
Import ovpn config file to client
For linux config (i.e. ovpn file) copy the mikrotik_ca.crt at end of file inside <ca></ca> fields. Also change the “remote” and “route” lines to match the created config above.
Mikrotik does not support LZO compression or UDP connection. 
See also
| 2021/05/01 12:31 | |
| 2021/06/02 10:15 | |
| 2025/07/09 18:04 | |
| 2021/05/14 14:16 | |
| 2021/02/04 10:18 | |
| 2025/02/15 20:55 | |
| 2021/05/14 14:20 | |
| 2025/06/24 15:51 |
References
wiki/mikrotik_openvpn_setup.txt · Last modified: by antisa