I would like to configure an OpenVPN server on RouterOS with the following characteristics:
Listen on both IPv4 and IPv6 for incoming client connections;
Listen on both UDP 1194 and TCP 443 ports
And push the following setup to clients:
Run in ethernet (tap) mode (layer 2);
Assign one static public IPv4 address per client (the server has its own /24 public IPv4 prefix);
Assign one static IPv6 address (or subnet, doesn’t matter) per client (the server has its own /48 public IPv6 prefix);
Push configuration options: DNSv6 server, DNS server, push block-outside-dns redirect gateway and redirect IPv6 gateway.
How can this be achieved? I am familiar with the general setup of OpenVPN (build CA, build server certificate, client certificates, enble OVPN server) but i’d like to know how to make the assignments of IP addresses to clients, and to make sure client_x gets IPv4_x and IPv6_x (/prefix).
Is there a tutorial anywhere about this? If not, this topic might become a good one.
Listen on both IPv4 and IPv6 for incoming client connections;
Listen on both UDP 1194 and TCP 443 ports
And push the following setup to clients:
Run in ethernet (tap) mode (layer 2);
Assign one static public IPv4 address per client (the server has its own /24 public IPv4 prefix);
Assign one static IPv6 address (or subnet, doesn’t matter) per client (the server has its own /48 public IPv6 prefix);
Push configuration options: DNSv6 server, DNS server, push block-outside-dns redirect gateway and redirect IPv6 gateway.
As far as I know if you enable the OpenVPN server it can only listen to one port you specify. It should list for the incoming connection on IPv4 and IPv6 as long as the firewall allows it.
For the customer setup:
Under PPP > Profiles you can set the OpenVPN default profile to use. In this provide you can add a IPv4 and IPv6 pool that will be used for when the client connects.
For the push configuration options you’ll most likely have to look at an addition script on the MikroTik that will write these settings. You can try the script on up option on the PPP > Profile to see if that will work.
thank you for the answers, and ack Ovpn in RouterOS can be only TCP.
I have been playing with the last 2 days with it but can’t get it working. I mean , it can make it connect, but it does not redirect gateways and internet is not accessible.
redirect-gateway def1
redirect-gateway ipv6
don’t work.
I also don’t quite understand, I have tried 2 possibilities:
a) set the directives in client .ovpn config file using ifconfig and ifconfig-ipv6 as well as route and route-ipv6 and route-gateway
b) set them in RouterOS under PPP → Secrets → user profile, service ovpn, where I have username and password I also selected local address, remote address and remove ipv6 prefix to be the ones that I want to assign to this client.