konfigurasi openvpn pada mikrotik
DESCRIPTION
Konfigurasi dan cara setting mikrotik Untuk membangun VPN.Dalam artikel ini saya akan berbicara tentang Buka VPN, Dan Cara Setup bahwa sebagai completly, Konfigurasi dasar seperti, Sertifikat, OpenVPN Konfigurasi.dalam banyak topik dan Forum Pengguna berbicara tentang OpenVPN dan proksimat 90% dari mereka memiliki masalah untuk menjalankan dan instalasi yang benar OpenVPN.TRANSCRIPT
![Page 1: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/1.jpg)
Konfigurasi OpenVPN pada MikrotikIn this article i will talk about Open VPN , And How to Setup that as completly , such Basic Configuration , Certificate , OpenVPN Configurations .
in many topics and Forums Users talk about OpenVPN and proximate 90% of their have problem to run and correct installations of OpenVPN .
so , i decide to show you how you can do it correctly , Let's go !
What is OpenVPN ?
OpenVPN has been ported to various platforms, including Linux and Windows, and it's configuration is throughout likewise on each of these systems, so it makes it easier to support and maintain.
Also, OpenVPN is one of the few VPN protocols that can make use of a proxy, which might be handy sometimes.
and You are able to use Various Port ( TCP Port ) for Your VPN Connections .
For More Information Click Here
Requirements :
RouterOS or Routerboard ( In This Article I have RB493AH , Version 6 RC 13 )
Public or Private IP Address or Valid Domain Name ( My Router 91.108.151.193 , Domain Name : Reza.IPExperts.Ir )
If you have a Domain Name same as this Article , you can Point all request for Certificate to your Domain , Unless you should use your IP Address !
Public or Private Certificate for OpenVPN ( i will use CaCert Free Certificate )
PPP Package ( To Install Openvpn Service )
OpenVPN GUI for Windows ( if you OpenVPN Client is Windows User OpenVPN GUI , in this Article Client is another Routerboard )
Linux Operation System with Openssl Service
![Page 2: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/2.jpg)
Basic Configuration :
Please Set IP Address and Default Route and other Basic Configurations in Your MikroTik ( DNS , NTP , etc. )
![Page 3: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/3.jpg)
ip addressadd address=91.108.151.193/28 comment="Public IP" interface="WLAN 1 - Home" \ network=91.108.151.192
Add a Default Route
![Page 5: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/5.jpg)
Certificate :
OpenVPN use Certificate to setup Connections , So Open a New Terminal window and create a certificate request with your Information :
![Page 7: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/7.jpg)
You will be asked a number of questions , Some of them are important , some of them is not .
select name for certificate request file.
it will be created after you finish entering all required information.
certificate request file name: certificate-request.pem
select name of private key file.
if such file does not exist, it will be created later.
![Page 8: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/8.jpg)
file name: private-key.pem
private key file already exists and will be overwritten if you continue.
please enter passphrase that will be used to encrypt generated private key file.
![Page 9: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/9.jpg)
you must enter it twice to be sure you have not made any typing errors.
passphrase: 123456 [IMPORTANT]
verify passphrase: 123456 [IMPORTANT]
![Page 10: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/10.jpg)
enter number of bits for RSA key.
longer keys take more time to generate.
rsa key bits: 2048 [Default]
![Page 11: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/11.jpg)
now you will be asked to enter values that make up distinguished name of your certificate.
you can leave some of them empty.
CA may reject your certificate request if some of these values are incorrect or missing, so please check what are the requirements of your CA.
![Page 12: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/12.jpg)
enter two character country code.
country name: IR [NOT IMPORTANT]
![Page 13: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/13.jpg)
enter full name of state or province.
state or province name: Khuzestan [NOT IMPORTANT]
enter locality (e.g. city) name
![Page 14: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/14.jpg)
locality name: Ahvaz [NOT IMPORTANT]
enter name of the organization
organization name: IPExperts [NOT IMPORTANT]
![Page 15: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/15.jpg)
enter organizational unit name
organization unit name: IT Department [NOT IMPORTANT]
![Page 16: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/16.jpg)
enter common name.
for ssl web servers this must be the fully qualified domain name (FQDN) of the server that will use this certificate (like www.someverysecuresitename.com) .
this is checked by browsers.
![Page 17: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/17.jpg)
common name: reza.ipexperts.ir [IMPORTANT] or common name : 91.108.151.193 [IMPORTANT]
enter email address
email address: [email protected] [NOT IMPORTANT]
![Page 18: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/18.jpg)
now you can enter challenge password.
it's use depends on your CA.
it may be used to revoke this certificate.
![Page 19: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/19.jpg)
challenge password: 123456 [NOT IMPORTANT]
you can enter unstructured address, if your CA accepts or requires it.
unstructured address: Reza Moghadam [NOT IMPORTANT]
![Page 20: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/20.jpg)
After a few seconds you will receive notification that the Certificate Request file was created:
![Page 21: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/21.jpg)
You can see Certificate-Request.pem and Private-key.pem is added in Files Menu
![Page 23: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/23.jpg)
CaCerts :
Please Drag and Drop Request Files Include ( Certificate-Request.pem and Private-Key.pem ) to your Desktop .
first open Certificate-Request.pem file with Wordpad , Copy All String Include Begin and Ends of Certificate Request , Then Login to your Account in Cacert and Make a New Server Certificate .
![Page 25: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/25.jpg)
Paste your Certificate-Request.pem Strings to CSR Fields in Your Account ( New Server Certificate ) and Submit That .
Domain is Accepted .
![Page 26: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/26.jpg)
Copy and Paste your Certificate Response from Cacert in a Wordpad and save that with .pem file ( In Here : certificate-response.pem )
![Page 27: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/27.jpg)
Private Key :
We need a Private-Key as Key file , But Generated private keys will be in pkcs8 format, which is not supported in RouterOS.
To import such keys we should use Openssl Tool in Linux Distributes and make a Privat-Key File .
We can setup Openssl via these command :
![Page 28: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/28.jpg)
apt-get install openssloryum install openssl
Upload or Move Private-Key.pem file to That Linux OS with Openssl Service ( Bitvise SSH Client )
![Page 30: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/30.jpg)
openssl rsa -in private-key.pem -text
copy and paste export String ( Include Begin and End ) to a New File ( Ex. Private-Key.Key )
![Page 31: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/31.jpg)
Import Certificate
Import Files ( Certificate-Response.pem , Private-Key.Key ) to Your MikroTik Files Menu .
![Page 32: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/32.jpg)
First Import Certificate-Response.pem file with that Paraphrase
![Page 35: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/35.jpg)
Once you have imported the private key, your certificate should get a "KR" written next to it K: Decrypted-Private-Key R: RSA
Now you will be able to use this key for OVPN.
![Page 37: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/37.jpg)
OpenVPN Server Configuration :
we should make a IP Pool for Openvpn clients .
![Page 38: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/38.jpg)
ip pooladd name=PPP ranges=1.1.1.1-1.1.1.100,1.1.1.150-1.1.1.200
![Page 39: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/39.jpg)
Make a Profile for OpenVPN Service .
![Page 41: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/41.jpg)
Warning: screenshot shows incorrect local address, it should be 1.1.1.254 as per command below
ppp profileset 0 dns-server=4.2.2.4,8.8.8.8add dns-server=4.2.2.4,8.8.8.8 local-address=1.1.1.254 name=\ "OpenVPN Profile" remote-address=PPP
Make a Username & Passowrd for OpenVPN Client
![Page 43: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/43.jpg)
ppp secretadd name=1 password=1 profile="OpenVPN Profile"
Enable OpenVPN Service and Select Valid Certificate .
![Page 45: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/45.jpg)
interface ovpn-server serverset certificate=cert1 enabled=yes
NAT :
add a masquared firewall nat rule to share internet with OpenVPN Client .
![Page 47: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/47.jpg)
ip firewall natadd action=masquerade chain=srcnat src-address=1.1.1.0/24
![Page 48: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/48.jpg)
OpenVPN Client :
Make a OpenVPN Client and Set Address of OpenVPN Server and Username & Password .
![Page 50: Konfigurasi OpenVPN Pada Mikrotik](https://reader035.vdocument.in/reader035/viewer/2022081419/55cf977e550346d03391efea/html5/thumbnails/50.jpg)
interface ovpn-clientadd auth=none cipher=none connect-to=reza.ipexperts.ir mac-address=\ 02:FB:D1:D8:20:B7 name=ovpn-out1 password=1 user=1
Finally :
you can see OpenVPN Client is Connected and you will able to Ping it .