1- Create IP Pool for OpenVpn Clients
IP > IP Pool > Add IP Pool
For Example I have taken range 172.16.100.100-172.16.100.150
This IP address will be assigned to OpenVpn Clients and Mikrotik Routers.
2- Create OpenVPN Profile
Go to PPP > Profiles > Add New Profile
Name open-vpn-profile
Local Address 10.34.100.1 This will be the gateway of address pool which we created for open-vpn-pool
Remote Address choose from dropdown open-vpn-pool
Click on Apply and OK
3- Now create a secret username and password for remote user .
Go to PPP > Secrets > Add New Secret
Name user will provide while connecting
Password user will provide while connecting
Service ovpn
Profile Choose from dropdown which we have created Open-VPN-Profile
Click Apply and OK
3- Create Certificates for CA and For Server and for the Remote users or Remote Sites
Go to System > Certificates > Add new Certificate
Name ca “this is for certificate authority ”
Common Name “ca”
Date Valid 3650 for 10 years I have given
Click on Key Usage
Click only
crl sign
key cert sign
Click on Apply
Click on Sign
Certificate ca
CA CRL Host 127.0.0.1
Click on Start
Progress should be showing done
Click on close
Now Click on Export
Click on Export
Click on Export
Now Create Certificate for Open VPN Server
Name OpenVpnServer
Common Name OpenVpnServer
Days Valid 3650
Now Click on Key Usage
Choose three Keys
digital signature
key enciphement
tls server
Now Click on Apply and click on Sign
Click on start
Click on close after progress done
Now Create Certificate for Remote User
Name Give the remote user name
Common name give the same user name
Days Valid 3650
Choose three Key Usage
digital signature
key enciphement
tls client
Click on Apply
Click on Sign
Choose CA your ca
Click on start
Click on close after Progress done
Now Click on Export on main window new window will be open as below
Export Passphrase give any password
Now Check the files which you have exported in Files tab
Click on Files
Three Files are there
one for CA
two for gkhan for remote user
Now enable the openvpn server
Go to PPP > Interface > OVPN Server
Click on OVPN Server
Check on Enabled
Check Enabled
Certificate Choose which you have created for Openvpn server
Click on Apply and OK
Now Download OpenVPN Client on your Computer
Community Downloads
Open your Notepad create a file with extension ovpn for example gkhan.ovpn copy below content and change according to your requirement.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | client
dev tun
proto tcp
remote X.X.X.X 1194 #X.X.X.X replace with your public IP Address
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca cert_export_ca.crt #Change the name certificates you exported for CA
cert cert_export_gkhan.crt #Change the name certificates you exported For Remote user
key cert_export_gkhan.key #Change the name key you exported For Remote user
cipher AES-128-CBC
auth SHA1
pull
auth-user-pass
verb 3
route 192.168.10.0 255.255.255.0 # Publish your Network which you want to make reachable
route 192.168.20.0 255.255.255.0 # Behind the Mikrotik Router
|
Now save and close it
Put together all certificates files and config file and move to below folder
C:\Program Files\OpenVPN\config\
Now Connect OpenVpn client with the profile you just created