Mikrotik OpenVPN server

Mikrotik is one of my favorite routing and MPLS platforms for doing lab and small ISP work. This one is pretty darned easy if you’re willing to use self-signed certificates, and pretty trivial to add legitimate certificates if you are so inclined.

/certificate add name=ca common-name=ca key-usage=key-cert-sign,crl-sign
/certificate sign ca ca-crl-host=10.255.255.4 name=ca
/certificate export-certificate ca
/certificate add name=gw-dsl common-name=gw.yourcompany.com
/certificate add name=vpnclient1 common-name=client1
/certificate sign gw-dsl ca=ca name=gw.yourcompany.com
/certificate sign vpnclient1 ca=ca name=client1
/ip pool add name=ovpn-pool range=10.2.98.2-10.2.98.19
/ppp profile add name=ovpn local-address=10.2.98.1 remote-address=ovpn-pool
/ppp secret add name=buraglio profile=ovpn password=ExamplePasswordDude
/interface ovpn-server server set enabled=yes certificate=server auth=sha1 cipher=aes256 port=1194 netmask=24 require-client-certificate=yes mode=ip
/certificate export-certificate client1  export-passphrase=ExamplePasswordDude

Largely based on this example

© 2019 The Forwarding Plane. All rights reserved.

Copyright 2016 Nick Buraglio, ForwardingPlane, LLC

%d bloggers like this: