This guide describes how to make a Mikrotik as a OpenVPN server with Certificates. This guide is meant for create a VPN-server for different Roadwarriors klients – in this case clients are Westermo Lynx Switch
The hardware used for this is :
Mikrotik CRS125-24g-1s
Westermo Lynx
The Westermo Lynx have the option of beeing the initializing part of the VPN tunnel, which means as soon as the Switch is online – it’ll try to connect to the VPN server. ( this is beeing testet for Marine usage )
For this usage the firmware revision is
Mikrotik : 6.42.2
Westermo: 4.21.1
We start by creating a standard Router for the Mikrotik – which there are several guide on the internet for these setups. My Though regarding this setup:
Mikrotik Network: 10.0.0.1/8
DHCP for local klients 10.0.0.2 – 10.0.0.50
Since we’ll have to connect many VPN clients – my thoughts for making this work is based on these ideas:
Main Shipping Vessel
10 . XXX . XXX . Same /24subnet on each vessel
Therefor each Shipping has their own Subrange – along with each vessel are indicated as seperate subnet. Actually it means each shipping can have max 254 vessels unless we’ll attach another subnet – and it’ll have 254 more IP’s