Get reliable and fast VPS from Dropvps!Buy Now
Menu
Signup | Login
User

DropVPS Team

Writer: Cooper Reagan

How to configure OpenVPN server on MikroTik router?

How to configure OpenVPN server on MikroTik router?

Publication Date

03/21/2025

Category

Articles

Reading Time

2 Min

Table of Contents

Setting up an OpenVPN server on a MikroTik router allows secure remote access to your network. This guide walks you through configuring OpenVPN on MikroTik step by step.

Prerequisites

  • A MikroTik router with RouterOS (v6.0+ recommended)
  • WinBox or SSH access to the router
  • A basic understanding of networking concepts

Step 1: Enable PPP and OpenVPN Server

First, ensure that the PPP package is enabled. In WinBox:

  1. Navigate to System > Packages
  2. Ensure the PPP package is installed and enabled

Then, enable the OpenVPN server:

/interface ovpn-server server
set enabled=yes default-profile=default require-client-certificate=no auth=sha1 cipher=aes128,aes192,aes256

Step 2: Generate SSL Certificates

OpenVPN on MikroTik requires SSL certificates. Generate them using:

/certificate add name=ca-template common-name=CA key-usage=key-cert-sign,crl-sign
/certificate sign ca-template name=ca

/certificate add name=server-template common-name=server
/certificate sign server-template name=server ca=ca

Export the certificates for use by clients:

/certificate export-certificate ca
/certificate export-certificate server export-passphrase=yourpassword

Step 3: Configure OpenVPN Server

Create an OpenVPN user profile:

/ppp profile add name=ovpn-profile local-address=10.10.10.1 remote-address=10.10.10.2 dns-server=8.8.8.8

Add a user for OpenVPN authentication:

/ppp secret add name=user1 password=strongpassword service=ovpn profile=ovpn-profile

Set up the OpenVPN server:

/interface ovpn-server server
set enabled=yes certificate=server auth=sha1 cipher=aes128,aes192,aes256 default-profile=ovpn-profile require-client-certificate=no

Step 4: Configure Firewall and NAT

Allow OpenVPN traffic:

/ip firewall filter add chain=input protocol=tcp dst-port=1194 action=accept place-before=0

Enable NAT for VPN traffic:

/ip firewall nat add chain=srcnat src-address=10.10.10.0/24 action=masquerade

Step 5: Configure OpenVPN Client

Export the required files (CA, Server Certificate, and Key) and configure the OpenVPN client:

client
dev tun
proto tcp
remote YOUR_ROUTER_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
auth SHA1
cipher AES-256-CBC
comp-lzo
tls-client
verb 3

Step 6: Connect and Verify

Start the OpenVPN client and check the connection logs to ensure a successful connection.

To check active connections on MikroTik:

/ppp active print

If the client connects successfully, you should be able to access the MikroTik router and the local network through the VPN.

Linux VPS
U
Loading...

Related Posts