2023年2月26日 星期日

Mikrotik RouterOS OVPN setup

 How to setup OVPN on Mikrotik RouterOS v6 and v7

A. Setup OVPN server in RouterOS

  1. /cerfiticate
    add name=CA-root common-name=host.domain.cc key-usage=key-cert-sign,crl-sign
    add name=Server-cert common-name=*.host.domain key-usage=digital-signature,key-encipherment,tls-server,tls-client
    sign CA-root
    sign Server-cert ca=CA-root
    set Server-cert trusted=yes
    export-certificate CA-root 
  2. /ip pool
    add name=pool-ovpn ranges=172.16.100.1-172.16.100.10
  3. /ppp profile
    add local-address=pool-ovpn name=profile-ovpn remote-address=pool-ovpn
  4. /ppp secret
    add name=Username password=Password profile=profile-ovpn service=ovpn
  5. /interface ovpn-server server
    set auth=sha1 certificate=Server-cert cipher=aes128 default-profile=profile-ovpn enabled=yes port=443
B. Create OPVN client config file

Create a client.ovpn file as follows and put the contents of cert_export_CA_root.crt (/file) in between <ca>-----BEGIN CERTIFICATE----- and  -----END CERTIFICATE-----</ca>

client
dev tun
proto tcp
remote host.domain 443
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
auth SHA1
auth-user-pass
redirect-gateway def1
verb 3
<ca>
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
</ca>

C. Use OpenVPN app to connect to host.domain
Import client.ovpn config file and make a connection by input Username and Password.

張貼者: 沒有留言:
標籤: ,
訂閱: 文章 (Atom)