How to setup VPN on Windows, Linux, macOS, iOS, Android

OpenVPN is a powerful and flexible open-source VPN protocol supported by MikroTik devices. Its key advantages are the highest level of security (thanks to the use of certificates and robust encryption, e.g., AES-256) and cross-platform compatibility (works on virtually any device via client applications). However, it is important to note that configuring OpenVPN on MikroTik requires more effort compared to PPTP or L2TP due to the need for certificate and configuration file management, and it may create a higher load on the router's CPU. We recommend this protocol for tasks where confidentiality and bypassing complex blocks are critical (thanks to the ability to set up connections using port 443, which masks traffic as HTTPS).

Go to the Files and click Browse, select and upload the OpenVPN configuration file. The configuration files are archived and can be downloaded from your personal area on the securevpn.pro. You can upload any configuration file, which will be needed later to extract the certificate.

Go to System - Certificates and click Import.

Specify any name, select the uploaded certificate and click Import.

As a result, we will receive 2 certificates. You need to remember the Name and Common Name of the KT certificate.

Go to Interfaces, open tab Interface, click on Add new and select OVPN Client.

Fill in the fields as follows:

Connect To - the connection server, the list of servers can be found in readme.txt in the subscription archive
Port - specify 443 for connection port
User - specify Common Name from step 5. You can also get the subscription name from readme.txt, which is archived with a subscription
Certificate - specify Name from step 5
Auth - specify sha1
Cipher - specify aes256
Add default route - automatic route addition, enable the checkbox

Click Apply and make sure that the status of connection is "connected".
If the connection is not established, try to specify a different connection server, or use another protocol (L2TP or PPTP).

Go to IP - Firewall, open NAT tab, click Add New.

In the Out. Interface field specify the OpenVPN interface created in step 7. Select masquerade in the Action field, then click OK (for convenience, the other options are not shown in the screenshot).

If your Internet connection type is PPPoE, go to the Interfaces tab and click on the interface line with the PPPoE Client type.

Set the Default Route Distance to 10 and click OK.

If your Internet connection type is IPoE, go to the IP -> Routes. At the top of the route list we see two routes with Dst. Address 0.0.0.0/0. The first route for our VPN traffic is inactive, as indicated by the absence of the letter A in the DS string. You also need to make sure that in the Gateway field for this route is specified "reacheble". The second route is standard, and it is active, as indicated by the letter A in the DAS line. In order for our traffic to go through the VPN, we need to lower the priority of the standard route by setting its Distance to 10. To do this, you need to remember the address of the gateway specified in the Gateway. In the screenshot, the gateway address is 192.168.1.1, it may be different for you. Next, click on the Add New button.

In the Gateway field specify the gateway address from the previous step, in the Distance set 10 and click OK.

We see that in the route table have two identical routes with different Distance fields. Now delete a route with Distance 1 by clicking on “–” button. Now all traffic goes through the VPN tunnel and this completes the setup.

To top

Setting up OpenVPN on MirkoTik

Registration

Support and Feedback