Mikrotik: OpenVPN - Server ke PC dari wiki mikrotik

From OnnoWiki
Jump to navigation Jump to search

Sumber: https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN

Ipsec-road-warrior (1).png


Kondisi Jaringan

Office     192.168.3.73/24
Office LAN 192.168.100.0/24
VPN Pool   192.168.77.0/24 gw 192.168.77.1

Client     192.168.3.77/24

Certificate

Certificate Generate

/certificate
add name=ca-template common-name=itts.ac.id days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
add name=server-template common-name=*.itts.ac.id days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
add name=client-template common-name=client.itts.ac.id days-valid=3650 key-size=2048 key-usage=tls-client
add name=client1-template common-name=client1.itts.ac.id days-valid=3650 key-size=2048 key-usage=tls-client

Certificate Sign

SATU PER SATU, jangan COPAS Sekaligus. Proses signing akan membutuhkan waktu, harap sabar. 

/certificate
sign ca-template name=ca
sign server-template name=server ca=ca
sign client-template name=client ca=ca
sign client1-template name=client1 ca=ca

Certificate Trust

/certificate
set ca trusted=yes
set server trusted=yes

Certificate Export

/file print 
/file remove numbers=0
/file remove numbers=1
.... dst....



/certificate
export-certificate ca export-passphrase=""
export-certificate client export-passphrase=123456789
export-certificate client1 export-passphrase=123456789

Cek bahwa sudah di generate menggunakan 

/file print

Server

/ip dhcp-client print
/ip dhcp-client add interface=ether1 disable=no
/interface bridge
add name=bridge1
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=ether6
add bridge=bridge1 interface=ether7
add bridge=bridge1 interface=ether8
/ip address add interface=bridge1 address=192.168.100.1/24
/ip route add gateway=bridge1
/ip dns set servers=1.1.1.1
/ip dns set allow-remote-request=yes
/ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade
/ip firewall nat print
/ip dhcp-server setup

/ip pool add name=ovpn-pool range=192.168.77.2-192.168.77.254
/ppp profile add name=ovpn local-address=192.168.77.1 remote-address=ovpn-pool
/ppp secret
  add name=client password=123456 profile=ovpn
  add name=client1 password=123456 profile=ovpn
/interface ovpn-server server set enabled=yes certificate=server

Client Mikrotik

/interface ovpn-client
  add name=ovpn-client1 connect-to=2.2.2.2 user=client password=123456 disabled=no
/ip route 
  add dst-address=192.168.100.0/24 gateway=ovpn-client1
/ip firewall nat add chain=srcnat action=masquerade out-interface=ovpn-client1

Client Linux

dev tun
proto tcp-client
remote 2.2.2.2 1194
tls-client
ca cert_export_ca.crt
key cert_export_client1.key  cert_export_client.key
cert cert_export_client1.crt  cert_export_client.crt   client.ovpn

user nobody
group nogroup
#comp-lzo # Do not use compression.
# More reliable detection when a system loses its connection.
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher BF-CBC
auth SHA1
pull
auth-user-pass auth.cfg


Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Mikrotik:_OpenVPN_-_Server_ke_PC_dari_wiki_mikrotik&oldid=67610"