Difference between revisions of "Mikrotik: OpenVPN Server ke Kali Linux Client"
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 81: | Line 81: | ||
persist-key | persist-key | ||
persist-tun | persist-tun | ||
| − | remote-cert-tls server | + | remote-cert-tls server |
auth-user-pass | auth-user-pass | ||
cipher AES-256-CBC | cipher AES-256-CBC | ||
auth SHA1 | auth SHA1 | ||
| − | + | ||
| − | ca | + | ca cert_export_ca-cert.crt |
| − | cert | + | cert cert_export_client-cert.crt |
key client-cert.key | key client-cert.key | ||
Revision as of 15:57, 13 May 2025
Berikut adalah langkah-langkah lengkap untuk konfigurasi OpenVPN Server di MikroTik agar dapat diakses oleh client Kali Linux:
Persiapan
Pastikan MikroTik dan Kali Linux:
- MikroTik sudah memiliki koneksi internet
- Port TCP 1194 terbuka di firewall MikroTik
- Kali Linux memiliki OpenVPN terinstal (`sudo apt install openvpn`)
Generate Certificate dan Key
Gunakan fitur MikroTik Certificate untuk membuat sertifikat.
a. Buat CA:
/certificate add name=ca-template common-name=myCA key-usage=key-cert-sign,crl-sign sign ca-template name=ca-cert
b. Buat Server Certificate:
add name=server-template common-name=server sign server-template ca=ca-cert name=server-cert
c. Buat Client Certificate:
add name=client-template common-name=client sign client-template ca=ca-cert name=client-cert
Enable OpenVPN Server
/interface ovpn-server server set enabled=yes \ certificate=server-cert \ require-client-certificate=yes \ auth=sha1 \ cipher=aes256 \ port=1194
Buat PPP Profile dan Secret
a. Buat profile:
/ppp profile add name=ovpn-profile local-address=10.8.0.1 remote-address=10.8.0.2 dns-server=8.8.8.8
b. Buat user untuk VPN:
/ppp secret add name=client password=123 profile=ovpn-profile service=ovpn
Export Sertifikat dan Kunci
Export sertifikat agar bisa digunakan di Kali Linux:
/certificate export-certificate ca-cert export-passphrase="" /certificate export-certificate client-cert export-passphrase=""
Download file `.crt` dan `.key` dari Files di MikroTik:
- `ca-cert.crt`
- `client-cert.crt`
- `client-cert.key`
Konfigurasi Client OpenVPN di Kali Linux
a. Install OpenVPN (jika belum)
sudo apt update && sudo apt install openvpn
b. Buat file konfigurasi: `client.ovpn`
client dev tun proto tcp remote [IP-PUBLIK-MIKROTIK] 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth-user-pass cipher AES-256-CBC auth SHA1
ca cert_export_ca-cert.crt cert cert_export_client-cert.crt key client-cert.key verb 3
c. Simpan file `client.ovpn`, `ca-cert.crt`, `client-cert.crt`, dan `client-cert.key` di folder yang sama.
Menjalankan VPN dari Kali
sudo openvpn --config client.ovpn
Masukkan username dan password sesuai yang dibuat di MikroTik (`client` dan `123`).
Verifikasi Koneksi
Di MikroTik:
/ppp active print
Akan muncul entry koneksi OVPN aktif dari client.