Setting up OpenVPN on MirkoTik

Log in to the router's web interface. The password can be found on the sticker that comes with the router.

Go to the Files and click Browse, select and upload the OpenVPN configuration file. The configuration files are archived and can be downloaded from your personal area on the securevpn.pro. You can upload any configuration file, which will be needed later to extract the certificate.

Go to System - Certificates and click Import.

Specify any name, select the uploaded certificate and click Import.

As a result, we will receive 2 certificates. You need to remember the Name and Common Name of the KT certificate.

Go to Interfaces, open tab Interface, click on Add new and select OVPN Client.

Fill in the fields as follows:

• Connect To - the connection server, the list of servers can be found in readme.txt in the subscription archive
• Port - specify 443 for connection port
• User - specify Common Name from step 5. You can also get the subscription name from readme.txt, which is archived with a subscription
• Certificate - specify Name from step 5
• Auth - specify sha1
• Cipher - specify aes256
• Add default route - automatic route addition, enable the checkbox

Click Apply and make sure that the status of connection is "connected".
If the connection is not established, try to specify a different connection server, or use another protocol (L2TP or PPTP).

Go to IP - Firewall, open NAT tab, click Add New.

In the Out. Interface field specify the OpenVPN interface created in step 7. Select masquerade in the Action field, then click OK (for convenience, the other options are not shown in the screenshot).

If your Internet connection type is PPPoE, go to the Interfaces tab and click on the interface line with the PPPoE Client type.

Set the Default Route Distance to 10 and click OK.

If your Internet connection type is IPoE, go to the IP -> Routes. At the top of the route list we see two routes with Dst. Address 0.0.0.0/0. The first route for our VPN traffic is inactive, as indicated by the absence of the letter A in the DS string. You also need to make sure that in the Gateway field for this route is specified "reacheble". The second route is standard, and it is active, as indicated by the letter A in the DAS line. In order for our traffic to go through the VPN, we need to lower the priority of the standard route by setting its Distance to 10. To do this, you need to remember the address of the gateway specified in the Gateway. In the screenshot, the gateway address is 192.168.1.1, it may be different for you. Next, click on the Add New button.

In the Gateway field specify the gateway address from the previous step, in the Distance set 10 and click OK.

We see that in the route table have two identical routes with different Distance fields. Now delete a route with Distance 1 by clicking on “–” button. Now all traffic goes through the VPN tunnel and this completes the setup.