Difference between revisions of "Mikrotik: OpenVPN - Server ke PC dari wiki mikrotik"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
Line 17: | Line 17: | ||
/certificate | /certificate | ||
− | add name=ca-template days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign | + | add name=ca-template common-name=itts.ac.id days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign |
− | add name=server-template days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server | + | add name=server-template common-name=*.itts.ac.id days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server |
− | add name=client-template days-valid=3650 key-size=2048 key-usage=tls-client | + | add name=client-template common-name=client.itts.ac.id days-valid=3650 key-size=2048 key-usage=tls-client |
− | add name=client1-template days-valid=3650 key-size=2048 key-usage=tls-client | + | add name=client1-template common-name=client1.itts.ac.id days-valid=3650 key-size=2048 key-usage=tls-client |
===Certificate Sign=== | ===Certificate Sign=== |
Revision as of 12:47, 29 December 2022
Sumber: https://wiki.mikrotik.com/wiki/Manual:Interface/OVPN
Kondisi Jaringan
Office 192.168.3.73/24 Office LAN 192.168.100.0/24 VPN Pool 192.168.77.0/24 gw 192.168.77.1
Client 192.168.3.77/24
Certificate
Certificate Generate
/certificate add name=ca-template common-name=itts.ac.id days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign add name=server-template common-name=*.itts.ac.id days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server add name=client-template common-name=client.itts.ac.id days-valid=3650 key-size=2048 key-usage=tls-client add name=client1-template common-name=client1.itts.ac.id days-valid=3650 key-size=2048 key-usage=tls-client
Certificate Sign
SATU PER SATU, jangan COPAS Sekaligus. Proses signing akan membutuhkan waktu, harap sabar.
/certificate sign ca-template name=ca sign server-template name=server ca=ca sign client-template name=client ca=ca sign client1-template name=client1 ca=ca
Certificate Trust
/certificate set ca trusted=yes set server trusted=yes
Certificate Export
/certificate export-certificate ca export-passphrase="" export-certificate client export-passphrase=123456789 export-certificate client1 export-passphrase=123456789
Cek bahwa sudah di generate menggunakan
/file print
Server
/ip pool add name=ovpn-pool range=192.168.77.2-192.168.77.254 /ppp profile add name=ovpn local-address=192.168.77.1 remote-address=ovpn-pool /ppp secret add name=client password=123456 profile=ovpn add name=client1 password=123456 profile=ovpn
/interface ovpn-server server set enabled=yes certificate=server
Client Mikrotik
/interface ovpn-client add name=ovpn-client1 connect-to=2.2.2.2 user=client password=123456 disabled=no /ip route add dst-address=192.168.100.0/24 gateway=ovpn-client1 /ip firewall nat add chain=srcnat action=masquerade out-interface=ovpn-client1
Client Linux
dev tun proto tcp-client remote 2.2.2.2 1194 tls-client user nobody group nogroup #comp-lzo # Do not use compression. # More reliable detection when a system loses its connection. ping 15 ping-restart 45 ping-timer-rem persist-tun persist-key mute-replay-warnings verb 3 cipher BF-CBC auth SHA1 pull auth-user-pass auth.cfg