In this article, I suggest you a solution with openvpn on the mikrotik router to connect to your work network from outside the office.
Create a simple VPN server with Mikrotik ( L2TP/IPSec )
Mikrotik openvpn, Creating SSL certificate for openvpn server and client.
Generate Certificate
Go to "System" > "Certificates", The following steps will show how to create CA certificate in mikrotik.
Click on Key Usage tab and uncheck all checkboxes except crl. sign and key cert. sign.
Put MikroTik Router's WAN IP address in CA CRL Host input field : 123.25.70.1.
Your sign certificate will be created within few seconds.
Create server certificate
Now we will create server certificate. The following steps will show how to create server certificate in mikrotik.
Click on Key Usage tab and uncheck all checkboxes except digital signature, key encipherment and tls server.
Click on sign button, select CA certificate from CA drop-down menu.
Create client certificate
Now we will create client certificate, the following steps will show how to create client certificate in mikrotik.
Click on Key Usage tab and uncheck all checkboxes except tls client.
Click on sign button, select CA certificate from CA drop-down menu.
Export and download your certificate
Now we will export CA and Client certificates so that OpenVPN client can use this certificate.
Click on your CA certificate and then click on Export button from right button panel. Choose your CA certificate from Certificate dropdown menu. Click on Export button now. Your CA certificate will be exported.
Click on Export button from right button panel and choose your client certificate from Certificate dropdown menu. Put a password in Export Passphrase input field. The password must be at least 8 characters and this password has to provide when OpenVPN client will be connected.
Drag and Drop these three files in a folder on your Desktop.
We will use these files when OpenVPN client will be configured.
Setup OpenVpn Server
Now we will configure openvpn server in mikrotik router.
Go to "PPP" > "Interface" > "OVPN Server". Click on Enabled checkbox. From Certificate dropdown menu, choose server certificate that we created before.
Also click on Require Client Certificate checkbox. From Auth. Panel, uncheck all checkboxes except sha1. From Cipher panel, uncheck all checkboxes except aes 256.
Create VPN User
Now we will create openvpn user who will be connected to the server.
Go to "PPP" > "Secrets". Choose ovpn from Service dropdown menu. Put the gateway IP in Local Address input field, and put a LAN IP that will be assigned in client workstation when this user will be connected, in Remote Address input field.
Enable proxy arp on the LAN interface
The following steps will show how to enable proxy-arp on the LAN interface.
choose proxy-arp from ARP dropdown menu. MikroTik OpenVPN Server is now completely ready to accept OpenVPN client. So we will now configure openvpn client in Windows operating system.
Install OpenVPN Client on user device
Go to openvpn.net and download openvpn client software.
After downloading, install openvpn client in your operating system. Installation process is as simple as installing other software in Windows operating system.
Now copy your ca and client certificates and client key files into config directory.
Create a file with the extension ovpn with the content as under. You can copy the sample code here:
dev tun
proto tcp-client
remote 123.25.70.1
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
ca ca.crt
cert client.crt
key client.key
verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret
auth-nocache
Here, change remote IP Address according to your MikroTik WAN IP : 123.25.70.1, save the file with the extension ovpn (openvpn.ovpn).
Create another file named secret without any extension, and put OpenVPN PPP username at first line and password in second line and then save this file.
Now run OpenVPN client software, You will find a new icon in your Taskbar or System tray like under. Click mouse right button on this icon and then click Connect option.
OpenVPN Connection window will appear and it will ask to put your client certificate password that you have entered at the time of client certificate exportation.
To check your configuration, do a ping request to any remote network workstation.
Facebook: https://www.facebook.com/routerbest
Twitter: https://twitter.com/routerbestcom
