Site icon System Zone

MikroTik OpenVPN Setup with Windows Client

VPN (Virtual Private Network) technology provides a secure and encrypted tunnel across a public network. So, a private network user can send and receive data to any remote private network through VPN tunnel as if his/her network device was directly connected to that private network.

MikroTik OpenVPN Server provides a secure and encrypted tunnel across public network for transporting IP traffic using PPP. OpenVPN uses SSL Certificates. So, OpenVPN Tunnel is a trusted tunnel to send and receive data across public network. MikroTik OpenVPN Server can be applied in two methods.

The goal of this article is to connect a remote client using OpenVPN Tunnel across public network. So, in this article I will only show how to configure MikroTik OpenVPN Server for connecting a remote workstation/client (Windows Client).

Network Diagram

To configure a MikroTik OpenVPN Tunnel for connecting a remote workstation/client, I am following a network diagram like below image.

OpenVPN Remote Office Network

In this network, MikroTik Router (RouterOS v6.38.1) is connected to internet through ether1 interface having IP address 192.168.30.2/30. In your real network, this IP address should be replaced with public IP address. MikroTik Router’s ether2 interface is connected to local network having IP network 10.10.11.0/24. We will configure OpenVPN server in this router and after OpenVPN configuration the router will create a virtual interface (OpenVPN Tunnel) across public network whose IP address will be 10.10.11.1. On the other hand, a remote laptop (workstation/client) is connected to internet and wants to connect to our OpenVPN server for accessing local network resources. We will configure OpenVPN client in this laptop and after establishing an OpenVPN Tunnel across public network, this laptop will get a MikroTik Router’s local IP 10.10.11.10 and will be able to access MikroTik Router’s private network.

MikroTik OpenVPN Server Configuration

We will now start OpenVPN Server configuration. Complete OpenVPN configuration can be divided into two parts.

Part 1: OpenVPN Server Configuration in MikroTik Router

According to our network diagram, MikroTik Router is our OpenVPN Server. So, we will setup and configure OpenVPN Server in MikroTik Router. Complete MikroTik RouterOS configuration for OpenVPN Server can be divided into five steps.

Step 1: MikroTik Router basic configuration

In MikroTik Router basic configuration, we will assign WAN, LAN and DNS IP and perform NAT and Route configuration. The following steps will show how to do these topics in your RouterOS.

Basic RouterOS configuration has been completed. Now we will Create SSL certificate for OpenVPN server and client.

Step 2: Creating SSL certificate for OpenVPN Server and Client

OpenVPN server and client configuration requires SSL certificate because OpenVPN uses SSL certificate for secure communication. MikroTik RouterOS version 6 gives ability to create, store and manage certificates in certificate store. So, we will create required OpenVPN certificate from our RouterOS. OpenVPN server and client configuration requires three types of certificates:

  1. CA (Certification Authority) certificate
  2. Server certificate and
  3. Client certificate

Creating CA certificate

The following steps will show how to create CA certificate in MikroTik RouterOS.

CA certificate has been created successfully. Now we will create server certificate.

Creating Server Certificate

The following steps will show how to create server certificate in MikroTik RouterOS.

Server certificate has been created successfully. Now we will create client certificate.

Creating Client Certificate

The following steps will show how to create client certificate in MikroTik RouterOS.

Client certificate has been created successfully. Now we will export CA and Client certificates so that OpenVPN client can use this certificate.

Exporting CA and Client Certificates

OpenVPN server will use server certificate from MikroTik RouterOS certificate store. But client certificate has to supply to the OpenVPN client. So, we need to export client certificate as well as CA certificate from RouterOS certificate store. The following steps will show how to export CA certificate and client certificate from MikroTik certificate store.

Creating SSL certificate for OpenVPN server and client has been completed. Now we will configure our OpenVPN Server in MikroTik Router.

Step 3: OpenVPN Server Configuration in MikroTik Router

After creating SSL certificate, we are now eligible to enable OpenVPN Server in MikroTik Router. The following steps will show how to enable OpenVPN Server in your MikroTik Router with proper configuration.

OpenVPN Server is now running in MikroTik Router. Now we will create OpenVPN user who will be connected to this server.

Step 4: PPP Secret creation for OpenVPN client

After OpenVPN Server setup, we need to create OpenVPN user who will be connected to OpenVPN Server. OpenVPN Server uses PPP user for authentication. So, we will now create PPP secret (username and password) for OpenVPN client. The following steps will show how to create PPP secret in MikroTik Router.

PPP user who will be connected from remote client machine has been created. At this point, if the user gets connected from the remote client machine and try to ping any workstation from the remote machine, the ping will time out because the remote client is unable to get ARPs from workstations. The solution is to set up proxy-arp on the LAN interface.

Step 4: Enabling Proxy ARP on LAN Interface

The following steps will show how to enable proxy-arp on the LAN interface.

After enabling proxy-arp, the remote client can successfully reach all workstations in the local network behind the router.

MikroTik OpenVPN Server is now completely ready to accept OpenVPN client. So, we will now configure OpenVPN client in Windows Operating System.

Part 2: OpenVPN Client configuration in Windows OS

OpenVPN.net provides OpenVPN client software for all the operating systems. You can visit to download page and download your OpenVPN client that is matched with your system requirement. I am using Windows 7, 64-bit operating system. So, I have downloaded Installer (64-bit), Windows Vista and later package. At the time of this article, the OpenVPN client version was 2.3.18.

After downloading, install OpenVPN client in your operating system following the instruction. Installation process is as simple as installing other software in Windows operating system.

After OpenVPN client installation, go to configuration file location (by default: C:\Program Files\OpenVPN\config or C:\Program Files (x86)\OpenVPN\config depending on your operating system) and follow my below steps to configure OpenVPN client.

If you put correct password and if everything is OK, your OpenVPN client will be connected and an OpenVPN tunnel will be created between OpenVPN client and server.To check your configuration, do a ping request to any remote network workstation or server. If everything is OK, your ping request will be success.

If you face any confusion to follow above steps properly, watch my video about MikroTik OpenVPN Server Configuration with Windows Client carefully. I hope it will reduce your any confusion.

MikroTik OpenVPN Server configuration with Windows Client has been explained in this article. I hope you will be able to configure your OpenVPN Server and Client if you follow the explanation carefully. However, if you face any confusion to follow above steps properly, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.

Exit mobile version