Template:Netoworking rutxxx configuration example mikrotik openvpn: Difference between revisions
Template:Netoworking rutxxx configuration example mikrotik openvpn (view source)
Revision as of 08:44, 1 April 2020
, 1 April 2020no edit summary
No edit summary |
|||
(28 intermediate revisions by 2 users not shown) | |||
Line 15: | Line 15: | ||
==Configuration scheme== | ==Configuration scheme== | ||
[[File:|border|class=tlt-border]] | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]] | ||
==Server (Mikrotik) configuration== | ==Server (Mikrotik) configuration== | ||
Line 51: | Line 51: | ||
Now go to '''Files''' and export those certificates by simply dragging them to your desktop. | Now go to '''Files''' and export those certificates by simply dragging them to your desktop. | ||
[[File:|border|class=tlt-border]] | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_1_v2.jpg|border|class=tlt-border]] | ||
[[File:|border|class=tlt-border]] | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_2_v1.jpg|border|class=tlt-border]] | ||
Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command: | Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command: | ||
Line 61: | Line 61: | ||
pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99 | pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99 | ||
Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, | Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, create a bit more secure user/password: | ||
/ppp | /ppp | ||
Line 83: | Line 83: | ||
==Client (RUTxxx) configuration== | ==Client (RUTxxx) configuration== | ||
Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' | Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''. | ||
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_3_v1.jpg|border|class=tlt-border]] | |||
Then apply the following configuration. | |||
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_4_v1.jpg|border|class=tlt-border]] | |||
# '''Enable''' Instance. | # '''Enable''' Instance. | ||
Line 104: | Line 104: | ||
# Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678'''). | # Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678'''). | ||
# Press '''Save'''. | # Press '''Save'''. | ||
==Testing configuration== | |||
Go to '''Status > Routes''' and in the '''Active IP Routes''' table you should see these two new routes. | |||
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_5_v1.jpg|border|class=tlt-border]] | |||
Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command: | |||
ping 192.168.8.250 | |||
[[File:Networking rutxxx configuration example ovpn mikrotik 6 v1.jpg|border|class=tlt-border]] |