OpenVPN server on Mikrotik with IOS13 client

Mikrotik OS6.47

Generate a Self-Signed CA certificate

/certificate add name=mt.ca common-name=mt.ca key-usage=key-cert-sign,crl-sign trusted=yes
/certificate sign mt.ca

Generate a certificate for the vpn server (mikrotik router), sign it and trust it.

/certificate add name=ovpn.server common-name=ovpn.server
/certificate sign ovpn.server ca=mt.ca

/certificate set trusted=yes ovpn.server

Generate a certificate for the vpn client (ipad or phone) and sign it.

/certificate add name=iosvpn.client common-name=iosvpn.client
/certificate sign iosvpn.client ca=mt.ca

/certificate set trusted=yes iosvpn.client

Export CA certificate

/certificate export-certificate mt.ca

Export client certificate to pcks12 file type (required for ios)

/certificate export-certificate iosvpn.client export-passphrase=12345678 type=pkcs12

Exported client key pair is now in files with the filename cert_export_iosvpn.client.p12

Import it to OpenVPN connect with iTunes

cert_export_mt.ca.crt

Content of this file has to be placed at the end of .ovpn config file

.ovpn configuration file for IOS

client
dev tun                             
proto tcp          #### Mikrotik uses TCP only
remote mynetname.net  ### or IP address
port 1194     ####If you use defult port     
resolv-retry infinite
nobind
persist-key
persist-tun

tun-mtu 1492
mssfix 1400

auth SHA1
auth-user-pass
verb 5
;comp-lzo  ###(disable compression)
remote-cert-tls server
cipher AES-256-CBC

redirect-gateway def1   ### ios wont work without this
;remote-gateway 192.168.6.1
;dhcp-options DNS .8.8.8.8

;route 192.168.6.0 255.255.255.0 192.168.6.1


<ca>
-----BEGIN CERTIFICATE-----

### CONTENT OF mt.ca.crt FILE ###
 
-----END CERTIFICATE-----
</ca>

Save as iosclient.ovpn and import to OpenVPN connect on ios

Mikrotik OpenVPM server config

/ip/pool

/ppp/profile

/ppp/secrets

/ppp

Open TCP port 1194 on firewall

/ip firewall filter add action=accept chain=input comment="allow OpenVPN" disabled=no dst-port=1194 protocol=tcp

2 Comments so far:

  1. Para mim não funcionou. Aliás, onde vai o certificado cliente no arquivo de configuração? Não consigo importar o certificado no OpenVpn client

  2. I tried your guide but I get transport error on “hostname”: NETWORK_EOF_ERROR
    Any suggestions?

Leave a Reply

Your email address will not be published. Required fields are marked *

Posted by: lesorsier on

Tags: , , , , , , ,

seo reseller