Hello, I'm impressed and very excited about the container release in RouterOS 7.5. For a long time I dream transfer my openvpn clients to the wifi-router. Enjoy simple guide if you want
<REMOVED>
Why it was removed? I'm looking for something similar as Mikrotik OpenVPN as a client still does not support TLS auth<REMOVED>
If the remote server I'm connecting to had used Wireguard, I would surely use it. But it is about MT connecting as a client to a remote OpenVPN server, and I do not have any alternative methods available.However I recommend you to use wireguard which is natively supported
Hey, buddy. Hope you find this useful. This is copy of README from my githubIf the remote server I'm connecting to had used Wireguard, I would surely use it. But it is about MT connecting as a client to a remote OpenVPN server, and I do not have any alternative methods available.However I recommend you to use wireguard which is natively supported
FROM alpine:3.16
RUN apk update && \
apk upgrade && \
apk add --no-cache openvpn iptables && \
rm -rf /var/cache/apk
COPY ./entry.sh /root/
COPY ./config.ovpn /root/
COPY ./config.pass /root/
RUN chmod +x /root/entry.sh
ENTRYPOINT /root/entry.sh
#!/bin/sh
set -x
/usr/sbin/openvpn --config /root/config.ovpn &
until ip l sh tap0 >/dev/null 2>&1; do sleep 1; done
sysctl -w net.ipv4.ip_forward=1
/sbin/iptables -t nat -A POSTROUTING -o tap0 -j MASQUERADE
/sbin/iptables -A FORWARD -i tap0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o tap0 -j ACCEPT
while sleep 50; do
t=$(ping -c 10 service.home.internal.net | grep -o -E '[0-9]+ packets r' | grep -o -E '[0-9]+')
if [ "$t" -eq 0 ]; then
pkill -f openvpn
/usr/sbin/openvpn --config /root/config.ovpn &
fi
done
UsageRouterOS 7.5 or newer
arm, arm64 or x86 cpu
10 MB disk space (internal NAND storage)
docker buildx build --no-cache --platform linux/arm/v7 -t ovpn-container .
docker save ovpn-container > ovpn-container.tar
arch router cpu
linux/arm/v7 ARM
linux/arm64 ARM64
linux/amd64 x86
/interface/bridge/add name=dockers
/interface/veth/add address=192.168.121.2/24 gateway=192.168.121.1 name=veth1
/interface/bridge/port/add bridge=dockers interface=veth1
/interface/list/member/add interface=dockers list=LAN
/ip/address/add address=192.168.121.1/24 interface=dockers network=192.168.121.0
/ip/firewall/nat/add action=masquerade chain=srcnat src-address-list=192.168.121.0/24
/routing/table/add disabled=no fib name=homeNetwork
/ip/route/add disabled=no distance=1 dst-address=172.16.0.0/12 gateway=192.168.121.2 \
pref-src=0.0.0.0 routing-table=homeNetwork scope=30 suppress-hw-offload=no \
target-scope=1
/routing/rule/add action=lookup disabled=no dst-address=172.16.0.0/12 table=homeNetwork
/container/add file=ovpn-container.tar interface=veth1 dns=192.168.121.1 logging=yes
/container/start 0