Created
December 29, 2019 10:49
-
-
Save ogavrisevs/ec00674d6bd89a3a7748acc34ea59be3 to your computer and use it in GitHub Desktop.
Ovpn setup on MikroTik
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Default | |
------ | |
/system logging | |
add prefix=ovpn topics=ovpn,debug | |
add prefix=interface topics=interface,debug | |
add prefix=dns topics=dns,debug | |
add prefix=dhcp topics=dhcp,debug | |
add prefix=lte topics=lte,debug | |
add prefix=system topics=system,debug | |
certificate | |
------------- | |
/certificate | |
add name=ca-template common-name=myCa key-size=4096 days-valid=3650 key-usage=key-cert-sign,crl-sign | |
sign ca-template ca-crl-host=127.0.0.1 name=myCa | |
add name=server-template common-name=server key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server | |
sign server-template ca=myCa name=server | |
add name=client1-template common-name=client1 key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server | |
sign client1-template ca=myCa name=client1 | |
set myCa trusted=yes | |
set server trusted=yes | |
/certificate export-certificate myCa | |
/certificate export-certificate client1 export-passphrase=12345678 | |
ip/ ppp / ovpn | |
-------------- | |
/ip pool add name=ovpn-pool range=192.168.87.30-192.168.87.254 | |
/ip dhcp-server network add address=192.168.87.0/24 comment=ovpn dns-server=192.168.89.1 gateway=192.168.89.1 netmask=24 | |
# mode = ip | |
/ppp profile add name=ovpn-profile local-address=192.168.87.1 remote-address=ovpn-pool use-compression=no dns-server=192.168.88.1 use-encryption=required | |
# mode = bridge | |
/ppp profile add bridge=bridge name=ovpn-profile local-address=192.168.87.1 remote-address=ovpn-pool use-compression=no dns-server=192.168.89.1 use-encryption=required | |
/ppp secret add name=client1 password=12345678 profile=ovpn-profile | |
/interface ovpn-server add name=ovpn-server user=client1 | |
/interface ovpn-server server set enabled=yes certificate=server default-profile=ovpn-profile require-client-certificate=yes port=1194 netmask=24 mode=ip | |
/ip firewall filter add action=accept chain=input comment="Allow ovpn" dst-port=1194 protocol=tcp | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment