Académique Documents
Professionnel Documents
Culture Documents
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 1 of 35
1/6/15, 4:47 PM
ip address
add address=91.108.151.193/28 comment="Public IP" interface="WLAN 1 - Home" \
network=91.108.151.192
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 2 of 35
1/6/15, 4:47 PM
ip route
add distance=1 gateway=91.108.151.194
Certificate :
OpenVPN use Certificate to setup Connections , So Open a New Terminal window and create a certificate request with your Information :
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 3 of 35
1/6/15, 4:47 PM
certificate create-certificate-request
You will be asked a number of questions , Some of them are important , some of them is not .
select name for certificate request file.
it will be created after you finish entering all required information.
certificate request file name: certificate-request.pem
select name of private key file.
if such file does not exist, it will be created later.
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 4 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 5 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 6 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 7 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 8 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 9 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 10 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 11 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 12 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 13 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 14 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 15 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 16 of 35
1/6/15, 4:47 PM
After a few seconds you will receive notification that the Certificate Request file was created:
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 17 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 18 of 35
1/6/15, 4:47 PM
CaCerts :
Please Drag and Drop Request Files Include ( Certificate-Request.pem and Private-Key.pem ) to your Desktop .
first open Certificate-Request.pem file with Wordpad , Copy All String Include Begin and Ends of Certificate Request , Then Login to your
Account in Cacert and Make a New Server Certificate .
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 19 of 35
1/6/15, 4:47 PM
Paste your Certificate-Request.pem Strings to CSR Fields in Your Account ( New Server Certificate ) and Submit That .
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 20 of 35
1/6/15, 4:47 PM
Domain is Accepted .
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 21 of 35
1/6/15, 4:47 PM
Copy and Paste your Certificate Response from Cacert in a Wordpad and save that with .pem file ( In Here : certificate-response.pem )
Private Key :
We need a Private-Key as Key file , But Generated private keys will be in pkcs8 format, which is not supported in RouterOS.
To import such keys we should use Openssl Tool in Linux Distributes and make a Privat-Key File .
We can setup Openssl via these command :
apt-get install openssl
or
yum install openssl
Upload or Move Private-Key.pem file to That Linux OS with Openssl Service ( Bitvise SSH Client )
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 22 of 35
1/6/15, 4:47 PM
copy and paste export String ( Include Begin and End ) to a New File ( Ex. Private-Key.Key )
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 23 of 35
1/6/15, 4:47 PM
Import Certificate
Import Files ( Certificate-Response.pem , Private-Key.Key ) to Your MikroTik Files Menu .
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 24 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 25 of 35
1/6/15, 4:47 PM
Once you have imported the private key, your certificate should get a "KR" written next to it K: Decrypted-Private-Key R: RSA
Now you will be able to use this key for OVPN.
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 26 of 35
1/6/15, 4:47 PM
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 27 of 35
1/6/15, 4:47 PM
ip pool
add name=PPP ranges=1.1.1.1-1.1.1.100,1.1.1.150-1.1.1.200
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 28 of 35
1/6/15, 4:47 PM
Warning: screenshot shows incorrect local address, it should be 1.1.1.254 as per command below
ppp profile
set 0 dns-server=4.2.2.4,8.8.8.8
add dns-server=4.2.2.4,8.8.8.8 local-address=1.1.1.254 name=\
"OpenVPN Profile" remote-address=PPP
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 29 of 35
1/6/15, 4:47 PM
ppp secret
add name=1 password=1 profile="OpenVPN Profile"
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 30 of 35
1/6/15, 4:47 PM
NAT :
add a masquared firewall nat rule to share internet with OpenVPN Client .
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 31 of 35
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
1/6/15, 4:47 PM
Page 32 of 35
1/6/15, 4:47 PM
ip firewall nat
add action=masquerade chain=srcnat src-address=1.1.1.0/24
OpenVPN Client :
Make a OpenVPN Client and Set Address of OpenVPN Server and Username & Password .
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 33 of 35
1/6/15, 4:47 PM
interface ovpn-client
add auth=none cipher=none connect-to=reza.ipexperts.ir mac-address=\
02:FB:D1:D8:20:B7 name=ovpn-out1 password=1 user=1
Finally :
you can see OpenVPN Client is Connected and you will able to Ping it .
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 34 of 35
1/6/15, 4:47 PM
Reza Moghadam
--MikroTik Certified Trainer 12:02, 4 April 2013 (UTC)
Retrieved from "http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&oldid=26115"
http://wiki.mikrotik.com/index.php?title=OpenVPN_Configuration_Step_by_Step&printable=yes
Page 35 of 35