Line 15: |
Line 15: |
| ==Configuration scheme== | | ==Configuration scheme== |
| | | |
− | [[File:|border|class=tlt-border]] | + | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]] |
| | | |
| ==Server (Mikrotik) configuration== | | ==Server (Mikrotik) configuration== |
Line 51: |
Line 51: |
| Now go to '''Files''' and export those certificates by simply dragging them to your desktop. | | Now go to '''Files''' and export those certificates by simply dragging them to your desktop. |
| | | |
− | [[File:|border|class=tlt-border]] | + | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_1_v2.jpg|border|class=tlt-border]] |
| | | |
− | [[File:|border|class=tlt-border]] | + | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_2_v1.jpg|border|class=tlt-border]] |
| | | |
| Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command: | | Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command: |
Line 61: |
Line 61: |
| pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99 | | pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99 |
| | | |
− | Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, you can create a bit more imaginative user/password: | + | Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, create a bit more secure user/password: |
| | | |
| /ppp | | /ppp |
Line 83: |
Line 83: |
| ==Client (RUTxxx) configuration== | | ==Client (RUTxxx) configuration== |
| | | |
− | Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' (anything you want) and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''. | + | Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''. |
| | | |
| + | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_3_v1.jpg|border|class=tlt-border]] |
| | | |
− | [[File:|border|class=tlt-border]]
| + | Then apply the following configuration. |
| | | |
− | Then apply the following configuration.
| + | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_4_v1.jpg|border|class=tlt-border]] |
| | | |
− | [[File:|border|class=tlt-border]]
| |
| | | |
| # '''Enable''' Instance. | | # '''Enable''' Instance. |
Line 104: |
Line 104: |
| # Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678'''). | | # Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678'''). |
| # Press '''Save'''. | | # Press '''Save'''. |
| + | |
| + | ==Testing configuration== |
| + | |
| + | Go to '''Status > Routes''' and in the '''Active IP Routes''' table you should see these two new routes. |
| + | |
| + | [[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_5_v1.jpg|border|class=tlt-border]] |
| + | |
| + | Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command: |
| + | |
| + | ping 192.168.8.250 |
| + | |
| + | [[File:Networking rutxxx configuration example ovpn mikrotik 6 v1.jpg|border|class=tlt-border]] |