Scribd Logo
Upload

Welcome to Scribd!

  • 145 views

    OpenVPN Mikrotik

    Uploaded by

    camilo
    The document provides a 14-step process to configure an OpenVPN server on a Mikrotik router and connect a Windows client: 1. Update the ppp package on the Mikrotik router. 2. Create an IP pool for OpenVPN connections. 3. Create a user profile for the OpenVPN connection. 4. Generate server, CA, and client certificates on the Mikrotik router. 5. Enable the OpenVPN server interface and configure authentication. 6. Download the certificates and configure the Windows OpenVPN client. 7. Add a firewall rule on the Mikrotik to allow the OpenVPN connection. 8. Test the connection from the Windows client.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    OpenVPN Mikrotik

    Uploaded by

    camilo
    145 views10 pages
    The document provides a 14-step process to configure an OpenVPN server on a Mikrotik router and connect a Windows client: 1. Update the ppp package on the Mikrotik router. 2. Create an IP pool for OpenVPN connections. 3. Create a user profile for the OpenVPN connection. 4. Generate server, CA, and client certificates on the Mikrotik router. 5. Enable the OpenVPN server interface and configure authentication. 6. Download the certificates and configure the Windows OpenVPN client. 7. Add a firewall rule on the Mikrotik to allow the OpenVPN connection. 8. Test the connection from the Windows client.

    Original Description:

    Open VPN en Routers Mikrotik

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document provides a 14-step process to configure an OpenVPN server on a Mikrotik router and connect a Windows client: 1. Update the ppp package on the Mikrotik router. 2. Create an IP pool for OpenVPN connections. 3. Create a user profile for the OpenVPN connection. 4. Generate server, CA, and client certificates on the Mikrotik router. 5. Enable the OpenVPN server interface and configure authentication. 6. Download the certificates and configure the Windows OpenVPN client. 7. Add a firewall rule on the Mikrotik to allow the OpenVPN connection. 8. Test the connection from the Windows client.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    145 views10 pages

    OpenVPN Mikrotik

    Uploaded by

    camilo
    The document provides a 14-step process to configure an OpenVPN server on a Mikrotik router and connect a Windows client: 1. Update the ppp package on the Mikrotik router. 2. Create an IP pool for OpenVPN connections. 3. Create a user profile for the OpenVPN connection. 4. Generate server, CA, and client certificates on the Mikrotik router. 5. Enable the OpenVPN server interface and configure authentication. 6. Download the certificates and configure the Windows OpenVPN client. 7. Add a firewall rule on the Mikrotik to allow the OpenVPN connection. 8. Test the connection from the Windows client.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 10

    Configuración​ ​OpenVPN​ ​Mikrotik

    Junio​ ​de​ ​2017


    William​ ​Rojas​ ​Ordoñez

    Link:​ ​https://www.youtube.com/watch?v=ucifDsLHj6c

    1. Primero​ ​actualizar​ ​el​ ​paquete​ ​ppp​ a


    ​ ​ ​la​ ​versión​ ​6.37.1​ ​(versión​ ​estable,​ ​evaluar​ ​si​ ​a​ ​la
    fecha​ ​existe​ ​una​ ​sin​ ​problemas).
    System>Package>ppp

    2. Configure​ ​un​ ​pool​ ​de​ ​ip’s​ ​para​ ​las​ ​conexiones​ ​a​ ​través​ ​de​ ​OpenVPN.
    IP>Pool
    /ip​ ​pool​ ​add​ ​name=openVPN​ ​ranges=192.168.1.201-192.168.1.205
    3. Cree​ ​un​ ​perfil​ ​para​ ​la​ ​conexión​ ​OpenVPN​ ​desde​ ​el​ ​menú​ ​ppp.
    PPP>Secrets
    Name:​ ​Nombre​ ​Usuario​ ​cuenta.
    Service:​​ ​Tipo​ ​ovpn.
    Profile:​ ​default-encryption.
    /ppp​ ​secret​ ​add​ ​name=support​ ​password=​ ​service=ovpn

    4. Edite​ ​los​ ​perfiles​ ​para​ ​la​ ​conexión​ ​OpenVPN​ ​desde​ ​el​ ​menú​ ​ppp.​ ​La​ ​opción
    PPP>Profiles
    Local​ ​Address:​ ​Gateway​ ​de​ ​la​ ​red.
    Remote​ ​Address:​ ​Pool​ ​Ip’s.
    5. Crear​ ​los​ ​certificados​ ​por​ ​la​ ​terminal​ ​de​ ​RouterOS.​ ​Abrir​ ​la​ ​terminal​ ​y​ ​abrir​ ​el​ ​menú
    certificates.
    System>certificates.​ ​New​ ​terminal.
    Durante​ ​la​ ​creación​ ​de​ ​los​ ​certificados​ ​es​ ​normal​ ​que​ ​la​ ​CPU​ ​de​ ​la​ ​routerBoard
    esté​ ​al​ ​máximo​ ​de​ ​capacidad.
    Editar​ ​a​ ​la​ ​conveniencia​ ​los​ ​campos​ ​entre​ ​paréntesis.

    Certificado​ ​1​ ​CA​.


    /certificate​ ​add​ ​name=CA-tpl​ ​country="CO"​ ​state="VAC"​ ​locality="CALI"​ ​organization=
    “​(NOMBRE​ ​ORGANIZACIÓN)”​​ ​unit="MA"​ ​common-name="CA"​ ​key-size=4096
    days-valid=3650​ ​key-usage=crl-sign,key-cert-sign
    /certificate​ ​sign​ ​CA-tpl​ ​ca-crl-host=127.0.0.1​ ​name="CA"

    Certificado​ ​2​ ​SERVER​.


    /certificate​ ​add​ ​name=SERVER-tpl​ ​country="CO"​ ​state="VAC"​ ​locality="Cali"
    organization="EYTEC"​ ​unit="MA"​ ​common-name=​ ​“​(IP​ ​PUBLICA​ ​SEDE)”​​ ​key-size=4096
    days-valid=1095​ ​key-usage=digital-signature,key-encipherment,tls-server
    /certificate​ ​sign​ ​SERVER-tpl​ ​ca="CA"​ ​name="SERVER"
    Certificado​ ​3​ ​CLIENT​.
    /certificate​ ​add​ ​name=CLIENT-tpl​ ​country="CO"​ ​state="VAC"​ ​locality="Cali"​ ​organization=
    “​(NOMBRE​ ​ORGANIZACIÓN)”​​ ​unit="MA"​ ​common-name="CLIENT"​ ​key-size=4096
    days-valid=3650​ ​key-usage=tls-client
    /certificate​ ​add​ ​name=CLIENT1​ ​copy-from="CLIENT-tpl"​ ​common-name="CLIENT1"
    /certificate​ ​sign​ ​CLIENT1​ ​ca="CA"​ ​name="CLIENT1"

    Export​ ​Certificado​ ​CLIENT.


    /certificate​ ​export-certificate​ ​CA​ ​export-passphrase=(​definir​ ​clave​ ​segura​)
    /certificate​ ​export-certificate​ ​CLIENT1​ ​export-passphrase=(​definir​ ​clave​ ​segura​)
    6. ​ ​Habilitar​ ​el​ ​servidor​ ​de​ ​OpenVPN​ ​para​ ​el​ ​Mikrotik​ ​en​ ​el​ ​menú​ ​ppp.
    ppp>interface>OVPN​ ​Server
    /interface​ ​ovpn-server​ ​server
    set​ ​auth=sha1​ ​certificate=SERVER​ ​cipher=aes256
    default-profile=default-encryption​ ​enabled=yes​ ​require-client-certificate=yes

    7.​ ​Descargar​ ​los​ ​certificados​ ​del​ ​menú​ ​files​ ​creando​ ​una​ ​carpeta​ ​en​ ​el​ ​escritorio
    arrastrandolos​ ​desde​ ​la​ ​ventana​ ​de​ ​Winbox​ ​al​ ​escritorio.

    8.​ ​Descargar​ ​e​ ​instale​ ​el​ ​cliente​ ​de​ ​OpenVPN​ ​del​ ​siguiente​ ​enlace:
    Link:​​ ​https://openvpn.net/index.php/open-source/downloads.html

    9.​ ​Abra​ ​una​ ​consola​ ​de​ ​simbolo​ ​de​ ​sistema​ ​de​ ​Windows​ ​y​ ​ejecute​ ​los​ ​siguientes
    comandos.
    cd​ ​c:\Users\"User"\Desktop\certs
    "c:\Program​ ​Files\OpenVPN\bin\openssl.exe"​ ​rsa​ ​-in​ ​cert_export_CLIENT1.key
    -out​ ​cert_export_CLIENT1.key
    Se​ ​le​ ​pedirá​ ​la​ ​contraseña​ ​configurada​ ​en​ ​el​ ​certificado​ ​cliente​ ​CLIENT1​ ​en​ ​el​ ​paso​ ​5
    export-passphrase​.

    Después​ ​copie​ ​los​ ​certificados​ ​del​ ​escritorio​ ​a​ ​la​ ​carpeta​ ​C:\Program
    Files\OpenVPN\config

    10.​ ​Abra​ ​un​ ​editor​ ​de​ ​texto​ ​y​ ​cree​ ​un​ ​archivo​ ​llamado​ M
    ​ TVPN.ovpn​ ​con​ ​el​ ​siguiente
    contenido.

    #​ ​Specify​ ​that​ ​we​ ​are​ ​a​ ​client​ ​and​ ​that​ ​we


    #​ ​will​ ​be​ ​pulling​ ​certain​ ​config​ ​file​ ​directives
    #​ ​from​ ​the​ ​server.
    client

    #​ ​Use​ ​the​ ​same​ ​setting​ ​as​ ​you​ ​are​ ​using​ ​on


    #​ ​the​ ​server.
    #​ ​On​ ​some​ ​systems,​ ​the​ ​VPN​ ​will​ ​not​ ​function
    #​ ​unless​ ​you​ ​partially​ ​or​ ​fully​ ​disable
    #​ ​the​ ​firewall​ ​for​ ​the​ ​TUN/TAP​ ​interface.
    #dev​ ​tap
    dev​ ​tun

    #​ ​Are​ ​we​ ​connecting​ ​to​ ​a​ ​TCP​ ​or


    #​ ​UDP​ ​server?​ ​ ​Use​ ​the​ ​same​ ​setting​ ​as
    #​ ​on​ ​the​ ​server.​ ​For​ ​MikroTik​ ​only​ ​TCP
    proto​ ​tcp-client

    #​ ​Change​ ​'myremote'​ ​to​ ​be​ ​your​ ​remote​ ​host,


    #​ ​or​ ​comment​ ​out​ ​to​ ​enter​ ​a​ ​listening
    #​ ​server​ ​mode.
    remote​ ​(Configurar​ ​IP​ ​Pública​ ​A​ ​la​ ​Conexión)

    #​ ​Reconfigure​ ​this​ ​line​ ​to​ ​use​ ​a​ ​different


    #​ ​port​ ​number​ ​than​ ​the​ ​default​ ​of​ ​1194.
    port​ ​1194

    #​ ​Most​ ​clients​ ​don't​ ​need​ ​to​ ​bind​ ​to


    #​ ​a​ ​specific​ ​local​ ​port​ ​number.
    nobind

    #​ ​Try​ ​to​ ​preserve​ ​some​ ​state​ ​across​ ​restarts.


    persist-key
    persist-tun

    #​ ​SSL/TLS​ ​client
    tls-client

    #​ ​Chech​ ​server​ ​serificate​ ​in​ ​key-usage


    remote-cert-tls​ ​server

    #​ ​SSL/TLS​ ​parms.
    #​ ​See​ ​the​ ​server​ ​config​ ​file​ ​for​ ​more
    #​ ​description.​ ​ ​It's​ ​best​ ​to​ ​use
    #​ ​a​ ​separate​ ​.crt/.key​ ​file​ ​pair
    #​ ​for​ ​each​ ​client.​ ​ ​A​ ​single​ ​ca
    #​ ​file​ ​can​ ​be​ ​used​ ​for​ ​all​ ​clients.
    ca​ ​cert_export_CA.crt
    cert​ ​cert_export_CLIENT1.crt
    key​ ​ ​cert_export_CLIENT1.key

    #​ ​moderate​ ​verbosity
    verb​ ​4
    mute​ ​10

    #​ ​Select​ ​a​ ​cryptographic​ ​cipher.


    #​ ​If​ ​the​ ​cipher​ ​option​ ​is​ ​used​ ​on​ ​the​ ​server
    #​ ​then​ ​you​ ​must​ ​also​ ​specify​ ​it​ ​here.
    cipher​ ​AES-256-CBC

    #​ ​cipher​ ​algorithm
    auth​ ​SHA1

    #​ ​Username​ ​and​ ​password​ ​file


    auth-user-pass​ ​secret

    #​ ​Nocache​ ​for​ ​auth


    auth-nocache

    #​ ​Pushing​ ​the​ ​redirect-gateway​ ​option​ ​to​ ​clients


    #​ ​will​ ​cause​ ​all​ ​IP​ ​network​ ​traffic​ ​originating
    #​ ​on​ ​client​ ​machines​ ​to​ ​pass​ ​through​ ​the​ ​OpenVPN
    #​ ​server.
    ;redirect-gateway​ ​def1

    11.​ ​Crear​ ​un​ ​archivo​ ​de​ ​nombre​ ​secret​​ ​con​ ​extensión​ ​file​ ​con​ ​las​ ​credenciales​ ​de​ ​ovpn
    configuradas​ ​en​ ​el​ ​paso​ ​3.
    12.​ ​Agregar​ ​regla​ ​de​ ​Firewall​ ​en​ ​el​ ​Mikrotik​ ​para​ ​la​ ​conexión​ ​del​ ​servidor​ ​OpenVPN

    13.​ ​Ejecute​ ​el​ ​cliente​ ​de​ ​OpenVPN​ ​de​ ​Windows​ ​para​ ​validar​ ​funcionamiento.
    14.​ ​Validar​ ​conexión​ ​a​ ​la​ ​red​ ​a​ ​través​ ​del​ ​simbolo​ ​de​ ​sistema.

    You might also like