How to block Country in Mikrotik Firewall.
If you want to block whole country in Mikrotik firewall visit the website https://mikrotikconfig.com/firewall/
step 1 :- Check the countries you want included in the address list. Scroll down for additional countries.
Step 2- Click this button to generate your stand alone address list for use with your own custom rules
it will generate the firewall command with IP address . now copy and paste in Mikrotik CLI.
1- Create IP Pool for OpenVpn Clients
IP > IP Pool > Add IP Pool
For Example I have taken range 172.16.100.100-172.16.100.150
This IP address will be assigned to OpenVpn Clients and Mikrotik Routers.
2- Create OpenVPN Profile
Go to PPP > Profiles > Add New Profile
Name open-vpn-profile
Local Address 10.34.100.1 This will be the gateway of address pool which we created for open-vpn-pool
Remote Address choose from dropdown open-vpn-pool
Click on Apply and OK
3- Now create a secret username and password for remote user .
Go to PPP > Secrets > Add New Secret
Name user will provide while connecting
Password user will provide while connecting
Service ovpn
Profile Choose from dropdown which we have created Open-VPN-Profile
Click Apply and OK
3- Create Certificates for CA and For Server and for the Remote users or Remote Sites
Go to System > Certificates > Add new Certificate
Name ca “this is for certificate authority ”
Common Name “ca”
Date Valid 3650 for 10 years I have given
Click on Key Usage
Click only
crl sign
key cert sign
Click on Apply
Click on Sign
Certificate ca
CA CRL Host 127.0.0.1
Click on Start
Progress should be showing done
Click on close
Now Click on Export
Click on Export
Click on Export
Now Create Certificate for Open VPN Server
Name OpenVpnServer
Common Name OpenVpnServer
Days Valid 3650
Now Click on Key Usage
Choose three Keys
digital signature
key enciphement
tls server
Now Click on Apply and click on Sign
Click on start
Click on close after progress done
Now Create Certificate for Remote User
Name Give the remote user name
Common name give the same user name
Days Valid 3650
Choose three Key Usage
digital signature
key enciphement
tls client
Click on Apply
Click on Sign
Choose CA your ca
Click on start
Click on close after Progress done
Now Click on Export on main window new window will be open as below
Export Passphrase give any password
Now Check the files which you have exported in Files tab
Click on Files
Three Files are there
one for CA
two for gkhan for remote user
Now enable the openvpn server
Go to PPP > Interface > OVPN Server
Click on OVPN Server
Check on Enabled
Check Enabled
Certificate Choose which you have created for Openvpn server
Click on Apply and OK
Now Download OpenVPN Client on your Computer
Open your Notepad create a file with extension ovpn for example gkhan.ovpn copy below content and change according to your requirement.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | clientdev tunproto tcpremote X.X.X.X 1194 #X.X.X.X replace with your public IP Addressresolv-retry infinitenobindpersist-keypersist-tuntls-clientremote-cert-tls serverca cert_export_ca.crt #Change the name certificates you exported for CAcert cert_export_gkhan.crt #Change the name certificates you exported For Remote user key cert_export_gkhan.key #Change the name key you exported For Remote usercipher AES-128-CBCauth SHA1pullauth-user-passverb 3route 192.168.10.0 255.255.255.0 # Publish your Network which you want to make reachableroute 192.168.20.0 255.255.255.0 # Behind the Mikrotik Router |
Now save and close it
Put together all certificates files and config file and move to below folder
C:\Program Files\OpenVPN\config\
Now Connect OpenVpn client with the profile you just created
