Vygenerujeme serverový certifikát (mimo router)
Windows varianta
C:\Program Files (x86)\OpenVPN\easy-rsa\certifikaty-gen.bat
Soubor obsahuje:
call cmd
vars
build-key-server xyz
Linux varianta
OpenVPN: Vytvoření certifikační autority, klientského certifikátu
Router MikroTik
Nahrát do files certifkáty
- xyz.crt + xyz.key + ca.crt
System - Certificates - Import
- import všech certů
IP New IP pool
- name ovpn_pool
- address 172.16.1.1
PPP
Interface - OPVN Server
- enabled
- default-encryption
- certificate xyz.crt_0
- require client certificate
- auth sha1
- cipher aes256
Profiles -default encryption
- local address 172.16.1.1
- remote address ovpn_pool
Secrets - Add
- name user2
- password pass2
- service ovpn
- profile default-encryption
Vytvoříme klientský config OVPN
dev tun
proto tcp-client
remote my_wan_ip 1194
ca ca.crt
cert xyz-user2.crt
key xyz-user2.key
tls-client
port 1194
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass pass.txt
dhcp-option DNS 8.8.8.8
route 192.168.1.0 255.255.255.0 172.16.1.1
Soubor s heslem - pass.txt
user2
paas
Vygenerujeme klientský certifikát (mimo router)
C:\Program Files (x86)\OpenVPN\easy-rsa\certifikaty-gen.bat
vars
build-key xyz-user2
2
The English language is translated by machine - the translator can modify eg cited codes = it is better to use codes from the Czech original.
Mikrotik router - how to set up OpenVPN server
Model network: We have MikroTik router and we want to set up OpenVPN server for local network 192.168.1.0 including setting of client configuration OVPN.We will generate a server certificate (outside the router)
Windows variant
C:\Program Files (x86)\OpenVPN\easy-rsa\certifikaty-gen.bat
File contains:
call cmd
vars
build-key-server xyz
Linux variant
OpenVPN: Vytvoření certifikační autority, klientského certifikátu
Router MikroTik
Upload certificates to files
- xyz.crt + xyz.key + ca.crt
System - Certificates - Import
- import all certificates
IP New IP pool
- name ovpn_pool
- address 172.16.1.1
PPP
Interface - OPVN Server
- enabled
- default-encryption
- certificate xyz.crt_0
- require client certificate
- auth sha1
- cipher aes256
Profiles -default encryption
- local address 172.16.1.1
- remote address ovpn_pool
Secrets - Add
- name user2
- password pass2
- service ovpn
- profile default-encryption
Create OVPN client config
dev tun
proto tcp-client
remote my_wan_ip 1194
ca ca.crt
cert xyz-user2.crt
key xyz-user2.key
tls-client
port 1194
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
mute-replay-warnings
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass pass.txt
dhcp-option DNS 8.8.8.8
route 192.168.1.0 255.255.255.0 172.16.1.1
File with pass - pass.txt
user2
paas
Generate a client certificate (outside the router)
C:\Program Files (x86)\OpenVPN\easy-rsa\certifikaty-gen.bat
vars
build-key xyz-user2