MikroTik ROS配置OpenVPN
1、添加证书
/certificate/add name=ovpn-ca common-name=ovpn-ca days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
/certificate/add name=ovpn-server common-name=ovpn-server days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
/certificate/add name=ovpn-client common-name=ovpn-client days-valid=3650 key-size=2048 key-usage=tls-client
2、证书签名
/certificate/sign ovpn-ca name=ovpn-ca
/certificate/sign ovpn-server name=ovpn-server ca=ovpn-ca
/certificate/sign ovpn-client name=ovpn-client ca=ovpn-ca
3、导出证书在最后一步备用
/certificate export-certificate ovpn-ca export-passphrase=""
/certificate export-certificate ovpn-client export-passphrase=12345678
4、添加地址池
/ip pool add name=ovpn-pool ranges=10.10.10.100-10.10.10.110
5、添加openvpn配置文件
/ppp profile add name=ovpn-profile use-encryption=yes local-address=10.10.10.1 remote-address=ovpn-pool change-tcp-mss=yes use-compression=yes use-ipv6=no
6、添加账户
/ppp secret add name=pecmd password=12345678 profile=ovpn-profile service=ovpn
7、添加openvpn服务
/interface ovpn-server server set default-profile=ovpn-profile protocol=udp netmask=24 mode=ip port=1194 certificate=ovpn-server require-client-certificate=yes auth=sha1 cipher=aes128-cbc,aes192-cbc,aes256-cbc
8、添加防火墙放行规则
/ip firewall filter add chain=input protocol=udp dst-port=1194 action=accept place-before=0 comment="Allow OpenVPN"
9、通过OVPN Servers导出客户端配置文件
评论已关闭