476
edits
Changes
Template:Netoworking rutxxx configuration example mikrotik openvpn (view source)
Revision as of 09:44, 1 April 2020
, 09:44, 1 April 2020no edit summary
==Configuration scheme==
==Configuration scheme==
[[File:|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]]
==Server (Mikrotik) configuration==
==Server (Mikrotik) configuration==
Connect to MikroTik by using '''WinBox''' application and press '''New Terminal'''.
Connect to MikroTik by using '''WinBox''' application and press '''New Terminal'''.
[[File:|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_l2tp_ipsec_mikrotik_1_v1.jpg|border|class=tlt-border]]
Now create certificates by using these commands (these will be valid for 10 years):
Now create certificates by using these commands (these will be valid for 10 years):
Now go to '''Files''' and export those certificates by simply dragging them to your desktop.
Now go to '''Files''' and export those certificates by simply dragging them to your desktop.
[[File:|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_1_v2.jpg|border|class=tlt-border]]
[[File:|border|class=tlt-border]]
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_2_v1.jpg|border|class=tlt-border]]
Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command:
Now go back to '''Terminal''' and create a separate pool of IP addresses for clients by using this command:
pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99
pool add name="vpn-pool" ranges=192.168.8.10-192.168.8.99
Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, you can create a bit more imaginative user/password:
Instead of editing the default encrypted profile, we need to create a new one. Assumption is your MikroTik will also be a DNS server. And while at it, create a bit more secure user/password:
/ppp
/ppp
==Client (RUTxxx) configuration==
==Client (RUTxxx) configuration==
Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' (anything you want) and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
Access RUTxxx WebUI and go to '''Service > VPN > OpenVPN'''. There create a new configuration by selecting role '''Client''', writing '''New configuration name''' and pressing '''Add New''' button. It should appear after a few seconds. Then press '''Edit'''.
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_3_v1.jpg|border|class=tlt-border]]
Then apply the following configuration.
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_4_v1.jpg|border|class=tlt-border]]
# '''Enable''' Instance.
# '''Enable''' Instance.
# Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678''').
# Write '''Private key decryption password''' (you created it by using this command: export-certificate client-certificate export-passphrase='''12345678''').
# Press '''Save'''.
# Press '''Save'''.
==Testing configuration==
Go to '''Status > Routes''' and in the '''Active IP Routes''' table you should see these two new routes.
[[File:Networking_rutxxx_configuration_example_ovpn_mikrotik_5_v1.jpg|border|class=tlt-border]]
Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command:
ping 192.168.8.250
[[File:Networking rutxxx configuration example ovpn mikrotik 6 v1.jpg|border|class=tlt-border]]
