Create VPN server on Mikrotik router with OpenVPN

NC

In this article, I suggest you a solution with openvpn on the mikrotik router to connect to your work network from outside the office.

Create a simple VPN server with Mikrotik ( L2TP/IPSec )

Mikrotik openvpn, Creating SSL certificate for openvpn server and client.

Create VPN server on Mikrotik router with OpenVPN

Generate Certificate

Go to "System" > "Certificates", The following steps will show how to create CA certificate in mikrotik.

Click on Key Usage tab and uncheck all checkboxes except crl. sign and key cert. sign.

Create VPN server on Mikrotik router with OpenVPN

Create VPN server on Mikrotik router with OpenVPN

Put MikroTik Router's WAN IP address in CA CRL Host input field : 123.25.70.1.

Create VPN server on Mikrotik router with OpenVPN

Your sign certificate will be created within few seconds. 

Create server certificate

Now we will create server certificate. The following steps will show how to create server certificate in mikrotik.

Create VPN server on Mikrotik router with OpenVPN

Click on Key Usage tab and uncheck all checkboxes except digital signature, key encipherment and tls server.

Create VPN server on Mikrotik router with OpenVPN

Click on sign button, select CA certificate from CA drop-down menu.

Create VPN server on Mikrotik router with OpenVPN

Create VPN server on Mikrotik router with OpenVPN

Create client certificate

Now we will create client certificate, the following steps will show how to create client certificate in mikrotik.

Create VPN server on Mikrotik router with OpenVPN

Click on Key Usage tab and uncheck all checkboxes except tls client.

Create VPN server on Mikrotik router with OpenVPN

Click on sign button, select CA certificate from CA drop-down menu.

Create VPN server on Mikrotik router with OpenVPN

Export and download your certificate

Now we will export CA and Client certificates so that OpenVPN client can use this certificate. 

Click on your CA certificate and then click on Export button from right button panel. Choose your CA certificate from Certificate dropdown menu. Click on Export button now. Your CA certificate will be exported. 

Create VPN server on Mikrotik router with OpenVPN

Create VPN server on Mikrotik router with OpenVPN

Click on Export button from right button panel and choose your client certificate from Certificate dropdown menu. Put a password in Export Passphrase input field. The password must be at least 8 characters and this password has to provide when OpenVPN client will be connected.

Create VPN server on Mikrotik router with OpenVPN

Create VPN server on Mikrotik router with OpenVPN

Drag and Drop these three files in a folder on your Desktop.

Create VPN server on Mikrotik router with OpenVPN

We will use these files when OpenVPN client will be configured.

Setup OpenVpn Server

Now we will configure openvpn server in mikrotik router. 

Go to "PPP" > "Interface" > "OVPN Server". Click on Enabled checkbox. From Certificate dropdown menu, choose server certificate that we created before.

Also click on Require Client Certificate checkbox. From Auth. Panel, uncheck all checkboxes except sha1. From Cipher panel, uncheck all checkboxes except aes 256.

Create VPN server on Mikrotik router with OpenVPN

Create VPN User

Now we will create openvpn user who will be connected to the server. 

Go to "PPP" > "Secrets". Choose ovpn from Service dropdown menu. Put the gateway IP in Local Address input field, and put a LAN IP that will be assigned in client workstation when this user will be connected, in Remote Address input field.

Create VPN server on Mikrotik router with OpenVPN

Enable proxy arp on the LAN interface

The following steps will show how to enable proxy-arp on the LAN interface. 

choose proxy-arp from ARP dropdown menu. MikroTik OpenVPN Server is now completely ready to accept OpenVPN client. So we will now configure openvpn client in Windows operating system.

Create VPN server on Mikrotik router with OpenVPN

Install OpenVPN Client on user device

Go to openvpn.net and download openvpn client software. 

Create VPN server on Mikrotik router with OpenVPN

After downloading, install openvpn client in your operating system. Installation process is as simple as installing other software in Windows operating system.

Now copy your ca and client certificates and client key files into config directory.

Create VPN server on Mikrotik router with OpenVPN

Create a file with the extension ovpn with the content as under. You can copy the sample code here:

dev tun

proto tcp-client

remote 123.25.70.1

port 1194

nobind

persist-key

persist-tun

tls-client

remote-cert-tls server

ca ca.crt

cert client.crt

key client.key

verb 4

mute 10

cipher AES-256-CBC

auth SHA1

auth-user-pass secret

auth-nocache

Here, change remote IP Address according to your MikroTik WAN IP : 123.25.70.1, save the file with the extension ovpn (openvpn.ovpn).

Create VPN server on Mikrotik router with OpenVPN

Create another file named secret without any extension, and put OpenVPN PPP username at first line and password in second line and then save this file.

Create VPN server on Mikrotik router with OpenVPN

Now run OpenVPN client software, You will find a new icon in your Taskbar or System tray like under. Click mouse right button on this icon and then click Connect option. 

Create VPN server on Mikrotik router with OpenVPN

OpenVPN Connection window will appear and it will ask to put your client certificate password that you have entered at the time of client certificate exportation.

To check your configuration, do a ping request to any remote network workstation.

Tags: VPN Mikrotik