The steps below show how to configure OpenVPN connections to a MikroTik router. Note that at the time of writing MikroTik’s RouterOS only supports TCP connections to OpenVPN, not UDP. Before proceeding, a Certificate Authority should be available to manage certificates – see our previous post for using the MikroTik for this.
Configure the IP Pool:
IP -> Pool
Name = ovpn-pool
Addresses = 192.168.254.190-192.168.254.199 (*recommended to not overlap with other local subnets)
Configure the OpenVPN Service:
PPP -> OVPN Server
Port = 1194
Mode = ip
Default profile = default
Certificate = select CA or Server certificate
Cipher = aes-256
Define the Profile:
PPP -> Profiles -> Add New
Name = ovpn-profile
local-address=ovpn-pool
remote-address=ovpn-pool
Define VPN Users:
PPP -> Secrets -> Add New
Name = “vpnuser1”
Password = “somepassword”
Service = ovpn
Create Client ovpn Configs
ovpn configs need to be created manually, including the server, TCP, Port, etc.
Add routes in the client config file: route 192.168.111.0 255.255.255.0
Some clients can use the certificates within an ovpn file, other clients must be directed to the location of the client certificates.
Allow TCP-1194 through Firewall (if required):
add action=accept chain=input comment=”OpenVPN” disabled=no dst-port=1194 protocol=tcp