Command line usage in both Linux and Windows will be required. We will be setting up the VPN server, creating VPN client files, setting up VPN routing, and configuring the remote site's router to use the VPN server.
To troubleshoot you can go to OpenVPN server and run the following command to see logs related to OpenVPN: docker logs -f Īny errors encountered during connection will be displayed here.Part two of this tutorial is a bit more in depth than part one. If everything went well your VPN should be connected. However, they are mandatory and cannot be left blank.
The username and password can be anything it doesn’t really matter. The IP address/hostname of the server needs to be entered in the “Connect To” field. Go to “Dial Out” tab and set the following properties: Go to PPP -> Interface and add a new “OVPN Client” interface. Similarly import mikrotik1.crt and mikrotik1.key (passphrase will not be required for importing these). The passphrase for CA will also have to be entered. Go to System -> Certificates and import ca.crt: Open Mikrotik router using Winbox and drag and drop these files: var/lib/docker/volumes/ovpn-data/_data/pki/private var/lib/docker/volumes/ovpn-data/_data/pki/issued var/lib/docker/volumes/ovpn-data/_data/pki
Go to OpenVPN server’s volume mountpoint and download these three files to your local computer: ca.crt Mikrotik Client SetupĬopy certificates and keys from OpenVPN server to Mikrotik router. With this configuration the client mikrotik1 will always get the static IP 192.168.255.10 upon connection. Setup static IP for client (optional): echo "ifconfig-push 192.168.255.10 255.255.255.0" | docker run -v $OVPN_DATA:/etc/openvpn -i -rm kylemanna/openvpn tee /etc/openvpn/ccd/mikrotik1 their key will not be password protected). The nopass option is for adding a password-less client (i.e. The CA’s passphrase would also need to be entered. This will generate the certificate and key for client named mikrotik1. Initialize the Docker container: docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/tcp -cap-add=NET_ADMIN kylemanna/openvpnĬlient Setup: docker run -v $OVPN_DATA:/etc/openvpn -log-driver=none -rm -it kylemanna/openvpn easyrsa build-client-full mikrotik1 nopass # Rely on Docker to do port mapping, internally always 1194 The complete OpenVPN file is given below for reference: server 192.168.255.0 255.255.255.0
Modify the OpenVPN server configurations as follows:Ĭomment the tls-auth line: #tls-auth /etc/openvpn/pki/ta.keyįor allowing multiple clients to use the same certificate and key (optional): duplicate-cnĬomment the comp-lzo directive: #comp-lzo noĬomment all the push configurations: #push "block-outside-dns" Navigate to this folder: cd /var/lib/docker/volumes/ovpn-data/_data This command will provide the actual location of OpenVPN volume’s files as the “Mountpoint” parameter. Press Enter through all the prompts.Īdjust OpenVPN server configurations: docker volume inspect ovpn-data