OpenVPN is a software that allows you to create secure point-to-point or site-to-site connections using the SSL/TLS protocol. OpenVPN can run over UDP or TCP ports, and can be configured to work with various platforms, such as Windows, Linux, or MikroTik RouterOS.
Winbox is a graphical user interface (GUI) tool that allows you to configure and manage MikroTik routers. Winbox can connect to the router using the MAC address, IP address, or hostname, and can perform most of the tasks that are available in the RouterOS CLI.
To set up OpenVPN from Winbox, you need to have a MikroTik router with RouterOS installed, and a Windows PC with Winbox and OpenVPN client software installed. You also need to have a valid certificate and key pair for the OpenVPN server and client, and a static IP address or a dynamic DNS service for the server.
The following steps are a general overview of the process, and you may need to adjust them according to your specific needs and preferences.
- On the MikroTik router, log in to RouterOS using Winbox and go to IP > Addresses. Add a new address for the OpenVPN interface, such as 10.0.0.1/24, and assign it to the ovpn-server interface.
- Go to IP > DNS and put DNS servers IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.
- Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Choose srcnat from Chain dropdown menu and put ovpn-server in Out. Interface input field. Choose masquerade from Action dropdown menu and click on Apply and OK button.
- Go to IP > Routes and click on PLUS SIGN (+). Put 0.0.0.0/0 in Dst. Address input field and choose your WAN interface from Gateway dropdown menu. Click on Apply and OK button.
- Go to PPP > Interface and click on PLUS SIGN (+). Choose ovpn-server from the list and click on OK button. A new OVPN server interface will be created.
- Double click on the OVPN server interface and click on the Server tab. Check the Enabled checkbox and put your server certificate and key in the Certificate and Key input fields. Choose the port, mode, and protocol for the OpenVPN server, such as 1194, ip, and udp. Put the IP address range for the clients in the Default Profile input field, such as 10.0.0.2-10.0.0.254. Click on Apply and OK button.
- Go to PPP > Secrets and click on PLUS SIGN (+). Put a name and password for the OpenVPN client in the Name and Password input fields. Choose ovpn from the Service dropdown menu and put the client certificate and key in the Certificate and Key input fields. Click on Apply and OK button.
- On the Windows PC, download and install the OpenVPN client software from the official website. Copy the client certificate, key, and CA certificate to the OpenVPN config folder, usually located at C:\Program Files\OpenVPN\config.
- Create a new text file in the OpenVPN config folder and name it as client.ovpn. Edit the file with a text editor and put the following lines, replacing the values with your own:
client
dev tun
proto udp
remote <server IP or hostname> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
remote-cert-tls server
cipher AES-256-CBC
verb 3
- Save and close the file. Right-click on the OpenVPN GUI icon in the system tray and choose Connect. Enter your username and password when prompted. You should see a message saying that the connection is successful.
- To verify the connection, you can ping the OpenVPN server IP address from the client, or vice versa. You can also check the IP address and route table of the client and the server using the
ipconfig
androute print
commands in the Windows command prompt.
These are some of the steps you can follow to set up OpenVPN from Winbox, and you may find other options that suit your needs and preferences better. You should always do some