The steps below show how to configure OpenVPN connections to a MikroTik router. Note that at the time of writing MikroTik’s RouterOS only supports TCP connections to OpenVPN, not UDP. Before proceeding, a Certificate Authority should be available to manage certificates – see our previous post for using the MikroTik for this.

Configure the IP Pool:

 IP -> Pool
 Name = ovpn-pool
 Addresses = 192.168.254.190-192.168.254.199   (*recommended to not overlap with other local subnets)

Configure the OpenVPN Service:

PPP -> OVPN Server
 Port = 1194
 Mode = ip
 Default profile = default
 Certificate     = select CA or Server certificate
 Cipher          = aes-256

Define the Profile:

PPP -> Profiles -> Add New
 Name = ovpn-profile
 local-address=ovpn-pool
 remote-address=ovpn-pool

Define VPN Users:

PPP -> Secrets -> Add New
 Name = “vpnuser1”
 Password = “somepassword”
 Service = ovpn

Create Client ovpn Configs

ovpn configs need to be created manually, including the server, TCP, Port, etc.

Add routes in the client config file:  route 192.168.111.0 255.255.255.0

Some clients can use the certificates within an ovpn file, other clients must be directed to the location of the client certificates.

Allow TCP-1194 through Firewall (if required):

add action=accept chain=input comment=”OpenVPN” disabled=no dst-port=1194 protocol=tcp