OpenVPN server on Mikrotik with IOS13 client

Mikrotik OS6.47

Generate a Self-Signed CA certificate

/certificate add key-usage=key-cert-sign,crl-sign trusted=yes
/certificate sign

Generate a certificate for the vpn server (mikrotik router), sign it and trust it.

/certificate add name=ovpn.server common-name=ovpn.server
/certificate sign ovpn.server

/certificate set trusted=yes ovpn.server

Generate a certificate for the vpn client (ipad or phone) and sign it.

/certificate add name=iosvpn.client common-name=iosvpn.client
/certificate sign iosvpn.client

/certificate set trusted=yes iosvpn.client

Export CA certificate

/certificate export-certificate

Export client certificate to pcks12 file type (required for ios)

/certificate export-certificate iosvpn.client export-passphrase=12345678 type=pkcs12

Exported client key pair is now in files with the filename cert_export_iosvpn.client.p12

Import it to OpenVPN connect with iTunes

Content of this file has to be placed at the end of .ovpn config file

.ovpn configuration file for IOS

dev tun                             
proto tcp          #### Mikrotik uses TCP only
remote  ### or IP address
port 1194     ####If you use defult port     
resolv-retry infinite

tun-mtu 1492
mssfix 1400

auth SHA1
verb 5
;comp-lzo  ###(disable compression)
remote-cert-tls server
cipher AES-256-CBC

redirect-gateway def1   ### ios wont work without this
;dhcp-options DNS .




Save as iosclient.ovpn and import to OpenVPN connect on ios

Mikrotik OpenVPM server config





Open TCP port 1194 on firewall

/ip firewall filter add action=accept chain=input comment="allow OpenVPN" disabled=no dst-port=1194 protocol=tcp

Mikrotik – selfsign SSL certificate – ROS 5.25

On Mikrotik terminal:

[admin@MikroTik] /certificate> create-certificate-request 

Fill all data. Country, state, city, mail, domain, organisation…etc.

It will create 2 files:



On linux box:

openssl rsa -in private-key.pem -text > certificate-request2.pem
openssl x509 -req -days 9999 -in certificate-request.pem -signkey certificate-request2.pem -out mikrotik_ssl.crt

Then back on Mikrotik:

/certificate import file-name=mikrotik_ssl.crt
/certificate import file-name=certificate-request2.pem
/ip service set www-ssl certificate=cert1

L2TP + IPsec VPN on Mikrotik router (IOS 10 support)

PPTP is not supported anymore by Apple. In order to connect to your vpn with iPhone or iPad you have to use different protocol.


This is how to do it on Mikrotik router.


1. IP > Addresses

Assign IP addresses for each interface, public on ether1-gateway and private on ether2.

2. IP > Pool

Set range of IP addresses for your remote devices. for example.

3. PPP > Interface – Enable L2TP Server

4. PPP > Profiles  (make one)

5. PPP > Secrets (set user name and password)

6. IP > IPsec > Peers

(make new peer, set secret)

7. IP > IPsec > Proposals


That’s should be all.

Make sure you select MS-CHAP v2 on connecting.

And put your IPsec secret here.

On IOS 10







seo reseller