OpenVPN on MikroTik routers

OpenVPN on MikroTik routers

Connect to MikroTik via the web interface. You can use the Router OS web interface, which includes the following screens, or the Winbox app.

Default prot for OpenVPN is 1194. You can customize it as you want, but do not forget to allow port on your firewall. In section IP-> Firewall, add row as below::

Firewall

Chain: input

Protocol: (6) tcp

Dst.Port: 1194

Action: accept

1) Certificates

First, we create ca, server and client certificates (you can use any name). In System -> Certificates, click Add new and, after completing the fields, sign it immediately using the Sign option.



CA

Mikrotik - add CA certificate Mikrotik - add CA certificate

Server

Mikrotik - add server certificate Mikrotik - add server certificate

Client

Mikrotik - add client certificate Mikrotik - add client certificate

The whole settings under certificates should look something like this:

OpenVPN Mikrotik - Certifikáty

Next, download the certificates to your computer in the Files section.

MikroTik - stažení certifikátu

2) Address range

We create our own address range for VPN. If you have a primary "Pool" range, such as 192.168.1.1-100, you can create another or use some part of the existing range, such as 192.168.1.201-230, etc. The settings can be done in tab IP -> Pool

MikroTik - rozsah pro VPN

3) Profile creation and VPN service launch

In PPP -> Profiles, create a new profile using "Add new." Fill in any name and set Local Address to an address that is not occupied and not in any range. In this example, 192.168.1.200. In the Remote address, select the range from the previous point.

MikroTik - VPN Profile

Then, in the PPP -> Interface -> OVPN server tab, click "Enabled," choose the port (default image), and VPN profile and server certificate. Select Auth and Ciper as shown.

MikroTik - Enable OpenVPN

4) VPN Accounts

In the PPP -> Secrets tab, use "Add new" to add a new user. In this example, we can see how account for Paul might look like. Be sure to choose a strong password, select a service and profile created earlier.

MikroTik - uživatelský účet pro VPN přístup

That's all!!!

Tip: To allow users to access your primary range via VPN, where you have such as smart home, NAS, etc., you still need to make last setting, in Interfaces on "bridge" set in the ARP section - proxy-ARP

MikroTik - Proxy ARP

5) Configuration file

To make it as easy as possible for the users you give access to, create a configuration file, such as VPN.ovpn, where the following data will be available. Replace the orange text with your external address and your certificate contents generated on MikroTik.

client
remote YourPublicIPAddress 1194
auth-user-pass
cipher AES-256-CBC
dev tun
proto tcp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nobody

push "redirect-gateway autolocal def1"
push "redirect-gateway def1"

<ca>
-----BEGIN CERTIFICATE-----
//paste certificate here
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
//paste certificate here
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
//paste certificate here
-----END ENCRYPTED PRIVATE KEY-----
</key>


Send configuration file by email to user and share credentials via mobile phone separately. You can also find how to connect to existing OpenVPN from Android or iOS in this blog.

Hodnotit článek:

5
Average: 5 (1 vote)

Přidat komentář:

Add comment

Best articles

Centrální tablet pro chytrý dům
Wall tablet to controll your smart homeRating: 
100%

Wall tablet or older smartphone is perfectly suited as a central indicator of the state of the home, as well as controlling it. It usually replaces the video doorbell and as example, you can play your favorite music or read recipes on it during cooking in your kitchen. In the article, we describe a functional example of such a "wall" tablet and its settings in so-called kiosk mode so, display doesn't run at night and only reacts when someone is nearby. Centrální tablet nebo starší smartphone se perfektně hodí jako centrální ukazatel informací o stavu v domě a také k jeho ovládání. Zpravidla nahrazuje videovrátného a můžete si na něm pustit například oblíbenou hudbu při vaření nebo číst recepty. V článku popíšeme funkční příklad takového "wall" tabletu a jeho nastavení v tzv. kiosk módu, aby nesvítíl po nocích a reagoval jenom když je někdo poblíž.

Jablotron and smarthome synchronization
Connecting Jablotron with OpenHABRating: 
0%

In this article we will show you how to install Jablotron binding in OpenHAB. This binding helps us to synchronize states from Jablotron alarm to OpenHAB. Typically, you can force to switch off lights, close water pipe and circulation, switch off sockets or whatever you want to do when you leave home and set alarm.

Advanced disk cloningRating: 
0%

The classic disk cloning tool in linux is the dd command. This command creates a image of disk or extracts the contents from the image to disk. The dd tool needs to be handled carefully and you need to understand its use. We'll show a more advanced technique of creating a disc image that contains unallocated space. A classic example is when I have a Raspbian operating system installed on a 250 GB disc, but there's only a tiny boot partition (e.g. sda1) and my own operating system partition (sda2) which together have 15 GB. Instead of saving a 250 GB image, I would like to save only two partitions with 15 GB, so that the image is smaller and can be expanded to 16 or 32 GB flash.

iOS OpenVPN Connection SettingsRating: 
0%

In this article you will find detailed instructions on how to connect to OpenVPN from iOS devices.

Android OpenVPN Connection SettingsRating: 
40%

In this article you will find detailed instructions on how to connect to OpenVPN on Android.

OpenVPN on MikroTik routersRating: 
100%

If you have a smart-home, NAS, etc., it's a good idea to think about safe access to your network when you are not at home. Currently I recommend commercial router like Turris or a cheaper option of MikroTik routers. In the other hand, Raspberry Pi can be used as OpenVPN server too. In this article, we will show how to set up secure access to your home network from the internet using OpenVPN on MikroTik routers.

Video intercom Doorbird in OpenHABRating: 
0%

Native support for OpenHAB is provided by video intercom by Doorbird company. The solution is powered and connected by a UTP cable and has its own IP address to make it easier for you to install at the gate. OpenHAB is then able to import images from the intercom, visit history, manage gate opening on the button and by the phone, do not disturb feature during night, alarm feature etc. In the instructions we guide you how to use OpenHAB with Doorbird D101.

Advanced PIR sensors features in OpenHABRating: 
0%

The HC-SR501 PIR sensor contains mechanical adjustement for detect range and time. But in an intelligent house, we want to be able change time how long the light will be active and change whether the light will be controlled by PIR or not. Below it's shown how to program the PIR sensor to enable this features.

Measure tank level water OpenHAB
Measuring the water volume in reservoirRating: 
100%

In this article, you can find how to solve the measuring the water level in the reservoir (e.g. rainwater reservoir). The values are converted into the volume in liters. This enables you to fill the volume tank when needed or predict any other situations.