Mikrotik SSL VPN-Server

This guide describes how to make a Mikrotik as a OpenVPN server with Certificates. This guide is meant for create a VPN-server for different Roadwarriors klients – in this case clients are Westermo Lynx Switch

The hardware used for this is :

Mikrotik CRS125-24g-1s 

Westermo Lynx 

The Westermo Lynx have the option of beeing the initializing part of the VPN tunnel, which means as soon as the Switch is online – it’ll try to connect to the VPN server. ( this is beeing testet for Marine usage )

For this usage the firmware revision is

Mikrotik :            6.42.2
Westermo:         4.21.1

We start by creating a standard Router for the Mikrotik – which there are several guide on the internet for these setups.  My Though regarding this setup:

Mikrotik Network:                                                                                   10.0.0.1/8
DHCP for local klients                                                                            10.0.0.2 – 10.0.0.50

Since we’ll have to connect many VPN clients – my thoughts for making this work is based on these ideas:
Main                Shipping                   Vessel
10           .        XXX             .           XXX    .     Same /24subnet on each vessel
Therefor each Shipping has their own Subrange  – along with each vessel are indicated as seperate subnet. Actually it means each shipping can have max 254 vessels unless we’ll attach another subnet – and it’ll have 254 more IP’s