ogavrisevs/gist:ec00674d6bd89a3a7748acc34ea59be3

## gistfile1.txt
Default
------

/system logging
    add prefix=ovpn topics=ovpn,debug
    add prefix=interface topics=interface,debug
    add prefix=dns topics=dns,debug
    add prefix=dhcp topics=dhcp,debug
    add prefix=lte topics=lte,debug
    add prefix=system topics=system,debug


certificate
-------------

/certificate
    add name=ca-template common-name=myCa key-size=4096 days-valid=3650 key-usage=key-cert-sign,crl-sign
    sign ca-template ca-crl-host=127.0.0.1 name=myCa

    add name=server-template common-name=server key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
    sign server-template ca=myCa name=server

    add name=client1-template common-name=client1 key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
    sign client1-template ca=myCa name=client1

    set myCa trusted=yes
    set server trusted=yes

/certificate export-certificate myCa
/certificate export-certificate client1 export-passphrase=12345678

ip/ ppp / ovpn
--------------

/ip pool add name=ovpn-pool range=192.168.87.30-192.168.87.254

/ip dhcp-server network add address=192.168.87.0/24 comment=ovpn dns-server=192.168.89.1 gateway=192.168.89.1 netmask=24

# mode = ip
/ppp profile add name=ovpn-profile local-address=192.168.87.1 remote-address=ovpn-pool use-compression=no dns-server=192.168.88.1 use-encryption=required

# mode = bridge
/ppp profile add bridge=bridge name=ovpn-profile local-address=192.168.87.1 remote-address=ovpn-pool use-compression=no dns-server=192.168.89.1 use-encryption=required

/ppp secret add name=client1 password=12345678 profile=ovpn-profile

/interface ovpn-server add name=ovpn-server user=client1

/interface ovpn-server server set enabled=yes certificate=server default-profile=ovpn-profile require-client-certificate=yes port=1194 netmask=24 mode=ip

/ip firewall filter add action=accept chain=input comment="Allow ovpn" dst-port=1194 protocol=tcp
	Default
	------

	/system logging
	add prefix=ovpn topics=ovpn,debug
	add prefix=interface topics=interface,debug
	add prefix=dns topics=dns,debug
	add prefix=dhcp topics=dhcp,debug
	add prefix=lte topics=lte,debug
	add prefix=system topics=system,debug


	certificate
	-------------

	/certificate
	add name=ca-template common-name=myCa key-size=4096 days-valid=3650 key-usage=key-cert-sign,crl-sign
	sign ca-template ca-crl-host=127.0.0.1 name=myCa

	add name=server-template common-name=server key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
	sign server-template ca=myCa name=server

	add name=client1-template common-name=client1 key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
	sign client1-template ca=myCa name=client1

	set myCa trusted=yes
	set server trusted=yes

	/certificate export-certificate myCa
	/certificate export-certificate client1 export-passphrase=12345678

	ip/ ppp / ovpn
	--------------

	/ip pool add name=ovpn-pool range=192.168.87.30-192.168.87.254

	/ip dhcp-server network add address=192.168.87.0/24 comment=ovpn dns-server=192.168.89.1 gateway=192.168.89.1 netmask=24

	# mode = ip
	/ppp profile add name=ovpn-profile local-address=192.168.87.1 remote-address=ovpn-pool use-compression=no dns-server=192.168.88.1 use-encryption=required

	# mode = bridge
	/ppp profile add bridge=bridge name=ovpn-profile local-address=192.168.87.1 remote-address=ovpn-pool use-compression=no dns-server=192.168.89.1 use-encryption=required

	/ppp secret add name=client1 password=12345678 profile=ovpn-profile

	/interface ovpn-server add name=ovpn-server user=client1

	/interface ovpn-server server set enabled=yes certificate=server default-profile=ovpn-profile require-client-certificate=yes port=1194 netmask=24 mode=ip

	/ip firewall filter add action=accept chain=input comment="Allow ovpn" dst-port=1194 protocol=tcp