MikroTik OpenVPN (OVPN) Server and Windows client

Written by - May 12, 2025

Create a dedicated VPN Bridge

Assign an IP and VPN Pool

IP > Address

IP > Pool

Generate Certificates

CA Cert

Server Certificate

Sign the Certificate

Sign the CA first

Sign the Client using the CA

Sign the Server using the CA

Set the Server Certificate to Trusted

Eport the Certificates

Export The CA

Export the Client (using PSK – important)

client
dev tun
remote <server public ip> 1194 tcp
tun-mtu 1500
tls-client
nobind
user nobody
group nogroup
ping 15
ping-restart 45
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass
connect-retry 1
reneg-sec 3600
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
MIIC6DCCAdCgAwIBAgIIZ4i70RZvvR8wDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
AwwHb3Blbi1jYTAeFw0yNTA1MTIwNTQ5MzRaFw0zNTA1MTAwNTQ5MzRaMBIxEDAO
BgNVBAMMB29wZW4tY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc
/1upBMBMZa7RHVYLcTod1e0lW+1g0GLhaflCxErqnBpLZOHadTAzyiv3MOQpnuEk
4egDXUNVKb2ynCdYyw8+QRU2njrmehLWjIEPUoJ8YcrRiwWVGq+FvRevxYIB5cW9
OJnzDgmmEacTVdQymUjxKjbgDp33bleBiLAPAOrCxa7KFRY+PF+nB8T1fuzU3BZa
urxrbIteCKTL+sa0dTUBg4gDbcZMcTOenzuMmh+Cyj7H8W9McpwG/YU1T/UA05Cq
uHwGcWC8u4MWPtarI8GmOuMDfu8xJ2v+g1fuMF9ADMPPK8Dq5mCiDYGoDJbmiOe5
Rsq/N9FZqgOX38WEeCTxAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgK0MB0GA1UdDgQWBBTbe6AJpR++A9iLMfbS2rpwp2MIBzANBgkqhkiG
9w0BAQsFAAOCAQEA065lf1POIk1K10eFZSMky+O5BEuX5ePvT/e9UqRFZP5djpLS
OVxXfoAIluCSEvc5zE27OtoD71TkLROGqm8+MFPr3Dk+zjwafUk5k8TqWGAIufSW
CTHGZtVGX6h3CekaQrcRGGSTosJnfAcX1xCrQa/6ABK9J/JOr12ELLgUbT2/dnRB
G6UjGirOZDpbtHiAHqVGEXRNAn+j1EQxvosxRb3PPFjXUOSIEUT/q/i1GWP9QIm1
4OSZ66aUiRtNqYlWgty65U1YDke7TfHp5gZFYPlQvN5emhprap8XnG3BRQIe9CSB
DrLR6MSUy5zgFo13Hu061E36tw+5qicgGWUZMg==
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDATCCAemgAwIBAgIIK86pmk+h260wDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UE
AwwHb3Blbi1jYTAeFw0yNTA1MTIwNTUwMjJaFw0zNTA1MTAwNTUwMjJaMBYxFDAS
BgNVBAMMC292cG4tY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnq5fLUjVjf7YM2uFemuNwwiLD0mbIscLqx1Azn6t07e5IxBhDgpIK1De04ZO
T25VY9a2qKkNzPM01oeLKx5XCWjQAuC4aV6K5z3Qa96XYIIG5kYc8Ve3a/7rd4Xm
U0GTxcdJ4RC9bGkj0eE8mfdWLohZd01V7tl/j/xJkAgX2PeaGIlYhc4NLI8N0dJf
JS4PsNfMXfZ14mdlcV94Y7OgAReIAzgavZY5nTb9yO9Bt2s3cXvsNiyYDCd7dd0K
PAQjV/yhseinlYbqvqHqVl2Zo0LjATVTomWV3eUZaN6Nbfn+wHTIv/r0+ZAS5Fmj
GmH3zOGekzyVcqzxsbIkeG8oXQIDAQABo1cwVTATBgNVHSUEDDAKBggrBgEFBQcD
AjAdBgNVHQ4EFgQULJrfUCJT+ZZssUV+OAdsNHnJUQ4wHwYDVR0jBBgwFoAU23ug
CaUfvgPYizH20tq6cKdjCAcwDQYJKoZIhvcNAQELBQADggEBABOYdXrCgijCtEiE
a6VWIDy1FMga4lADMMi5NxzkL9SQ7Bpm8yta1IzIC+eXqf/oFD65JMlhg7VO+EKM
u1OvY49JeybtAQxemvJbjWs9Faf64r+9GlbKWvR5q+V8klQSZD+jLefp9QR7IvpI
WIMCokRc6OIr1ktwqODpnULHd4naU5pz6qxy+DuYBU7PcKoAHOX4Ew8QrMHZ0iK6
cQI40MsVe5exGnd3ciiGMgxXfoslNVxEpuGDWr7AeL0fNuwEaw2MF2q46W99jX9s
2LXdNXEJi/Gc7sjgJa3u0X1Yr8YkQoDZaW3PSiYo3tCxl6uUvDiRyHw97B0Er9oN
oVCnruI=
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFNTBfBgkqhkiG9w0BBQ0wUjAxBgkqhkiG9w0BBQwwJAQQ3ZMko6zNnbROmqaU
F9zcYgICJxAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEENGB8WT9q2dcisqp
54NNv28EggTQFAf8DqEYq3Ho/3m1mfTOt31Xer+Y7OBww26LR4V/5sTGHptK7Ogy
iIyrDztxxfuInkuhN/VBOG0CR+syOHr3S5cxV4nV0lFE3D5BaZq0w5eK0xgZWxnA
obSCT6M3RZdo7Az9ti6aHkAqgBUifC3yHx7W2rktQZRMucGwHanaR/swxRr0w0et
Aq/9gtyTVeOnZKijOrVUxntpxMCzrJnKTpRfV01/pMNqoFVHVkJhWHIAAQAfdIRo
b98IccQw2/v/eXekpYdodZhBHqFfkVRyb0Qk4kvRHS/grJcZ/duTsSPTBeSCuh28
az72yB5lJP9vOB+MEMQeFni6jP2w9NRw+ZGY5QL4269gobBTOLfLJ4CGd81ttYX8
uBcSrdiOQ+R5U90qJryqesVuFx1Z9j7JiWZ070z3L5CTE/n2K2nJnGixgMbknMmu
JU53JfrCIoVxM8npgPbEFA5zC0KGy8xSbH+w0+u5lgV91mITOpEsdwXWV+rJTKLf
B03AjycuxMtpC785WsEtU4+MB2qmTXtsxr1jBJgjuFM9bN8Hi31aKWX3Xry+fckV
HcRzIOgCtfaF93fpo5Xz5rFQt7b+M3Jy6o2NASkfJek7MmjesM3awLXNHUsCQPJE
AJDRU+93MArsV8hN2J9f6jo3y8YL49yPNcwTrNuALCfS03HKsa5OyYXE8c45RgIh
x7NdrQOB7ra3EL73VrTh+Y5MQOkekUZPaeeFR8wfyHyVYZxUjCBYoqIohHV3VrLz
I4SVPV5JEx1rMjLtrLh/yjx6hgF/ukIk8Fhdjk7Ce3rl5d/W2vsszmtvsK0l24Mx
8/9ue0AO8LLlLFjb7NLqwczTZmNdYWxKvKV0aKkdg02Y9GsZkynEBtgFWS0tIMFr
NqfDahkYDiYA9QGiLLFnv8T6qpyl+rhcLCupdsjSldkuWiJ8xNECXgj4Dro0EEDe
KbcEU5f+TEh4B6CfFoAdmvx6XT4OkNzXDyR6iucvOhGql3uKscDkm4bZh5nj14HH
XH2GtN5Br0So1FtkcMVkGqyYEqg5ICKwNrd4fju3avtjbcmoNcevDLoSu18J4zDT
t0rIvolNbU4svyuPGqJWswhXm/eIMRxQhFmHPOIBtMg4+PSm/RG1SfX9o7vsn0cv
4A6WQZ4pb0uUw+Pxg0IsEVSjSGqg/wJc1JYG9uxPY1OW62a0313MVbAZ3RQjxwLP
x6FhBlqLZJGP14ej7TlKV0YJKb4pVCC1Bc47lh3lUq3rpQKwUfif6Rb4/BPNxJGW
rL3Z3AKhhuGXQdZhgP/4P22UCQJXH2Fe0l3RPIUZkj2ProON89nSu8Kl5O9UbpKH
x2W2NlKD1q3EvgOcxwSDwemjvPTadvdSYmK33Dmqh2cvv/ME4h3bceCCC+0Plio3
j/dEyM//PFjSCu0e/3zqfHGrlHQgXVsrbcmnorUdO+WMXi8vsS0H8S3tEf12bXWW
ovQXrJ2D+9CjxhV5P4AsJ7fts32jaHFdTJlagVHs57A7VIppJ/ae5x/gEf2JP98v
9Xn5Qa5GPQ6N01iWWhXoSf/5EPgTwh4ic2n/wdWp01kU4r+mntKg6EhxZYaIP7NC
MgCtJFRS8mwKvOInZW3t54yDtJPk7xnY0pFjuOwzhY5R5+nBhEGk6YY=
-----END ENCRYPTED PRIVATE KEY-----
</key>

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *


Ask a question
Ask a question