1、添加证书

/certificate/add name=ovpn-ca common-name=ovpn-ca days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
/certificate/add name=ovpn-server common-name=ovpn-server days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
/certificate/add name=ovpn-client common-name=ovpn-client days-valid=3650 key-size=2048 key-usage=tls-client

2、证书签名

/certificate/sign ovpn-ca name=ovpn-ca
/certificate/sign ovpn-server name=ovpn-server ca=ovpn-ca
/certificate/sign ovpn-client name=ovpn-client ca=ovpn-ca

3、导出证书在最后一步备用

/certificate export-certificate ovpn-ca export-passphrase=""
/certificate export-certificate ovpn-client export-passphrase=12345678

4、添加地址池

/ip pool add name=ovpn-pool ranges=10.10.10.100-10.10.10.110

5、添加openvpn配置文件

/ppp profile add name=ovpn-profile use-encryption=yes local-address=10.10.10.1 remote-address=ovpn-pool change-tcp-mss=yes use-compression=yes use-ipv6=no

6、添加账户

/ppp secret add name=pecmd password=12345678 profile=ovpn-profile service=ovpn

7、添加openvpn服务

/interface ovpn-server server set default-profile=ovpn-profile  protocol=udp netmask=24 mode=ip port=1194 certificate=ovpn-server require-client-certificate=yes auth=sha1 cipher=aes128-cbc,aes192-cbc,aes256-cbc

8、添加防火墙放行规则

/ip firewall filter add chain=input protocol=udp dst-port=1194 action=accept place-before=0 comment="Allow OpenVPN"

9、通过OVPN Servers导出客户端配置文件
2025-06-11T11:28:21.png

标签: none

评论已关闭