First, i tried to setup the OpenVPN client but i can’t get that to work! I uploaded the .crt and .key file to the file manager inside the router and then via ssh tried to import these files. The .crt file went just fine and was imported however the key file will not get imported!
[admin@MikroTik] > certificate import file-name=tls.key
passphrase: ********
certificates-imported: 0
private-keys-imported: 0
files-imported: 0
decryption-failures: 0
keys-with-no-certificate: 0
Im not sure what to type for passphrase, however no matter if typing anything or not. Private-keys is still 0. I want to use OpenVPN as first choice but for now i set up PPTP instead just for testing. Been reading trough a guide and got the client up and running and routing the connection to every client in the LAN. I’ve checked “whats my ip” and the clients are getting behind the VPN, so far so good.
How do i select which clients to get behind the VPN? I don’t want every client to get behind. Instead i want to choose which ones, bot client connect via wifi and wired clients. Is it possible and what are my options to do this? Guess there are several methods but i don’t know any of them! Any help here would be appreciated! Also, if anyone can tell me howto get the OpenVPN client to work it would be great!
Maybe found out the routing myself..
I can create 2 different IP pools, the default one and use for example xxx.xxx.xxx.100-200 and then one for VPN lets say 201-254 and then point which client to which IP pools under Leases on the DHCP server tab?
Well, question for OpenVPN still needs an answer 
On your certificate key - the password is likely blank. (just press enter)
I’m not sure I understand what you are asking about the VPN.
Are you setting up tunnel to another site, and you want some to access the tunnel and other not?
Or are you using a tunnel as an internet connection?
I want the router to connect to a VPN provider with the VPN client and then route the connection to the LAN but not all clients.
I have a standard dhcp ip pool from xxx.10 to xxx.199 and then an ip pool for vpn connected client starting from xxx.200.
Then in firewall/mangle i’ve set mark routing, prerouting on src.adress 200-254. This will make all clients getting an ip up to 199 and not connected to the vpn (as it starts at 200) and under leases in dhcp manager i point out a specific Mac Adress to get ip adress from the “vpn pool”. The client then gets anything from 200 to 254 and will be included in the prerouting and behind the vpn service.
It works, tried it. Is it a correct method?
About the cert/key it doesn’t matter if i type any passphrase or not when importing the key, the key don’t get imported, dunno what to do. Therefore i stick with the pptp encrypt for now but i want to use openvpn instead!
EDIT: I also read a many guides to point out a different dns server fot the vpn connection but i can’t get that to work either. The clients connected behind the vpn just gets the router ip and isp, howto get this to work?