Professional Documents
Culture Documents
Log in
Go
Advanced search
Create a book
Download as PDF
Printable version
Main Page
Recent changes
Page
View source
Free Certificate )
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
ip address
add address=91.108.151.193/28 comment="Public IP" interface="WLAN 1 - Home" \
network=91.108.151.192
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
ip route
add distance=1 gateway=91.108.151.194
Certificate :
OpenVPN use Certificate to setup Connections , So Open a New Terminal window and create a certificate request with your Information :
certificate create-certificate-request
You will be asked a number of questions , Some of them are important , some of them is not .
select name for certificate request file.
it will be created after you finish entering all required information.
certificate request file name: certificate-request.pem
select name of private key file.
if such file does not exist, it will be created later.
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
After a few seconds you will receive notification that the Certificate Request file was created:
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
CaCerts :
Please Drag and Drop Request Files Include ( Certificate-Request.pem and Private-Key.pem ) to your Desktop .
first open Certificate-Request.pem file with Wordpad , Copy All String Include Begin and Ends of Certificate Request , Then Login to your Account in
Cacert and Make a New Server Certificate .
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
Paste your Certificate-Request.pem Strings to CSR Fields in Your Account ( New Server Certificate ) and Submit That .
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
Domain is Accepted .
Copy and Paste your Certificate Response from Cacert in a Wordpad and save that with .pem file ( In Here : certificate-response.pem )
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
Private Key :
We need a Private-Key as Key file , But Generated private keys will be in pkcs8 format, which is not supported in RouterOS.
To import such keys we should use Openssl Tool in Linux Distributes and make a Privat-Key File .
We can setup Openssl via these command :
apt-get install openssl
or
yum install openssl
Upload or Move Private-Key.pem file to That Linux OS with Openssl Service ( Bitvise SSH Client )
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
copy and paste export String ( Include Begin and End ) to a New File ( Ex. Private-Key.Key )
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
Import Certificate
Import Files ( Certificate-Response.pem , Private-Key.Key ) to Your MikroTik Files Menu .
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
Once you have imported the private key, your certificate should get a "KR" written next to it K: Decrypted-Private-Key R: RSA
Now you will be able to use this key for OVPN.
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
ip pool
add name=PPP ranges=1.1.1.1-1.1.1.100,1.1.1.150-1.1.1.200
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
ppp profile
set 0 dns-server=4.2.2.4,8.8.8.8
add dns-server=4.2.2.4,8.8.8.8 local-address=10.1.1.254 name=\
"OpenVPN Profile" remote-address=PPP
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
ppp secret
add name=1 password=1 profile="OpenVPN Profile"
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
NAT :
add a masquared firewall nat rule to share internet with OpenVPN Client .
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
ip firewall nat
add action=masquerade chain=srcnat src-address=1.1.1.0/24
OpenVPN Client :
Make a OpenVPN Client and Set Address of OpenVPN Server and Username & Password .
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
interface ovpn-client
add auth=none cipher=none connect-to=reza.ipexperts.ir mac-address=\
02:FB:D1:D8:20:B7 name=ovpn-out1 password=1 user=1
Finally :
you can see OpenVPN Client is Connected and you will able to Ping it .
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]
Reza Moghadam
--MikroTik Certified Trainer 12:02, 4 April 2013 (UTC)
Privacy policy / About MikroTik Wiki / Disclaimers / Powered by MediaWiki / Designed by Paul Gu
http://wiki.mikrotik.com/wiki/OpenVPN_Configuration_Step_by_Step[8/8/2013 12:43:34 ]