Jump to content

Template:Netoworking rutxxx configuration example mikrotik openvpn: Difference between revisions

no edit summary
No edit summary
 
(28 intermediate revisions by 2 users not shown)
Line 15: Line 15:
==Configuration scheme==
==Configuration scheme==


[[File:|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]]


==Server (Mikrotik) configuration==
==Server (Mikrotik) configuration==
Line 51: Line 51:
Now go to '''Files''' and export those certificates by simply dragging them to your desktop.
Now go to '''Files''' and export those certificates by simply dragging them to your desktop.


[[File:|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_1_v2.jpg|border|class=tlt-border]]


[[File:|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_2_v1.jpg|border|class=tlt-border]]


Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command:
Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command:
Line 61: Line 61:
  pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99
  pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99


Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, you can create a bit more imaginative user/password:
Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, create a bit more secure user/password:


  /ppp
  /ppp
Line 83: Line 83:
==Client (RUTxxx) configuration==
==Client (RUTxxx) configuration==


Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' (anything you want) and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.


[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_3_v1.jpg|border|class=tlt-border]]


[[File:|border|class=tlt-border]]
Then apply the following configuration.


Then apply the following configuration.  
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_4_v1.jpg|border|class=tlt-border]]


[[File:|border|class=tlt-border]]


# '''Enable''' Instance.
# '''Enable''' Instance.
Line 104: Line 104:
# Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678''').
# Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678''').
# Press '''Save'''.
# Press '''Save'''.
==Testing configuration==
Go to '''Status > Routes''' and in the '''Active IP Routes''' table you should see these two new routes.
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_5_v1.jpg|border|class=tlt-border]]
Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command:
ping 192.168.8.250
[[File:Networking rutxxx configuration example ovpn mikrotik 6 v1.jpg|border|class=tlt-border]]