Setting up an OpenVPN tunnel between RUT and Mikrotik device

Содержание

OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities.

This guide provides a configuration example with details on how to configure OpenVPN connection between MikroTik and RUTxxx routers. The server will be MikroTik device and the client will be our RUTxxx router.

Prerequisites

  • One RUTxxx router of any type
  • One Mikrotik router (this configuration example was created using Mikrotik rb750gr3)
  • Server must have a Public Static or Public Dynamic IP address
  • At least one end device (PC, Laptop) to configure the routers
  • WinBox application

Configuration scheme

Networking rutxxx configuration example ovpn mikrotik topology v1.png

Server (Mikrotik) configuration

Connect to MikroTik by using WinBox application and press New Terminal.

Networking rutxxx configuration example l2tp ipsec mikrotik 1 v1.jpg

Now create certificates by using these commands (these will be valid for 10 years):

Created certificates will need signing, use these commands:

Now you need to export those certificates:

Now go to Files and export those certificates by simply dragging them to your desktop.

Networking rutxxx configuration example ovpn mikrotik 1 v2.jpg

Networking rutxxx configuration example ovpn mikrotik 2 v1.jpg

Now go back to Terminal and create a separate pool of IP addresses for clients by using this command:

Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, create a bit more secure user/password:

Adjust firewall by using this command:

Now enable OpenVPN server interface:

Client (RUTxxx) configuration

Access RUTxxx WebUI and go to Service VPN OpenVPN. There create a new configuration by selecting role Client, writing New configuration name and pressing Add New button. It should appear after a few seconds. Then press Edit.

Networking rutxxx configuration example ovpn mikrotik 3 v1.jpg

Then apply the following configuration.

Networking rutxxx configuration example ovpn mikrotik 4 v1.jpg

  1. Enable Instance.
  2. Select Protocol (TCP).
  3. Select Authentication (TLS/Password).
  4. Select Encryption (AES-128-CBC 128).
  5. Write Remote host/IP address (MikroTik public IP address).
  6. Write Keep alive (10 120).
  7. Write Remote network IP address (192.168.8.0).
  8. Write Remote network IP netmask (255.255.255.0).
  9. Write User name and Password which you created on Mikrotik (you created it by using this command: secret add name=user profile=vpn-profile password=password).
  10. Upload Certificate authority, Client certificate, Client key (use those exported files).
  11. Write Private key decryption password (you created it by using this command: export-certificate client-certificate export-passphrase=12345678).
  12. Press Save.

Testing configuration

Go to Status Routes and in the Active IP Routes table you should see these two new routes.

Networking rutxxx configuration example ovpn mikrotik 5 v1.jpg

Try to ping the remote VPN endpoint via CLI or SSH using this command:


Источник: wiki.teltonika-networks.com