OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
tornado21
OpenVpn Newbie
Posts: 4
Joined: Fri Sep 10, 2021 8:13 am

OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Post by tornado21 » Tue Jun 07, 2022 2:36 pm

Hello all!
I am using OpenVPN on Ubuntu 20 for devices that are behind Mikrotik router. See below diagram.
Image

OpenVPN Server configuration is below.
Server Config

port 1194
proto udp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
# topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "redirect-gateway def1 bypass-dhcp"
dh dh.pem
#tls-auth tls-auth.key 0
crl-verify crl.pem
ca ca.crt
cert server_xcVehZegEHjE22An.crt
key server_xcVehZegEHjE22An.key
auth SHA256
cipher AES-256-CBC
ncp-ciphers AES-256-CBC
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
client-config-dir /etc/openvpn/ccd
status /var/log/openvpn/status.log
verb 3


I have setup connection using OVPN profile (parsed by Mikrotik).
Client config

client
proto udp
explicit-exit-notify
remote FQDN 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
verify-x509-name server_xcVehZegEHjE22An name
auth SHA256
auth-nocache
cipher AES-256-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns # Prevent Windows 10 DNS leak
verb 3


Client successfully connected to Server, but not showing any IP address.
Image

I can ping Server 10.8.0.1 from Client and ICMP packets generate traffic.
Image

Log shows connection from Client to Server is established
SERVER LOG (--verb 3):

Code: Select all

OpenVPN CLIENT LIST
Updated,Tue Jun  7 14:45:53 2022
Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
tv,white-IP:33003,240395,240306,Tue Jun  7 13:49:42 2022
ROUTING TABLE
Virtual Address,Common Name,Real Address,Last Ref
10.8.0.6,tv,white-IP:33003,Tue Jun  7 14:45:52 2022
GLOBAL STATS
Max bcast/mcast queue length,1
END
But nothing happens when I try to use device behind Mikrotik router.
Does anyone have successfully implemented such solution with OpenVPN and Mikrotik?

nefton
OpenVpn Newbie
Posts: 1
Joined: Fri Jul 22, 2022 12:43 am

Re: OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Post by nefton » Fri Jul 22, 2022 12:45 am

Do microtick support UDP?
also this line may not work properly I think
push "redirect-gateway def1 bypass-dhcp"

better to write all routes manualy on mickrotic, but after you got IP from a server ofc

herberthalmeida
OpenVpn Newbie
Posts: 1
Joined: Sun Jan 29, 2023 7:12 pm

Re: OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Post by herberthalmeida » Sun Jan 29, 2023 7:14 pm

Olá,
tbm preciso usar a uma RB nateada apontando prum servidor linux OPENVPN. Alguem já fez isso?

RobinHoodDotNetwork
OpenVpn Newbie
Posts: 2
Joined: Thu Jul 13, 2023 6:20 am

Re: OpenVPN on Ubuntu + Mikrotik as Client for devices behind it

Post by RobinHoodDotNetwork » Thu Jul 13, 2023 6:39 am

In order for the Internet through VPN to start on the Mikrotik router OpenVPN client, you need to do at least two things on the router:
If you use Winbox
1. in the settings of the ovpn-out2 interface, check Add Default Route
2. in the Mikrotik firewall change the interface on which you mask the private network.
If this does not work, additional information will be needed.
Nikolay Petrov

Post Reply