Difference between revisions of "Mikrotik: OpenVPN - Server ke PC dari wiki mikrotik"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Sumber: https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN ==Referensi== * https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN") |
Onnowpurbo (talk | contribs) |
||
Line 2: | Line 2: | ||
+ | ==Certificate== | ||
+ | |||
+ | ===Certificate Generate=== | ||
+ | |||
+ | /certificate | ||
+ | add name=ca-template common-name=example.com days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign | ||
+ | add name=server-template common-name=*.example.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server | ||
+ | add name=client-template common-name=client.example.com days-valid=3650 key-size=2048 key-usage=tls-client | ||
+ | add name=client1-template common-name=client1.example.com days-valid=3650 key-size=2048 key-usage=tls-client | ||
+ | |||
+ | |||
+ | ===Certificate Sign=== | ||
+ | |||
+ | Proses signing akan membutuhkan waktu, harap sabar. | ||
+ | |||
+ | /certificate | ||
+ | sign ca-template name=ca-certificate | ||
+ | sign server-template name=server-certificate ca=ca-certificate | ||
+ | sign client-template name=client-certificate ca=ca-certificate | ||
+ | sign client1-template name=client1-certificate ca=ca-certificate | ||
+ | |||
+ | ===Certificate Trust=== | ||
+ | |||
+ | /certificate | ||
+ | set ca-certificate trusted=yes | ||
+ | set server-certificate trusted=yes | ||
+ | |||
+ | ===Certificate Export=== | ||
+ | |||
+ | /certificate | ||
+ | export-certificate ca-certificate export-passphrase="" | ||
+ | export-certificate client-certificate export-passphrase=12345678 | ||
+ | export-certificate client1-certificate export-passphrase=12345678 | ||
+ | |||
+ | Cek bahwa sudah di generate menggunakan | ||
+ | |||
+ | /file print | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==Server== | ||
+ | |||
+ | /interface ovpn-server server set enabled=yes | ||
+ | /interface ovpn-server server set certificate=server-certificate | ||
+ | /interface ovpn-server server print | ||
+ | |||
+ | |||
+ | /ip pool add name=ovpn-pool range=192.168.77.2-192.168.77.254 | ||
+ | /ppp profile add name=ovpn local-address=192.168.77.1 remote-address=ovpn-pool | ||
+ | /ppp secret | ||
+ | add name=client1 password=123456 profile=ovpn | ||
+ | add name=client2 password=123456 profile=ovpn | ||
+ | add name=onno password=123456 profile=ovpn | ||
Revision as of 20:52, 29 November 2022
Sumber: https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN
Certificate
Certificate Generate
/certificate add name=ca-template common-name=example.com days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign add name=server-template common-name=*.example.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server add name=client-template common-name=client.example.com days-valid=3650 key-size=2048 key-usage=tls-client add name=client1-template common-name=client1.example.com days-valid=3650 key-size=2048 key-usage=tls-client
Certificate Sign
Proses signing akan membutuhkan waktu, harap sabar.
/certificate sign ca-template name=ca-certificate sign server-template name=server-certificate ca=ca-certificate sign client-template name=client-certificate ca=ca-certificate sign client1-template name=client1-certificate ca=ca-certificate
Certificate Trust
/certificate set ca-certificate trusted=yes set server-certificate trusted=yes
Certificate Export
/certificate export-certificate ca-certificate export-passphrase="" export-certificate client-certificate export-passphrase=12345678 export-certificate client1-certificate export-passphrase=12345678
Cek bahwa sudah di generate menggunakan
/file print
Server
/interface ovpn-server server set enabled=yes /interface ovpn-server server set certificate=server-certificate /interface ovpn-server server print
/ip pool add name=ovpn-pool range=192.168.77.2-192.168.77.254 /ppp profile add name=ovpn local-address=192.168.77.1 remote-address=ovpn-pool /ppp secret add name=client1 password=123456 profile=ovpn add name=client2 password=123456 profile=ovpn add name=onno password=123456 profile=ovpn