Docs Home
routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros
routeros.OvpnServer
Explore with Pulumi AI
routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros
# routeros.OvpnServer (Resource)
This resource requires a minimum version of RouterOS 7.8!
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as routeros from "@pulumi/routeros";
const ovpn_pool = new routeros.IpPool("ovpn-pool", {ranges: ["192.168.77.2-192.168.77.254"]});
const ovpnCa = new routeros.SystemCertificate("ovpnCa", {
commonName: "OpenVPN Root CA",
keySize: "prime256v1",
keyUsages: [
"key-cert-sign",
"crl-sign",
],
trusted: true,
signs: [{}],
});
const ovpnServerCrt = new routeros.SystemCertificate("ovpnServerCrt", {
commonName: "Mikrotik OpenVPN",
keySize: "prime256v1",
keyUsages: [
"digital-signature",
"key-encipherment",
"tls-server",
],
signs: [{
ca: ovpnCa.name,
}],
});
const testPppProfile = new routeros.PppProfile("testPppProfile", {
localAddress: "192.168.77.1",
remoteAddress: "ovpn-pool",
useUpnp: "no",
});
const testPppSecret = new routeros.PppSecret("testPppSecret", {
password: "123",
profile: testPppProfile.name,
});
const server = new routeros.OvpnServer("server", {
enabled: true,
certificate: ovpnServerCrt.name,
auths: [
"sha256",
"sha512",
],
tlsVersion: "only-1.2",
defaultProfile: testPppProfile.name,
});
// The resource should be created only after the OpenVPN server is enabled!
const user1 = new routeros.InterfaceOvpnServer("user1", {user: "user1"}, {
dependsOn: [server],
});
import pulumi
import pulumi_routeros as routeros
ovpn_pool = routeros.IpPool("ovpn-pool", ranges=["192.168.77.2-192.168.77.254"])
ovpn_ca = routeros.SystemCertificate("ovpnCa",
common_name="OpenVPN Root CA",
key_size="prime256v1",
key_usages=[
"key-cert-sign",
"crl-sign",
],
trusted=True,
signs=[{}])
ovpn_server_crt = routeros.SystemCertificate("ovpnServerCrt",
common_name="Mikrotik OpenVPN",
key_size="prime256v1",
key_usages=[
"digital-signature",
"key-encipherment",
"tls-server",
],
signs=[{
"ca": ovpn_ca.name,
}])
test_ppp_profile = routeros.PppProfile("testPppProfile",
local_address="192.168.77.1",
remote_address="ovpn-pool",
use_upnp="no")
test_ppp_secret = routeros.PppSecret("testPppSecret",
password="123",
profile=test_ppp_profile.name)
server = routeros.OvpnServer("server",
enabled=True,
certificate=ovpn_server_crt.name,
auths=[
"sha256",
"sha512",
],
tls_version="only-1.2",
default_profile=test_ppp_profile.name)
# The resource should be created only after the OpenVPN server is enabled!
user1 = routeros.InterfaceOvpnServer("user1", user="user1",
opts = pulumi.ResourceOptions(depends_on=[server]))
package main
import (
"github.com/pulumi/pulumi-terraform-provider/sdks/go/routeros/routeros"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := routeros.NewIpPool(ctx, "ovpn-pool", &routeros.IpPoolArgs{
Ranges: pulumi.StringArray{
pulumi.String("192.168.77.2-192.168.77.254"),
},
})
if err != nil {
return err
}
ovpnCa, err := routeros.NewSystemCertificate(ctx, "ovpnCa", &routeros.SystemCertificateArgs{
CommonName: pulumi.String("OpenVPN Root CA"),
KeySize: pulumi.String("prime256v1"),
KeyUsages: pulumi.StringArray{
pulumi.String("key-cert-sign"),
pulumi.String("crl-sign"),
},
Trusted: pulumi.Bool(true),
Signs: routeros.SystemCertificateSignArray{
&routeros.SystemCertificateSignArgs{},
},
})
if err != nil {
return err
}
ovpnServerCrt, err := routeros.NewSystemCertificate(ctx, "ovpnServerCrt", &routeros.SystemCertificateArgs{
CommonName: pulumi.String("Mikrotik OpenVPN"),
KeySize: pulumi.String("prime256v1"),
KeyUsages: pulumi.StringArray{
pulumi.String("digital-signature"),
pulumi.String("key-encipherment"),
pulumi.String("tls-server"),
},
Signs: routeros.SystemCertificateSignArray{
&routeros.SystemCertificateSignArgs{
Ca: ovpnCa.Name,
},
},
})
if err != nil {
return err
}
testPppProfile, err := routeros.NewPppProfile(ctx, "testPppProfile", &routeros.PppProfileArgs{
LocalAddress: pulumi.String("192.168.77.1"),
RemoteAddress: pulumi.String("ovpn-pool"),
UseUpnp: pulumi.String("no"),
})
if err != nil {
return err
}
_, err = routeros.NewPppSecret(ctx, "testPppSecret", &routeros.PppSecretArgs{
Password: pulumi.String("123"),
Profile: testPppProfile.Name,
})
if err != nil {
return err
}
server, err := routeros.NewOvpnServer(ctx, "server", &routeros.OvpnServerArgs{
Enabled: pulumi.Bool(true),
Certificate: ovpnServerCrt.Name,
Auths: pulumi.StringArray{
pulumi.String("sha256"),
pulumi.String("sha512"),
},
TlsVersion: pulumi.String("only-1.2"),
DefaultProfile: testPppProfile.Name,
})
if err != nil {
return err
}
// The resource should be created only after the OpenVPN server is enabled!
_, err = routeros.NewInterfaceOvpnServer(ctx, "user1", &routeros.InterfaceOvpnServerArgs{
User: pulumi.String("user1"),
}, pulumi.DependsOn([]pulumi.Resource{
server,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Routeros = Pulumi.Routeros;
return await Deployment.RunAsync(() =>
{
var ovpn_pool = new Routeros.IpPool("ovpn-pool", new()
{
Ranges = new[]
{
"192.168.77.2-192.168.77.254",
},
});
var ovpnCa = new Routeros.SystemCertificate("ovpnCa", new()
{
CommonName = "OpenVPN Root CA",
KeySize = "prime256v1",
KeyUsages = new[]
{
"key-cert-sign",
"crl-sign",
},
Trusted = true,
Signs = new[]
{
null,
},
});
var ovpnServerCrt = new Routeros.SystemCertificate("ovpnServerCrt", new()
{
CommonName = "Mikrotik OpenVPN",
KeySize = "prime256v1",
KeyUsages = new[]
{
"digital-signature",
"key-encipherment",
"tls-server",
},
Signs = new[]
{
new Routeros.Inputs.SystemCertificateSignArgs
{
Ca = ovpnCa.Name,
},
},
});
var testPppProfile = new Routeros.PppProfile("testPppProfile", new()
{
LocalAddress = "192.168.77.1",
RemoteAddress = "ovpn-pool",
UseUpnp = "no",
});
var testPppSecret = new Routeros.PppSecret("testPppSecret", new()
{
Password = "123",
Profile = testPppProfile.Name,
});
var server = new Routeros.OvpnServer("server", new()
{
Enabled = true,
Certificate = ovpnServerCrt.Name,
Auths = new[]
{
"sha256",
"sha512",
},
TlsVersion = "only-1.2",
DefaultProfile = testPppProfile.Name,
});
// The resource should be created only after the OpenVPN server is enabled!
var user1 = new Routeros.InterfaceOvpnServer("user1", new()
{
User = "user1",
}, new CustomResourceOptions
{
DependsOn =
{
server,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.routeros.IpPool;
import com.pulumi.routeros.IpPoolArgs;
import com.pulumi.routeros.SystemCertificate;
import com.pulumi.routeros.SystemCertificateArgs;
import com.pulumi.routeros.inputs.SystemCertificateSignArgs;
import com.pulumi.routeros.PppProfile;
import com.pulumi.routeros.PppProfileArgs;
import com.pulumi.routeros.PppSecret;
import com.pulumi.routeros.PppSecretArgs;
import com.pulumi.routeros.OvpnServer;
import com.pulumi.routeros.OvpnServerArgs;
import com.pulumi.routeros.InterfaceOvpnServer;
import com.pulumi.routeros.InterfaceOvpnServerArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ovpn_pool = new IpPool("ovpn-pool", IpPoolArgs.builder()
.ranges("192.168.77.2-192.168.77.254")
.build());
var ovpnCa = new SystemCertificate("ovpnCa", SystemCertificateArgs.builder()
.commonName("OpenVPN Root CA")
.keySize("prime256v1")
.keyUsages(
"key-cert-sign",
"crl-sign")
.trusted(true)
.signs()
.build());
var ovpnServerCrt = new SystemCertificate("ovpnServerCrt", SystemCertificateArgs.builder()
.commonName("Mikrotik OpenVPN")
.keySize("prime256v1")
.keyUsages(
"digital-signature",
"key-encipherment",
"tls-server")
.signs(SystemCertificateSignArgs.builder()
.ca(ovpnCa.name())
.build())
.build());
var testPppProfile = new PppProfile("testPppProfile", PppProfileArgs.builder()
.localAddress("192.168.77.1")
.remoteAddress("ovpn-pool")
.useUpnp("no")
.build());
var testPppSecret = new PppSecret("testPppSecret", PppSecretArgs.builder()
.password("123")
.profile(testPppProfile.name())
.build());
var server = new OvpnServer("server", OvpnServerArgs.builder()
.enabled(true)
.certificate(ovpnServerCrt.name())
.auths(
"sha256",
"sha512")
.tlsVersion("only-1.2")
.defaultProfile(testPppProfile.name())
.build());
// The resource should be created only after the OpenVPN server is enabled!
var user1 = new InterfaceOvpnServer("user1", InterfaceOvpnServerArgs.builder()
.user("user1")
.build(), CustomResourceOptions.builder()
.dependsOn(server)
.build());
}
}
resources:
ovpn-pool:
type: routeros:IpPool
properties:
ranges:
- 192.168.77.2-192.168.77.254
ovpnCa:
type: routeros:SystemCertificate
properties:
commonName: OpenVPN Root CA
keySize: prime256v1
keyUsages:
- key-cert-sign
- crl-sign
trusted: true
signs:
- {}
ovpnServerCrt:
type: routeros:SystemCertificate
properties:
commonName: Mikrotik OpenVPN
keySize: prime256v1
keyUsages:
- digital-signature
- key-encipherment
- tls-server
signs:
- ca: ${ovpnCa.name}
testPppProfile:
type: routeros:PppProfile
properties:
localAddress: 192.168.77.1
remoteAddress: ovpn-pool
useUpnp: no
testPppSecret:
type: routeros:PppSecret
properties:
password: '123'
profile: ${testPppProfile.name}
server:
type: routeros:OvpnServer
properties:
enabled: true
certificate: ${ovpnServerCrt.name}
auths:
- sha256
- sha512
tlsVersion: only-1.2
defaultProfile: ${testPppProfile.name}
# The resource should be created only after the OpenVPN server is enabled!
user1:
type: routeros:InterfaceOvpnServer
properties:
user: user1
options:
dependsOn:
- ${server}
Create OvpnServer Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new OvpnServer(name: string, args?: OvpnServerArgs, opts?: CustomResourceOptions);@overload
def OvpnServer(resource_name: str,
args: Optional[OvpnServerArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def OvpnServer(resource_name: str,
opts: Optional[ResourceOptions] = None,
___id_: Optional[float] = None,
___path_: Optional[str] = None,
auths: Optional[Sequence[str]] = None,
certificate: Optional[str] = None,
ciphers: Optional[Sequence[str]] = None,
default_profile: Optional[str] = None,
enable_tun_ipv6: Optional[bool] = None,
enabled: Optional[bool] = None,
ipv6_prefix_len: Optional[float] = None,
keepalive_timeout: Optional[str] = None,
mac_address: Optional[str] = None,
max_mtu: Optional[float] = None,
mode: Optional[str] = None,
netmask: Optional[float] = None,
ovpn_server_id: Optional[str] = None,
port: Optional[float] = None,
protocol: Optional[str] = None,
push_routes: Optional[Sequence[str]] = None,
redirect_gateways: Optional[Sequence[str]] = None,
reneg_sec: Optional[float] = None,
require_client_certificate: Optional[bool] = None,
tls_version: Optional[str] = None,
tun_server_ipv6: Optional[str] = None)func NewOvpnServer(ctx *Context, name string, args *OvpnServerArgs, opts ...ResourceOption) (*OvpnServer, error)public OvpnServer(string name, OvpnServerArgs? args = null, CustomResourceOptions? opts = null)
public OvpnServer(String name, OvpnServerArgs args)
public OvpnServer(String name, OvpnServerArgs args, CustomResourceOptions options)
type: routeros:OvpnServer
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args OvpnServerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args OvpnServerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args OvpnServerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args OvpnServerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args OvpnServerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
OvpnServer Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The OvpnServer resource accepts the following input properties:
- Auths List<string>
- Authentication methods that the server will accept.
- Certificate string
- Name of the certificate that the OVPN server will use.
- Ciphers List<string>
- Allowed ciphers.
- Default
Profile string - Default profile to use.
- Enable
Tun boolIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- Enabled bool
- Defines whether the OVPN server is enabled or not.
- Ipv6Prefix
Len double - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- Keepalive
Timeout string - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- Mac
Address string - Automatically generated MAC address of the server.
- Max
Mtu double - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- Mode string
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- Netmask double
- Subnet mask to be applied to the client.
- Ovpn
Server stringId - Port double
- Port to run the server on.
- Protocol string
- indicates the protocol to use when connecting with the remote endpoint.
- Push
Routes List<string> - Push routes to the VPN client (available since RouterOS 7.14).
- Redirect
Gateways List<string> - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- Reneg
Sec double - Renegotiate data channel key after n seconds (default=3600).
- Require
Client boolCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- Tls
Version string - Specifies which TLS versions to allow.
- Tun
Server stringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ double - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ string - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- Auths []string
- Authentication methods that the server will accept.
- Certificate string
- Name of the certificate that the OVPN server will use.
- Ciphers []string
- Allowed ciphers.
- Default
Profile string - Default profile to use.
- Enable
Tun boolIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- Enabled bool
- Defines whether the OVPN server is enabled or not.
- Ipv6Prefix
Len float64 - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- Keepalive
Timeout string - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- Mac
Address string - Automatically generated MAC address of the server.
- Max
Mtu float64 - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- Mode string
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- Netmask float64
- Subnet mask to be applied to the client.
- Ovpn
Server stringId - Port float64
- Port to run the server on.
- Protocol string
- indicates the protocol to use when connecting with the remote endpoint.
- Push
Routes []string - Push routes to the VPN client (available since RouterOS 7.14).
- Redirect
Gateways []string - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- Reneg
Sec float64 - Renegotiate data channel key after n seconds (default=3600).
- Require
Client boolCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- Tls
Version string - Specifies which TLS versions to allow.
- Tun
Server stringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ float64 - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ string - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- ___
id_ Double - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ String - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths List<String>
- Authentication methods that the server will accept.
- certificate String
- Name of the certificate that the OVPN server will use.
- ciphers List<String>
- Allowed ciphers.
- default
Profile String - Default profile to use.
- enable
Tun BooleanIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled Boolean
- Defines whether the OVPN server is enabled or not.
- ipv6Prefix
Len Double - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive
Timeout String - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac
Address String - Automatically generated MAC address of the server.
- max
Mtu Double - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode String
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask Double
- Subnet mask to be applied to the client.
- ovpn
Server StringId - port Double
- Port to run the server on.
- protocol String
- indicates the protocol to use when connecting with the remote endpoint.
- push
Routes List<String> - Push routes to the VPN client (available since RouterOS 7.14).
- redirect
Gateways List<String> - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg
Sec Double - Renegotiate data channel key after n seconds (default=3600).
- require
Client BooleanCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls
Version String - Specifies which TLS versions to allow.
- tun
Server StringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ number - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ string - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths string[]
- Authentication methods that the server will accept.
- certificate string
- Name of the certificate that the OVPN server will use.
- ciphers string[]
- Allowed ciphers.
- default
Profile string - Default profile to use.
- enable
Tun booleanIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled boolean
- Defines whether the OVPN server is enabled or not.
- ipv6Prefix
Len number - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive
Timeout string - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac
Address string - Automatically generated MAC address of the server.
- max
Mtu number - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode string
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask number
- Subnet mask to be applied to the client.
- ovpn
Server stringId - port number
- Port to run the server on.
- protocol string
- indicates the protocol to use when connecting with the remote endpoint.
- push
Routes string[] - Push routes to the VPN client (available since RouterOS 7.14).
- redirect
Gateways string[] - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg
Sec number - Renegotiate data channel key after n seconds (default=3600).
- require
Client booleanCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls
Version string - Specifies which TLS versions to allow.
- tun
Server stringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ float - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ str - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths Sequence[str]
- Authentication methods that the server will accept.
- certificate str
- Name of the certificate that the OVPN server will use.
- ciphers Sequence[str]
- Allowed ciphers.
- default_
profile str - Default profile to use.
- enable_
tun_ boolipv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled bool
- Defines whether the OVPN server is enabled or not.
- ipv6_
prefix_ floatlen - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive_
timeout str - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac_
address str - Automatically generated MAC address of the server.
- max_
mtu float - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode str
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask float
- Subnet mask to be applied to the client.
- ovpn_
server_ strid - port float
- Port to run the server on.
- protocol str
- indicates the protocol to use when connecting with the remote endpoint.
- push_
routes Sequence[str] - Push routes to the VPN client (available since RouterOS 7.14).
- redirect_
gateways Sequence[str] - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg_
sec float - Renegotiate data channel key after n seconds (default=3600).
- require_
client_ boolcertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls_
version str - Specifies which TLS versions to allow.
- tun_
server_ stripv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ Number - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ String - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths List<String>
- Authentication methods that the server will accept.
- certificate String
- Name of the certificate that the OVPN server will use.
- ciphers List<String>
- Allowed ciphers.
- default
Profile String - Default profile to use.
- enable
Tun BooleanIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled Boolean
- Defines whether the OVPN server is enabled or not.
- ipv6Prefix
Len Number - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive
Timeout String - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac
Address String - Automatically generated MAC address of the server.
- max
Mtu Number - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode String
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask Number
- Subnet mask to be applied to the client.
- ovpn
Server StringId - port Number
- Port to run the server on.
- protocol String
- indicates the protocol to use when connecting with the remote endpoint.
- push
Routes List<String> - Push routes to the VPN client (available since RouterOS 7.14).
- redirect
Gateways List<String> - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg
Sec Number - Renegotiate data channel key after n seconds (default=3600).
- require
Client BooleanCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls
Version String - Specifies which TLS versions to allow.
- tun
Server StringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
Outputs
All input properties are implicitly available as output properties. Additionally, the OvpnServer resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing OvpnServer Resource
Get an existing OvpnServer resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: OvpnServerState, opts?: CustomResourceOptions): OvpnServer@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
___id_: Optional[float] = None,
___path_: Optional[str] = None,
auths: Optional[Sequence[str]] = None,
certificate: Optional[str] = None,
ciphers: Optional[Sequence[str]] = None,
default_profile: Optional[str] = None,
enable_tun_ipv6: Optional[bool] = None,
enabled: Optional[bool] = None,
ipv6_prefix_len: Optional[float] = None,
keepalive_timeout: Optional[str] = None,
mac_address: Optional[str] = None,
max_mtu: Optional[float] = None,
mode: Optional[str] = None,
netmask: Optional[float] = None,
ovpn_server_id: Optional[str] = None,
port: Optional[float] = None,
protocol: Optional[str] = None,
push_routes: Optional[Sequence[str]] = None,
redirect_gateways: Optional[Sequence[str]] = None,
reneg_sec: Optional[float] = None,
require_client_certificate: Optional[bool] = None,
tls_version: Optional[str] = None,
tun_server_ipv6: Optional[str] = None) -> OvpnServerfunc GetOvpnServer(ctx *Context, name string, id IDInput, state *OvpnServerState, opts ...ResourceOption) (*OvpnServer, error)public static OvpnServer Get(string name, Input<string> id, OvpnServerState? state, CustomResourceOptions? opts = null)public static OvpnServer get(String name, Output<String> id, OvpnServerState state, CustomResourceOptions options)resources: _: type: routeros:OvpnServer get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auths List<string>
- Authentication methods that the server will accept.
- Certificate string
- Name of the certificate that the OVPN server will use.
- Ciphers List<string>
- Allowed ciphers.
- Default
Profile string - Default profile to use.
- Enable
Tun boolIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- Enabled bool
- Defines whether the OVPN server is enabled or not.
- Ipv6Prefix
Len double - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- Keepalive
Timeout string - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- Mac
Address string - Automatically generated MAC address of the server.
- Max
Mtu double - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- Mode string
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- Netmask double
- Subnet mask to be applied to the client.
- Ovpn
Server stringId - Port double
- Port to run the server on.
- Protocol string
- indicates the protocol to use when connecting with the remote endpoint.
- Push
Routes List<string> - Push routes to the VPN client (available since RouterOS 7.14).
- Redirect
Gateways List<string> - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- Reneg
Sec double - Renegotiate data channel key after n seconds (default=3600).
- Require
Client boolCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- Tls
Version string - Specifies which TLS versions to allow.
- Tun
Server stringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ double - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ string - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- Auths []string
- Authentication methods that the server will accept.
- Certificate string
- Name of the certificate that the OVPN server will use.
- Ciphers []string
- Allowed ciphers.
- Default
Profile string - Default profile to use.
- Enable
Tun boolIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- Enabled bool
- Defines whether the OVPN server is enabled or not.
- Ipv6Prefix
Len float64 - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- Keepalive
Timeout string - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- Mac
Address string - Automatically generated MAC address of the server.
- Max
Mtu float64 - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- Mode string
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- Netmask float64
- Subnet mask to be applied to the client.
- Ovpn
Server stringId - Port float64
- Port to run the server on.
- Protocol string
- indicates the protocol to use when connecting with the remote endpoint.
- Push
Routes []string - Push routes to the VPN client (available since RouterOS 7.14).
- Redirect
Gateways []string - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- Reneg
Sec float64 - Renegotiate data channel key after n seconds (default=3600).
- Require
Client boolCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- Tls
Version string - Specifies which TLS versions to allow.
- Tun
Server stringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ float64 - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ string - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- ___
id_ Double - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ String - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths List<String>
- Authentication methods that the server will accept.
- certificate String
- Name of the certificate that the OVPN server will use.
- ciphers List<String>
- Allowed ciphers.
- default
Profile String - Default profile to use.
- enable
Tun BooleanIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled Boolean
- Defines whether the OVPN server is enabled or not.
- ipv6Prefix
Len Double - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive
Timeout String - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac
Address String - Automatically generated MAC address of the server.
- max
Mtu Double - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode String
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask Double
- Subnet mask to be applied to the client.
- ovpn
Server StringId - port Double
- Port to run the server on.
- protocol String
- indicates the protocol to use when connecting with the remote endpoint.
- push
Routes List<String> - Push routes to the VPN client (available since RouterOS 7.14).
- redirect
Gateways List<String> - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg
Sec Double - Renegotiate data channel key after n seconds (default=3600).
- require
Client BooleanCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls
Version String - Specifies which TLS versions to allow.
- tun
Server StringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ number - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ string - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths string[]
- Authentication methods that the server will accept.
- certificate string
- Name of the certificate that the OVPN server will use.
- ciphers string[]
- Allowed ciphers.
- default
Profile string - Default profile to use.
- enable
Tun booleanIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled boolean
- Defines whether the OVPN server is enabled or not.
- ipv6Prefix
Len number - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive
Timeout string - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac
Address string - Automatically generated MAC address of the server.
- max
Mtu number - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode string
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask number
- Subnet mask to be applied to the client.
- ovpn
Server stringId - port number
- Port to run the server on.
- protocol string
- indicates the protocol to use when connecting with the remote endpoint.
- push
Routes string[] - Push routes to the VPN client (available since RouterOS 7.14).
- redirect
Gateways string[] - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg
Sec number - Renegotiate data channel key after n seconds (default=3600).
- require
Client booleanCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls
Version string - Specifies which TLS versions to allow.
- tun
Server stringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ float - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ str - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths Sequence[str]
- Authentication methods that the server will accept.
- certificate str
- Name of the certificate that the OVPN server will use.
- ciphers Sequence[str]
- Allowed ciphers.
- default_
profile str - Default profile to use.
- enable_
tun_ boolipv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled bool
- Defines whether the OVPN server is enabled or not.
- ipv6_
prefix_ floatlen - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive_
timeout str - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac_
address str - Automatically generated MAC address of the server.
- max_
mtu float - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode str
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask float
- Subnet mask to be applied to the client.
- ovpn_
server_ strid - port float
- Port to run the server on.
- protocol str
- indicates the protocol to use when connecting with the remote endpoint.
- push_
routes Sequence[str] - Push routes to the VPN client (available since RouterOS 7.14).
- redirect_
gateways Sequence[str] - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg_
sec float - Renegotiate data channel key after n seconds (default=3600).
- require_
client_ boolcertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls_
version str - Specifies which TLS versions to allow.
- tun_
server_ stripv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
- ___
id_ Number - Resource ID type (.id / name). This is an internal service field, setting a value is not required.
- ___
path_ String - Resource path for CRUD operations. This is an internal service field, setting a value is not required.
- auths List<String>
- Authentication methods that the server will accept.
- certificate String
- Name of the certificate that the OVPN server will use.
- ciphers List<String>
- Allowed ciphers.
- default
Profile String - Default profile to use.
- enable
Tun BooleanIpv6 - Specifies if IPv6 IP tunneling mode should be possible with this OVPN server.
- enabled Boolean
- Defines whether the OVPN server is enabled or not.
- ipv6Prefix
Len Number - Length of IPv6 prefix for IPv6 address which will be used when generating OVPN interface on the server side.
- keepalive
Timeout String - Defines the time period (in seconds) after which the router is starting to send keepalive packets every second. If no traffic and no keepalive responses have come for that period of time (i.e. 2 * keepalive-timeout), not responding client is proclaimed disconnected
- mac
Address String - Automatically generated MAC address of the server.
- max
Mtu Number - Maximum Transmission Unit. Max packet size that the OVPN interface will be able to send without packet fragmentation.
- mode String
- Layer3 or layer2 tunnel mode (alternatively tun, tap)
- netmask Number
- Subnet mask to be applied to the client.
- ovpn
Server StringId - port Number
- Port to run the server on.
- protocol String
- indicates the protocol to use when connecting with the remote endpoint.
- push
Routes List<String> - Push routes to the VPN client (available since RouterOS 7.14).
- redirect
Gateways List<String> - Specifies what kind of routes the OVPN client must add to the routing table. * def1 – Use this flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. * disabled - Do not send redirect-gateway flags to the OVPN client. * ipv6 - Redirect IPv6 routing into the tunnel on the client side. This works similarly to the def1 flag, that is, more specific IPv6 routes are added (2000::/4 and 3000::/4), covering the whole IPv6 unicast space.
- reneg
Sec Number - Renegotiate data channel key after n seconds (default=3600).
- require
Client BooleanCertificate - If set to yes, then the server checks whether the client's certificate belongs to the same certificate chain.
- tls
Version String - Specifies which TLS versions to allow.
- tun
Server StringIpv6 - IPv6 prefix address which will be used when generating the OVPN interface on the server side.
Import
$ pulumi import routeros:index/ovpnServer:OvpnServer server .
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- routeros terraform-routeros/terraform-provider-routeros
- License
- Notes
- This Pulumi package is based on the
routerosTerraform Provider.
routeros 1.83.1 published on Monday, Apr 28, 2025 by terraform-routeros