OpenVPN server on Mikrotik with IOS13 client

Mikrotik OS6.47

Generate a Self-Signed CA certificate

/certificate add key-usage=key-cert-sign,crl-sign trusted=yes
/certificate sign

Generate a certificate for the vpn server (mikrotik router), sign it and trust it.

/certificate add name=ovpn.server common-name=ovpn.server
/certificate sign ovpn.server

/certificate set trusted=yes ovpn.server

Generate a certificate for the vpn client (ipad or phone) and sign it.

/certificate add name=iosvpn.client common-name=iosvpn.client
/certificate sign iosvpn.client

/certificate set trusted=yes iosvpn.client

Export CA certificate

/certificate export-certificate

Export client certificate to pcks12 file type (required for ios)

/certificate export-certificate iosvpn.client export-passphrase=12345678 type=pkcs12

Exported client key pair is now in files with the filename cert_export_iosvpn.client.p12

Import it to OpenVPN connect with iTunes

Content of this file has to be placed at the end of .ovpn config file

.ovpn configuration file for IOS

dev tun                             
proto tcp          #### Mikrotik uses TCP only
remote  ### or IP address
port 1194     ####If you use defult port     
resolv-retry infinite

tun-mtu 1492
mssfix 1400

auth SHA1
verb 5
;comp-lzo  ###(disable compression)
remote-cert-tls server
cipher AES-256-CBC

redirect-gateway def1   ### ios wont work without this
;dhcp-options DNS .




Save as iosclient.ovpn and import to OpenVPN connect on ios

Mikrotik OpenVPM server config





Open TCP port 1194 on firewall

/ip firewall filter add action=accept chain=input comment="allow OpenVPN" disabled=no dst-port=1194 protocol=tcp

Leave a Reply

Your email address will not be published. Required fields are marked *

Posted by: lesorsier on

Tags: , , , , , , ,

seo reseller