Hello ,
I want to start using in my office OpenVPN
I have setup everything in my router and I want to check
I have download
https://openvpn.net/index.php/download/community-downloads.html
than what?
where is the connection?
how do I connect to the router?
can someone help?
when I try to run the shortcut I get this:
why?
in all the site I have visit - it say it should open a popup to enter user\pass\ip
like this:
Thank ,
You need to create config file. It’s a text file and could look like this:
client
dev tun
remote vpn.example.net 1194 tcp-client
persist-key
persist-tun
tls-client
remote-cert-tls server
verify-x509-name vpn.example.net name
verb 3
auth-user-pass
cipher AES-128-CBC
# optional routes:
route 10.0.0.0 255.255.255.0
route 10.0.1.0 255.255.255.0
<cert>
# paste client certificate here (PEM format)
</cert>
<key>
# paste private key here
</key>
<ca>
# paste CA certificate here
</ca>
I don’t exactly remember what all options do (check the manual, there also many others), but this one does work with RouterOS OpenVPN server. Name it something.ovpn and save it to config directory.
this is a start 
but still not working
I have done everthing it said here
https://systemzone.net/mikrotik-openvpn-setup-with-windows-client/
but when I try to run the connection I get :
Sat Sep 29 15:57:23 2018 us=993102 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Options error: On Windows, --ifconfig is required when --dev tun is used
Use --help for more information.
I have also try what it said in the Wiki
then I see a connection is made - but I get this error:
No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
and on the mikrotik I see in the log “duplicate packet , dropping”
any idea why?
So I guess you used their config and not mine? Then add the line with “client” keyword and it should be better.
found the problem
in the config file I have change the first line from
dev tap
to
dev tun
and now it’s connection…
Thanks for your help for now
I will try to see if everything is working now
My router is config likr this :
ehternet - 10.0.0.1/24
openvpn - 172.10.100.254 - pool 172.10.100.50-70
LT2P clients 192.168.1.0/24
when I connect I get IP 172.10.100.70
and I have ping to 10.172.10.254
but not to 192.168.1.0/24 - how do I add this?
something in the config file? or something in the firewall on the router?
I have added this line in the config file
route 192.168.1.0 255.255.255.0
and now I can ping my l2tp cinets
so if I will have more netwroks I would like to get from the router I need to add in the config?
ot is there any way to make my openvpn to be my gateway and only from him I can go out to the internet\ office netwroks ?
Both. All involved devices need correct routes to know where to find each other (see my config for example how to add routes for client). Firewall must allow the communication too. And even devices themselves, if they have own firewall, need to allow access from others (often only a same-subnet access is allowed by default).
OK - I will add to the config file and see
I have 1 more question now (if it’s OK with you :
If you have encrypted private key, it has to ask you for password, otherwise it would not be possible to use the key. Decrypt private key and it won’t ask anymore. I’m not sure if it can be exported directly from RouterOS without password, I didn’t get used to working with certificates in RouterOS yet, so I don’t use it much. Try it. If it protests, you can run the key through openssl:
openssl rsa -in encrypted.key -out decrypted.key
But the client should offer you to save password even for the key. Previously it wasn’t supported on Windows, but they changed to few versions back. I’m not sure, but I think it’s option in installer, if you want this functionality or not.