Set up OpenVPN Client in Windows and Mac

In this article, we will show you how to connect your Windows PC to your OpenVPN Server. We have already set up an OpenVPN server in this article.

IMPORTANT: The date on the router must be within the range of the installed certificates valid period. To prevent certificate verification issues, enable NTP synchronization on both the server and the client.

Here's a small video explaining the process:


First, download the OpenVPN Connect Client, officially maintained by OpenVPN.

After you download the client, you need to prepare all these files in a folder:

  • the CA certificate (.crt)
  • the Client certificate (.crt)
  • the Client certificate key (.key)
  • the configuration file (.ovpn)
  • a file, named secret, containing the VPN username and password

Log in to your Mikrotik CHR via Webfig, and then go to System > Certificates. We'll export the Client certificate first by right-clicking it and select Export.
Certificate window


Enter a passphrase of your choice and click on "Export". You will get a key file with your Client certificate. 
Exporting the Client certificate with passphrase

RouterOS Command:

[admin@MikroTik] >  /certificate export-certificate CLIENT1 export-passphrase=12345678


Then export the CA certificate without a passphrase.
Then export the CA certificate without a passphrase.

RouterOS Command:

 [admin@MikroTik] >  /certificate export-certificate LMTCA export-passphrase=""


Click on Files. You will see the exported certificates and keys in the root directory. Download them by dragging them to a folder.
Downloading the certificates

Then we need to create the secret file. In a text editor enter your VPN username on the first line and the password on the second line. Save it as secret.

Example secret file:

BGOcloud VPN


The last file we need to create is the OpenVPN configuration. In a text editor paste this example configuration, change the values according to your OpenVPN Server configuration and save it.

Example .OVPN configuration file:

dev tun
proto tcp-client
remote IP address of your Mikrotik CHR
port 1194
remote-cert-tls server
ca LMTCA.crt #CA certificate file
cert CLIENT1.crt #CLIENT certificate file
key  CLIENT1.key #CLIENT certificate key
verb 4
mute 10
cipher AES-256-CBC
data-ciphers AES-256-CBC
auth SHA1
auth-user-pass secret #File with user/password for VPN
;redirect-gateway def1 #remove semicolon for full redirect


Put all the needed files in a folder and start the OpenVPN Connect client. Click on FILE and drag the .ovpn configuration file to it.
Dragging the .ovpn conf file


Then confirm that everything is correct. You can choose to save the Private Key Password if you plan to connect to the server automatically. Then click on “Connect” to test your connection.
OpenVPN Connect configuration window


Enter the private key password.

OpenVPN Private Key entering


And that’s it. Now you have a secure VPN connection to your network. To make it even more secure, remove the semicolon from the redirect-gateway line in your .ovpn file and reimport the profile.

auth SHA1
auth-user-pass secret #File with user/password for VPN
redirect-gateway def1 #remove semicolon for full redirect

You can later access and control it from the icon at the taskbar.
Windows OpenVPN Icon

Check our powerful Mikrotik Cloud Hosted routers here:

Get hosting solutions with easy-to-use control panel. Choose from variety of services at low prices.

Get Started!
icon knowledge

Related Articles

MikroTik CHR: Setup Secure VPN access between client and server using OpenVPN

In this article, we will show you how to set up secure VPN access to your server using VPN. We...

How to: Changing Password In Your OpenVPN Access Server

You’ve completed the installation of your BGOcloud OpenVPN Access Server? Well then, you can now...

How to: Connecting iPhone IOS to OpenVPN Access Server

Apart from delivering the best hosting solutions and OpenVPN servers, we at BGOcloud aim at...

How To: Connecting Android phones to OpenVPN Access Server

No matter what operating system or device you work with, we have an OpenVPN Server solution for...