Multivenue Setup & Config.
      Back to home
      1. INTERNAL - Bepoz Help Guides
      2. Installation / System Setup Guides
      3. Multivenue Setup & Config.

      Mikrotik - OpenVPN Configuration

      Overview

      This guide will take you from top to bottom on how to deploy OPENVPN from a Mikrotik

      Prerequisites​​​​​​​

      • OpenVPN requires CA Certificate in order to work. ​​​​​​​

      ​​​​​​​Step 1: (Create a CA Certificate in Mikrotik Winbox)

      Click the +

       

      Then give the Certificate a Name (CA) and a Common Name (CA) and Days Valid (Max this out) 3650000

       

      Key Usage can all be left as default

       

      Now you need to Sign the CA Certificate

       

      CA CRL HOST should have the Public IP of the Mikrotik entered example (98.205.205.202) the Click Start

       

      Once the Certificate has been signed it can then be downloaded to your Desktop. (Rename the File CA.crt)

       

      Step 2: Enabling OpenVPN Protocol

      Navigate to PPP → Interfaces → OVPN Server

       

      ·     Enabled must be checked

      ·     Default Profile = Default-encryption

      ·     Certificate = (CA)

      ·     Auth = Sha1

      ·     Cipher = aes256

       

      Step 3: Creating Secrets (VPN users)

      ·     Name = (unique username for every secret)

      ·     Password can be anything

      ·     Service = ovpn

      ·     Profile = Default-encryption

      ·     Local Address is always the same for all Secrets its the (Host IP address of the Mikrotik) 10.0.0.254

      ·     Remote Address will be different for every user i.e next user will have 10.0.0.2 → 10.0.0.3 etc

       

      Step 4: Firewall Rules and NAT Rules

      Filter Rules allows connection from Public WAN into Mikrotik

       

      ·     Chain = Input

      ·     Protocol = tcp

      ·     Dst. Port = 1194

      ·     Action = accept

       

      NAT rule is put in place so that local PC can talk to VPN clients

      ·     Chain = srcnat

      ·     Src is the IP address of the Server PC (HO)

      ·     Dst is the Subnet of the VPN network

      ·     Action = Masqurade

       

      Step 5: OpenVPN Client

      ·     Install the OpenVPN Client https://openvpn.net/community-downloads/

      ·     Copy the CA Certificate + Secret.cfg + client.ovpn files to (C:\\Program Files\\OpenVPN\\config)

      ·     CA should be named (CA.crt)

      ·     Client.ovpn

      ·     Secret.cfg

      CA is always the same file for all clients (Downloaded from Mikrotik)
      Client.ovpn is always the same file for all clients - but need to edit the Remote Address once

      remote (Public IP) 1194ame/IP and port of the server.
      # You can have multiple remote entries
      # to load balance between the servers.
      remote 94.30.84.222 1194

      The Secret.cfg is where the username and password are altered

       

      Step 6: Add Shortcut to Startup and Run OpenVPN 

      Run Shortcut, once connected it will disappear and be shown as connected on an icon in the taskbar

      Resources

      OpenVPN Installers and Template Config Files