It is easy to configure a Mikrotik router as both OpenVPN Server or Client. However, more configurations are required to route traffic from your client through OVPN server. In another word, you have to configure router OS to send traffic of a client from the OVPN server.
This post contains all the details of how you will connect to the server, you may need to change some settings for your specific server configuration.
Add a PPP Profile in RouterOS
A profile is used to minify Mikrotik commands while allowing you to inherit configurations and change them centrally. Something like global variables in programming languages.
> ppp profile add
This command adds a new OVPN client into RouterOS. This OVPN is named OVPN-client with many configurations. To confirm that the connection is added using the following command.
ppp profile print
This command list all configurations added into the Mikrotik.
Create an OpenVPN interface
Mikrotik/RouterOS uses the interface concept as an input-output resource. So it is too easy to manage routing based on interfaces. OVPN client is another interface and can be used to send or receive packets through it.
> interface ovpn-client add
This command creates a new OVPN client interface in Mikrotik router. User/password properties seem to be mandatory on the client even if the server doesn’t have auth-user-pass-verify enabled. If everything went according to plan you should now be connected. To test the OVPN-Client is connected, use the following command:
interface ovpn-client monitor myvpn
This will print the status of the VPN.
Then we set up a 'mangle' a rule which marks packets coming from the local network and destined for the internet with a mark named vpn_traffic:
ip firewall mangle add