Skip to content

GLlgGL/OpenVPNonMikrotik

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
README.md
README.md
 
 
client.ovpn
client.ovpn
 
 

Repository files navigation

OpenVPN on Mikrotik by #Gabriel Lami

Configure OpenVPN on Mikrotik professionally(Site-to-Client)

1- First, we choose and create a network for the VPN clients. In this tutorial I will use 192.168.30.0/24. Than we will create the bridge & IP Pool.

  • Creation of the bridge where the network addresses will be added. Bridge->Create new bridge BridgeMikrotikVPN
  • Creation of the network address. IP->Addresses NetworkAddess
  • Creation of the IP Pool. You can set a desidered addresses range depending on how many clients will connect to the VPN. IP->Pool IPPOOL

2- Secondly, we have to create the firewall and NAT rule for the VPN to be able for the clients to communicate with the VPN Server.

  • Creation of the firewall filter rule. IP->Firewall->Filter Rules IPFILTERRULES
  • Creation of the NAT rule(only if you don't have this rule already). IP->Firewall->NAT NATRULE

3- Third, we will create and export certificates(CA,server and client) needed for authentication between VPN server and client.

  • Creation of CA certificate. System->Certificates

    On General Tab: -Name: CA -Common Name: CA -Key Size: 2048

    On Key Usage Tab: -key cert. sing -crl sing

    On Sing button click: -CA CRL HOST: Your public IP address

  • Creation of server certificate. System->Certificates

    On General Tab: -Name: server -Common Name: server -Key Size: 2048

    On Key Usage Tab: -digital signature -key encipherment -tls server

    On Sing button click: -CA: CA

  • Creation of client certificate. System->Certificates

    On General Tab: -Name: client -Common Name: client -Key Size: 2048

    On Key Usage Tab: -tls client

    On Sing button click: -CA: CA

    Certificatescreation

  • Export certificates. System->Certificates

    Right click on CA and server certificates and click export and than export. Right click on client certificate and click export, enter a passphrase and than export.

    After export you can find the certificates on Files where you can download them because will need them on the client part when you will connect to the VPN. exportcertificates

4- Forth, we will create the OpenVPN server, profile and secret credentials for the user who will connect to this VPN server.

  • Creation of the OpenVPN server. PPP->Interface->OVPN Server OVPNSERVER

  • Creation of the profile which on this case it will be the default-encryption. PPP->Profiles Profile

  • Creation of the user credentials which will be used to connect to the VPN server. PPP->Secrets secret

5- In this last step we will configure OpenVPN client to be able to connect through VPN

  • Convert three certificates from PEM plain text to pmcks encrypted(one file) certificate.

    • Download OpenSSL for Windows on this link and install it. https://slproweb.com/products/Win32OpenSSL.html

    • Open CMD with admin privileages and cd to the OpenSSL bin directory cd C:\Program Files\OpenSSL-Win64\bin

    • Copy certificate files into the same directory and run this command openssl pkcs12 -export -in cert_export_client -inkey cert_export_client.key -certfile cert_export_CA.cert -name MyClient -out client.p12

    • A file named client.p12 will be generated.

  • We will create the VPN configuration file client.ovpn with the details above

    client dev tun proto tcp-client remote your public IP here port 1194 proto tcp nobind persist-key persist-tun tls-client remote-cert-tls server verb 4 mute 10 cipher AES-256-CBC auth SHA1 pkcs12 client.p12 auth-user-pass auth-nocache #Add here your local network IP if you want only network access only route x.x.x.x 255.255.255.0 route x.x.x.0 255.255.255.0 #Use this only if you want to route your VPN traffic #redirect-gateway def1

    Finally you will have these two files filess

  • Install OpenVPN client on you Windows Laptop/PC

    You can download it here https://openvpn.net/community-downloads/

    Copy those two files created earlier client.ovpn and client.p12 in the VPN config folder like in the photo filess

    Click connect on the client, add the passphrase created earlier when you exported the certificates and after fill the user credentials.

    Good job, you should be now connected! If not, check the steps again because you might have done any mistake. connected

- Some last informations

  The drawbacks of this VPN Server over Mikrotik are:
  
  1- OpenVPN Server on Mikrotik can't push routes to clients (can be done on client configuration)
  2- OpenVPN Server on Mikrotik can't push traffic redirection (can be done on client configuration)
  3- OpenVPN Server on Mikrotik can't use UDP protocol (this is possible on v7 of the RouterOS)
  
- Pros and cons

  Advantages:
  
  Better Security(256-bit encryption keys and high end ciphers)
  Firewall compatibility(can use any TCP or UDP port)
  
  Disadvantages:
  
  Client support(Requires additional software client)
  Configuration(Complex manual configuration)
 
 Thank you.

About

Configure openvpn on mikrotik(Site-to-client)

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

.ovpn configuration file Latest
Sep 24, 2022

Packages

No packages published