Well made guide. Only one thing that's missing: 1) If you assign the same IP address to remote VPN client as on LAN, you have to enable proxy-arp on your LAN's L3 interface. Otherwise it won't be able to receive direct ARP broadcasts and you won't be able to access anything.
Yes good point. Someone here commented earlier that he faced this issue and I told him to do so. it was sorted out later by enabling proxy-arp on LAN interface. Thanks for sharing this.
Thank you very much for sharing this video! I would like to know the proper config for a TAP connection instead of the usual TUN one. Thank you very much for any help. Regards Enzo
Hi I did successfully run all of this, connection is made and well done but why i cant remote desktop to another computer? do you think this is related to my firewall rules? should i make exemption to port and remote IP address?
@@TechieLAB thank you very much for this turorial and for your response as well. 1 more question around how many users can cater if I use hap lite model?
Hello friend, thanks for this excellent material, I would like to ask you a question, I need my win 10 client to go to the internet through the public IP of the server and not through my internal network, how can I do a redirection gateway?
@@elieserrojas9517 I’ve solved this problem, my internet traffic now routes through my VPN although both WiFi an VPN adapters are having internet access, but then I encountered another one, I can’t access Disney plus login page even though my public ip has changed. I’m trying to wrap my big head around this issue now.
@@valonivlonee6427 As I understand it, did you manage to NAT so that your clients traffic goes out through your public IP of your VPN server? When you check your public IP on your computer, do you have the public IP of your VPN server? did you work it on your OVPN file or did you have to make changes to the router? About the login in disney plus it could be due to many things, try to create another type of vpn and see if the same thing happens to you so that you rule out that it is not due to some type of website security
Use different NAT for internal network and VPN server user. If you have 192.168.1.0/24 block in the same VPN server Router, you can break it down to /25 in NATTing only. So two logical blocks will go with different public IP. If that is your case.
So is the only way to create a working certificate to have a Public Static WAN IP address? What if I am behind ISP's NAT? Can I use something else? What about Mikrotik Cloud DDNS address? Lets say for my example I can reach my MT by Cloud DDNS and ISP is willing to setup port forwarding to my MT on their public IP. Can I use the ISP's natted address? Hope you understand.
Hi and thank you for your video. Unfortunately the config file did not work for me and I get a error : Options error: Unrecognized option or missing or extra parameter(s) in client1.ovpn:1: ÿþc (2.4.8) Also I need to use ip phones (Yealink T21e) to connect to PBX and to make the connections secure Yealink only supports ovpn. Can you please provide instructions on how I can configure mikrotik ovpn work with the phone. In this scenario ovpn config file should be packed in a tar file and uploaded to the phone and afterwards the phone should initiate the ovpn connection.
@@TechieLAB Hi, my email address is mahpayma@gmail.com also about the issue I explained I am talking about IP Phone (for voip). the model is Yealink T21e and I need help on creating vpn setup and config. The IP phone should dial to openvpn server.
Thank you the video , and i did as your video . but it can't work on my side . because i have no ipv4 public add but ipv6 . I set the server in my synology NAS and it work good . I don't know why it can't work on Router OS . Can you tell me that this ovpn can work with ipv6 on Router Os? thank you !
Hello bro, the VPN is working , but how could you include the default gateway? for example once the vpn is connected it is not sending all traffic to my router.
My laptop is running on Windows 7 and all i seem to be able to download is Openvpn Connect where you have to drag and drop the ovpn file into it which then gives me an error incorrect profile configeration Error Message ca.crt, client.crt, sectret
I would like to create a Vpn that i can use 2 mikrotik routers and connect with TAP instead with TUN so my multicast stream can go across , i that possible with mikotik ? thanks in advance
Hi mate. Could you send the openvpn file config? I have the client connects, and shortly I can ping the Mikrotik,, but then OpenVPN disconnects and I get duplicate packet error on Mikrotik.
@@TechieLAB I made it working. Thanks for the awesome guide. I've noticed I can only reach that one particular LAN network. I suppose manual static routes over the openvpn interface can be added to the openvpn file. And thanks for answering :)
I did everything that you taught,but not worked here. It is giving an error of negotiation of TLS. See : Sat May 30 21:20:35 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat May 30 21:20:35 2020 TLS Error: TLS handshake failed Sat May 30 21:20:35 2020 Fatal TLS error (check_tls_errors_co), restarting 21:21:25 echo: ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
I made settings according to the video and does not pass the password in the secret.txt file, the user only logs in with the certificate password. Why is this happening? thanks for listening.
Hi! Great tutorial! Can you sendme the config file? Also, what's your opinion, it's better to do a certificate for each user? For security reasons and custom valid period. Thanks!
Hi Bro. Great video, thank you. one question, when i connect to the vpn i can ping the gateway (192.168.1.1) but i cannot ping/access anything else on the remote network. Is there another setting i must adjust in the firewall to allow access to the rest of the network?
@@TechieLAB Thanx for your quick reply. i have changed it to proxy-arp but not able to ping other connected pcs once vpn is connected. only able to connect the router. I will keep trying.
@@damianwallace8761 You're welcome. I didn't find this problem. Need to check on internet if anyone else faces the same issue. If I find anything, I will let you know.
Hi @@TechieLAB and others. I have figured the issue out. If you are also unable to connect to the other PCs on the Lan. Step 1: as techlie Lab mentioned to me change the bridge interface (or lan interface) to proxy-arp then in the filter rules : add action=accept chain=forward comment="Test OVPN filter rule" in-interface=all-ppp out-interface=bridge1 Thanx again techie LAB !! :)
As i was configuring ovpn in my router and i was connected through pppoe user name and password, while using my remote ip, it always get changed and need to change my config to, how do i solve this and i couldn't connect to ovpn because it get stock and go forward what is actually the problem,i am unable to encounter it can u suggest some solution
Hi, Share your Email address. or you can find my email on about section on youtube. You can send mail and in reply I will send the text file of client.ovpn
@@TechieLAB aaaabed1411@gmail.com also I have 4 defferent subnets 192.168.130.0/24 - 192.168.60.0/24 - 192.168.1.0/24 - 192.168.50.0/24 the vpn client will take IP from the pool 192.168.50.2-255 so he will be able to reach 192.168.50.0/24 . what about the other subnets. Is there any rule the allows the client to reach the remaning subnets
my email is andymanyalaobala@gmail.com. i would suggest putting the files here since it will be cumbersome if new viewers have to keep requesting it via mail.
need hepl please Tue Jun 16 10:23:26 2020 us=301943 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Options error: --auth-user-pass requires --pull Use --help for more information. What is wrong?
I used the link to generate the ovpn file but I can't connect. I searched for solutions on different forums but in vain. Can you give me an idea how to solve it? Help please! MANAGEMENT: >STATE:1596214053,TCP_CONNECT,,,,,, TCP: connect to [AF_INET]__.__.__.__:1194 failed: Unknown error
For OpenVPN Client Template, download from the post: techielab.us/openvpn-configuration-in-mikrotik-router/
Thanks
Well made guide. Only one thing that's missing:
1) If you assign the same IP address to remote VPN client as on LAN, you have to enable proxy-arp on your LAN's L3 interface. Otherwise it won't be able to receive direct ARP broadcasts and you won't be able to access anything.
Yes good point. Someone here commented earlier that he faced this issue and I told him to do so. it was sorted out later by enabling proxy-arp on LAN interface. Thanks for sharing this.
Thank you so much Mr Techie, i ve tried this withs many sites but you you gave all necéssally details .
You are most welcome
EXCELLENT VIDEO, ONLY LEFT THE CONFIGURATION FILE AND SCRIPT
Thanks. Share your email address. I will send it.
@@TechieLAB can you send me this file?
Hi! Excelent video. Helped me a lot. I was just wondering why you did not make client certificate trusted? Thx for the answer.
Thank you so much for the tutorial! I tried to watch other tutorial before and only you can get the OVPN server working Tysm!!
Oh thanks. Very glad to hear it.
I am getting dco connect error: The semaphore timeout period has expired. (errno=121)
Thank you very much. This is very helpful. How can i connect my mobile phone to open vpn server now?
I didn't make any video but you can find it on youtube.
What method prefered for remote users in small companie? Your opinion, thanks.
I prefer L2TP with IPSec as it gives more security. But the easiest is PPTP and I used it too for my remote Engr.
Thank you very much for sharing this video!
I would like to know the proper config for a TAP connection instead of the usual TUN one.
Thank you very much for any help.
Regards
Enzo
Hi I did successfully run all of this, connection is made and well done but why i cant remote desktop to another computer? do you think this is related to my firewall rules? should i make exemption to port and remote IP address?
Dear techie Lab, I'd like to ask what model of Mikrotik you used for this setup? Thank you in advance
For LAB I use virtualbox image for mikrotik and worked on GNS3. In Production network I use CCR1036 for this setup.
@@TechieLAB can this be accomplished on mikrotik haplite model?
@@akhiakhiboy3444 Yes you can but with limited user. If you have large number of user then you have to think of high grade router.
@@TechieLAB thank you very much for this turorial and for your response as well. 1 more question around how many users can cater if I use hap lite model?
May I ask for the template as well? Pls send on my email. Thank you Email: lunezamarvin@gmail.com
how to use SSTP VPN to make troubleshoothing of services network of my infraestruture remotely
Can you teach me how to spilt tunnel routing config on open VPN
Requirement
When client connect vpn but using browser like youtube
It's advanced tutorial. I will see if I can make one this tutorial.
Thank you so much, i like your way breaking down steps.
kindly share template file
Please share your email.
Hello friend, thanks for this excellent material, I would like to ask you a question, I need my win 10 client to go to the internet through the public IP of the server and not through my internal network, how can I do a redirection gateway?
did you ever get this issue sorted, I'm stuck with this?
@@valonivlonee6427 Hello, unfortunately I have not been able to solve it, I have even searched for it in forums but I am still in the same
@@elieserrojas9517 I’ve solved this problem, my internet traffic now routes through my VPN although both WiFi an VPN adapters are having internet access, but then I encountered another one, I can’t access Disney plus login page even though my public ip has changed. I’m trying to wrap my big head around this issue now.
@@valonivlonee6427 As I understand it, did you manage to NAT so that your clients traffic goes out through your public IP of your VPN server?
When you check your public IP on your computer, do you have the public IP of your VPN server?
did you work it on your OVPN file or did you have to make changes to the router?
About the login in disney plus it could be due to many things, try to create another type of vpn and see if the same thing happens to you so that you rule out that it is not due to some type of website security
Use different NAT for internal network and VPN server user. If you have 192.168.1.0/24 block in the same VPN server Router, you can break it down to /25 in NATTing only. So two logical blocks will go with different public IP. If that is your case.
Woow, this is what i was looking for!! Thanks
Glad I could help! Thanks
So is the only way to create a working certificate to have a Public Static WAN IP address? What if I am behind ISP's NAT? Can I use something else? What about Mikrotik Cloud DDNS address? Lets say for my example I can reach my MT by Cloud DDNS and ISP is willing to setup port forwarding to my MT on their public IP. Can I use the ISP's natted address? Hope you understand.
hi. did you get this resolved? I'm unable to connect using the ddns address, since my isp public wan keeps changing
Thank you for sharing your knowledge. I didn't find any client model for mobile. Could you help me?
Thanks for sharing.
Thanks a lot it was working
You're most welcome.
Hi and thank you for your video.
Unfortunately the config file did not work for me and I get a error :
Options error: Unrecognized option or missing or extra parameter(s) in client1.ovpn:1: ÿþc (2.4.8)
Also I need to use ip phones (Yealink T21e) to connect to PBX and to make the connections secure Yealink only supports ovpn. Can you please provide instructions on how I can configure mikrotik ovpn work with the phone.
In this scenario ovpn config file should be packed in a tar file and uploaded to the phone and afterwards the phone should initiate the ovpn connection.
Give me your mail address. I will send client.ovpn file. Amd I didn't check with mobile phone yet. I will see that.
@@TechieLAB Hi, my email address is mahpayma@gmail.com
also about the issue I explained I am talking about IP Phone (for voip). the model is Yealink T21e and I need help on creating vpn setup and config.
The IP phone should dial to openvpn server.
Thank you the video , and i did as your video . but it can't work on my side . because i have no ipv4 public add but ipv6 . I set the server in my synology NAS and it work good . I don't know why it can't work on Router OS . Can you tell me that this ovpn can work with ipv6 on Router Os? thank you !
Hello bro, the VPN is working , but how could you include the default gateway? for example once the vpn is connected it is not sending all traffic to my router.
My laptop is running on Windows 7 and all i seem to be able to download is Openvpn Connect where you have to drag and drop the ovpn file into it which then gives me an error incorrect profile configeration Error Message ca.crt, client.crt, sectret
SIR QUESTION, can i connect to the router even if i am under a cgnat?
Hi, I would like to connect my mikrotik through API using OVPN, any help please
Thanks for your explanation
How can we use openvpn in mikrotik for get free internet from 3g sim
Not possible. Mobile operator will cut from your balance as per usage.
i hve issued openvpn mikrotik with android user. if connected. after 1 minutes always disconnected.
I would like to create a Vpn that i can use 2 mikrotik routers and connect with TAP instead with TUN so my multicast stream can go across , i that possible with mikotik ? thanks in advance
Hi mate. Could you send the openvpn file config? I have the client connects, and shortly I can ping the Mikrotik,, but then OpenVPN disconnects and I get duplicate packet error on Mikrotik.
Yes sure. Pls share your mail address. Or you can check my email address on about section. Say hi and I will send the file.
@@TechieLAB I made it working. Thanks for the awesome guide. I've noticed I can only reach that one particular LAN network. I suppose manual static routes over the openvpn interface can be added to the openvpn file. And thanks for answering :)
I did everything that you taught,but not worked here. It is giving an error of negotiation of TLS. See :
Sat May 30 21:20:35 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sat May 30 21:20:35 2020 TLS Error: TLS handshake failed
Sat May 30 21:20:35 2020 Fatal TLS error (check_tls_errors_co), restarting
21:21:25 echo: ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
Please follow it again. May be you missed something
Thnaks for the video!! My problem is that i am getting a warning message that "Your certificate has expired!" Any suggestions???
What does CRL (Like CRL Sign or CA CRL Host) mean in Open VPN server?
I followed the steps but have no internet connection when connected to ovpn. Is this my mistake?
I made settings according to the video and does not pass the password in the secret.txt file, the user only logs in with the certificate password. Why is this happening?
thanks for listening.
i need .ovpn configuration. you have a video explain ?
Share your mail address
Hi! Great tutorial! Can you sendme the config file? Also, what's your opinion, it's better to do a certificate for each user? For security reasons and custom valid period. Thanks!
It is okay to keep the certificate for all user. You can share your mail address. I will send the file. Thanks!
Hi, can you send me the config file please ? iuliannania@gmail.com
Hi Bro. Great video, thank you. one question, when i connect to the vpn i can ping the gateway (192.168.1.1) but i cannot ping/access anything else on the remote network. Is there another setting i must adjust in the firewall to allow access to the rest of the network?
You can set proxy-arp on your LAN interface and check if you can ping to your other PC on LAN.
@@TechieLAB Thanx for your quick reply. i have changed it to proxy-arp but not able to ping other connected pcs once vpn is connected. only able to connect the router. I will keep trying.
@@damianwallace8761 You're welcome. I didn't find this problem. Need to check on internet if anyone else faces the same issue. If I find anything, I will let you know.
Hi @@TechieLAB and others. I have figured the issue out. If you are also unable to connect to the other PCs on the Lan. Step 1: as techlie Lab mentioned to me change the bridge interface (or lan interface) to proxy-arp then in the filter rules : add action=accept chain=forward comment="Test OVPN filter rule" in-interface=all-ppp out-interface=bridge1
Thanx again techie LAB !! :)
Great bro. Thanks for sharing your troubleshoot. I am sure it will help others to sort out this problem.
in the "CA CRL Host" i need to create one Address for ovpn or i need to use my public ip?
As i was configuring ovpn in my router and i was connected through pppoe user name and password, while using my remote ip, it always get changed and need to change my config to, how do i solve this and i couldn't connect to ovpn because it get stock and go forward what is actually the problem,i am unable to encounter it can u suggest some solution
How to make it authenticate using the radius server? I already have the radius server ready. thanks!
Hi techie LAB, If I have dynamic public IP I can use the same configuration you use? only changing WAN IP Address for a Domain Name? Please your help.
Dynamic IP is difficult to maintain with such configuration.
Certificates are not needed if you authenticate via radius, right?
Hello, is posible to send text file with configuration client.ovpn ? Thank you very much. Great videos.
Hi, Share your Email address. or you can find my email on about section on youtube. You can send mail and in reply I will send the text file of client.ovpn
@@TechieLAB
also can you ask for the full config? only the part shown in the film mail: gucioit @ gmail.com
Thanks
Could You please share interface setup
Hi I am getting connection reset error when trying to connect
Please share the text file, glad to help
Download template from here: techielab.us/openvpn-configuration-in-mikrotik-router/
Hello Bro. It was a really great explanation in simple steps. But I did not find the template file to continue the setup.
Thanks bro. Send me your email address. I will send the template file.
@@TechieLAB aaaabed1411@gmail.com
also I have 4 defferent subnets 192.168.130.0/24 - 192.168.60.0/24 - 192.168.1.0/24 - 192.168.50.0/24
the vpn client will take IP from the pool 192.168.50.2-255 so he will be able to reach 192.168.50.0/24 . what about the other subnets. Is there any rule the allows the client to reach the remaning subnets
aaaabed1411 in gmail
I found the way by pushing the rout in the client file and I tried to connect from the phone as well. it was working great. thank you
@@aaaabed1411 Great. Well I have sent your config template. Please check
while connecting to client side i am getting some tls error...can you please help me...
Follow this techielab.us/openvpn-configuration-in-mikrotik-router/
Do you mind sending text file with configuration client .ovpn? Thank you in advance.
Please share your email address.
@@TechieLAB ctech481@gmail.com
Sir how to add another second ovpn client
Great video. I would like the config template client .ovpn for Mikrotik please. Thx
Thanks. Share your email address
Will it work without Public IP?also on a pppoe interface?
No, you need public IP for OpenVPN server.
Hi, can you send text file with configuration client .ovpn? Thank you ver much.
genaro_rosales_19@hotmail.com
hi, I have sent the file in your mail. Please check. Thanks
Can you please send me a copy of the .ovpn config file? thank you
Please share your email
why do i need 3 certificated?
How in Apple MACOS ?
Sorry mate. I don't use MAC OS to help you with this. But you can check this video: th-cam.com/video/j2ZMLFMsq3c/w-d-xo.html
thanks for the video. please share the template.
my email is andymanyalaobala@gmail.com. i would suggest putting the files here since it will be cumbersome if new viewers have to keep requesting it via mail.
Thanks for your suggestion. I have kept it in my blog post. Please download from there.
techielab.us/openvpn-configuration-in-mikrotik-router/
we need explained mikrotik hotspot client isolate private LAN from Hotspot users
Do you need separate LAN for hotspot user and LAN user?
@@TechieLAB yes sir
@@MD5HA Okay I will try to upload a video on hotspot soon.
@@TechieLAB Thank you so much
Can I get templates? Also have you made it work with a yealink phone?
I can send you template if you share your email. I am not sure about yealink.
Great video, thanks would also like the config template client .ovpn for Mikrotik please. Thx
Thanks. Please share your email address.
Hi there! Can you please send me the sample client.ovpn too!? Thank you in advance! Great video!
Thanks, sure. Share your mail address.
thanks for this great content, may i have the config files
Hi guys, you can use this site to generate client .ovpn file: ovpnconfig.com.br
Hello, is posible to send text file with configuration client.ovpn? Thanks for this video.
Please share your email address
Great video, thanks! Can you send me the configuration files. Great appreciated.
Thanks. Share your email address
Good.day sir can you share config for this one ? Thank you so much
Sure. Please share your email
Can you plase send text file with configuration.
Share your mail address pls.
Hello and thanks!
Can I talk to u by email for an issue?
Sure. You can send email.
@@TechieLAB many BIGGEST Thanks! I Sent ;-)
need hepl please
Tue Jun 16 10:23:26 2020 us=301943 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Options error: --auth-user-pass requires --pull
Use --help for more information.
What is wrong?
Hello, can you please share the .ovpn file? Thanks in advance!
Please share your mail address.
hi can you send me the text file ?
For OpenVPN Client Template, download from the post: techielab.us/openvpn-configuration-in-mikrotik-router/
Hi, can you send text file with configuration client .ovpn? Thank you and great video!
use this site to generate your client .ovpn ovpnconfig.com.br
I used the link to generate the ovpn file but I can't connect. I searched for solutions on different forums but in vain. Can you give me an idea how to solve it? Help please!
MANAGEMENT: >STATE:1596214053,TCP_CONNECT,,,,,,
TCP: connect to [AF_INET]__.__.__.__:1194 failed: Unknown error
@@popdms send the entire log to me: deyvissonbrenoveras@gmail.com
@@breno2519 I sent you mail, thanks!
hey where is notpad ++ file
i need it
Share your email. I will send
can you please share the .ovpn file
Yes sure. Share your email. I will send
hi, can i have the .ovpn txt file please. Thanks
Yes sure. Share your email.
Good video - can you share client.open file
thx
Please share your email
Hey Thanks for video. Can you please send me the sample client.ovpn too!? Thank you in advance! Great video!
Yes sure. Share your email. Thanks
Hi there can you also send me the text file please?
Yes sure. Share your email
pl;ease share th etext file ireally need it
Share your email address.
please send me file config template thank you
Share your mail address.
Bro i need .ovpn templet file
Sure. Share your email. I will send
TCP/UDP closet 😢😢😢help me
share template file please
In Android
OpenVPN server and duplicate packets
ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropp
ing
Please share your email.
Hi, can you send text file with configuration client .ovpn? Thank you ver much.
Sent
Hi, can you send text file with configuration client .ovpn? Thank you and great video!
Hi, can you send text file with configuration client .ovpn? Thank you ver much.
netbus@seznam.cz
Okay I have sent it. Please check.
Hi, can you send text file with configuration client .ovpn? Thank you very much.
Hi, please share your email
Hi, can you send text file with configuration client .ovpn? Thank you very much
Yes sure. Share your email
Hi, can you send text file with configuration client .ovpn? Thank you very much
Yes sure. Share your email.
Hi, can you send text file with configuration client .ovpn? Thank you very much.
Thanks. Share your email address