User Tools

Site Tools


Mikrotik OpenVPN setup

Create certificates

  mkdir mikrotik_certs
  cd mikrotik_certs
  openssl genrsa -des3 -out mikrotik_ca.key 4096

Use different Common name (CN) for ca.crt here then for server.crt below:

  openssl req -new -x509 -days 3650 -key mikrotik_ca.key -out mikrotik_ca.crt -config openssl.cnf

Generate server.key and .crt and sign with mikrotik_ca.crt:

  openssl genrsa -des3 -out server.key 4096
  openssl req -new -key server.key -out server.csr
  openssl x509 -req -days 3650 -in server.csr -CA mikrotik_ca.crt -CAkey mikrotik_ca.key -set_serial 01 -out server.crt

Then upload server.crt and server.key to Mikrotik.

In Mikrotik terminal execute

  /ip pool add name=openvpn-pool range=
  /ppp profile add name=openvpn local-address= remote-address=openvpn-pool

Add desired users and passwords:

  /ppp secret add name=user1 password=pwd1234 profile=openvpn
  /ppp secret add name=user2 password=pwd5678 profile=openvpn

Import cert and key:

  /certificate> import file-name=server.crt
  /certificate> import file-name=server.key
  /interface ovpn-server server set enabled=yes certificate=server.crt_0
  /ip firewall filter add action=accept chain=input comment="OpenVPN" disabled=no dst-port=1194 protocol=tcp

Import ovpn config file to client

For linux config (i.e. ovpn file) copy the mikrotik_ca.crt at end of file inside <ca></ca> fields. Also change the “remote” and “route” lines to match the created config above.

Mikrotik does not support LZO compression or UDP connection. :-(

See also


wiki/mikrotik_openvpn_setup.txt · Last modified: 2021/06/02 12:11 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki