Mikrotik – Configuring OpenVPN Server + Linux client

Published on Author gryzliLeave a comment

The first thing we must assure is the following:

– We have working configuration on our Mikrotik router (internet access + local network)

– We have generated SSL certfificate/key pair for the OpenVPN server


Import SSL Certificates + Root CA on the router

We can use FTP to upload the following files:

cacert.pem (  Root CA certificate)

openvpn.crt ( The certificate for openvpn serve)

openvpn_key.pem ( The private key )

After we upload the files through FTP (or another preferred method)  we must import them.

1.1 Login to mikrotik web inteface

1.2 Navigate to [System] -> [Certificates]

1.3 Choose “Import” for all of the files

Make dedicated IP pool for the VPN clients

Login to the router, and navigate to the following  menu:

[IP] –> [Pool] –> [Add New] :



Create OpenVPN PPP Profile

Navigate to:

[PPP] –> [Profiles] –> [ Create New]:



Create OpenVPN Client credentials

Navigate to:

[PPP] –> [Secrets] –> [Add New]


 Enable OpenVpn server

Navigate to:

[PPP] –> [OVPN Server]



Linux openvpn client configuration

Make sure to copy “cacert.pem” to the current directory.

If you use the client under Windows OS, you must change the “dev tun1” line to “dev tap


Activate Masquarading on Mikrotik

This step is necessary for us to be able, to access internet through the VPN.

Navigate to: [IP] –> [Firewall] –> [Nat] 

Add srcnat rule, for network: [] with action [masquarading]


OpenVPN Step by step configuration

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha * Time limit is exhausted. Please reload CAPTCHA.