/certificate add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign days-valid=3650 country="PY" state="Alto Parana" organization="Empresa" locality="Ciudad del Este" unit="TI" key-size=4096
/certificate add name=server-template common-name=server days-valid=3650 country="PY" state="Alto Parana" organization="Empresa" locality="Ciudad del Este" unit="TI" key-size=4096
/certificate add name=client-template common-name=client days-valid=3650 country="PY" state="Alto Parana" organization="Empresa" locality="Ciudad del Este" unit="TI" key-size=4096
/certificate sign ca-template name=myCa
/certificate sign server-template ca=myCa name=server
/certificate sign client-template ca=myCa name=client
/certificate set myCa trusted=yes
/certificate set server trusted=yes
/certificate set client trusted=yes
/certificate export-certificate myCa
/certificate export-certificate client export-passphrase=password-certificado
cert_export_client.crt cert_export_client.key cert_export_myCa.crt
client.crt client.key ca.crt
/interface ovpn-server server set certificate=server cipher=blowfish128,aes128,aes256 enabled=yes require-client-certificate=yes
/ppp secret add local-address=192.0.2.1 name=usuario-empresa password=password-usuario remote-address=192.0.2.2 service=ovpn
proto tcp-client
remote ip_servidor 1194
dev tun
nobind
persist-key
tls-client
ca ca.crt
cert client.crt
key client.key
ping 10
verb 3
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass auth.cfg
route 192.0.2.0 255.255.255.0 192.2.0.1
usuario-empresa
password-usuario
Configuracion Basica para usar Mikrotik como servidor OpenVPN
Consideration, en la linea:
route 192.0.2.0 255.255.255.0 192.2.0.1
hay que reemplazar por la red que deseamos acceder, ejemplo:route 192.168.1.0 255.255.255.0 192.2.0.1