Mikrotik OpenVPN 2: различия между версиями

Материал из noname.com.ua
Перейти к навигацииПерейти к поиску
(Новая страница: «=Mikrotik Openvpn v2= ==Mikrotik== <PRE> :global COMMONNAME "openVPN" :global COUNTRY "UA" :global STATE "KH" :global LOCALITY "KHARKOV" :global ORG "sirmax@home…»)
 
Строка 1: Строка 1:
  +
[[Категория:Mikrotik]]
  +
[[Категория:Linux]]
  +
[[Категория:OpenVPN]]
  +
  +
 
=Mikrotik Openvpn v2=
 
=Mikrotik Openvpn v2=
   

Версия 11:51, 10 мая 2019


Mikrotik Openvpn v2

Mikrotik

:global COMMONNAME "openVPN"
:global COUNTRY "UA"
:global STATE "KH"
:global LOCALITY "KHARKOV"
:global ORG "sirmax@home"
:global UNIT ""
:global KEYSIZE "1024"
:global USERNAME "openvpn"
:global PASSWORD "Xu3thoo4"
/certificate 
add name=ca-template country="$COUNTRY" state="$STATE" locality="$LOCALITY" organization="$ORGANIZATION" unit="$UNIT" common-name="$COMMONNAME" key-size="$KEYSIZE" days-valid=3650 key-usage=crl-sign,key-cert-sign  sign ca-template ca-crl-host=127.0.0.1 name="$COMMONNAME"


add name=server-template country="$COUNTRY" state="$STATE" locality="$LOCALITY" organization="$ORGANIZATION" unit="$UNIT" common-name="server@$COMMONNAME" key-size="$KEYSIZE" days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server

sign server-template ca="$COMMONNAME" name="server@$COMMONNAME"

add name=$USERNAME country="$COUNTRY" state="$STATE" locality="$LOCALITY" organization="$ORGANIZATION" unit="$UNIT" common-name="$USERNAME" key-size="$KEYSIZE" days-valid=3650 key-usage=tls-client
/ip pool
add name=OPEN-VPN-POOL ranges=10.2.1.2-10.2.1.254
/ppp profile
add dns-server=8.8.8.8 local-address=10.2.1.1 name=OPEN-VPN-PROFILE remote-address=OPEN-VPN-POOL use-encryption=yes
/interface ovpn-server server
set auth=sha1 certificate="server@$COMMONNAME" cipher=aes128,aes192,aes256 default-profile=OPEN-VPN-PROFILE enabled=yes require-client-certificate=yes
/ip firewall filter add chain=input dst-port=1194 protocol=tcp comment="Allow OpenVPN" place-before=0
/ppp secret add name=$USERNAME password=$PASSWORD profile=OPEN-VPN-PROFILE service=ovpn
/certificate add name="$USERNAME-to-issue" copy-from="$USERNAME" common-name="$USERNAME@$COMMONNAME"
/certificate sign "$USERNAME-to-issue" ca="$COMMONNAME" name="$USERNAME@$COMMONNAME"
export-certificate "$COMMONNAME" export-passphrase="12345678"
export-certificate "$USERNAME@$COMMONNAME" export-passphrase="$PASSWORD"

/file print 9 cert_export_openVPN.crt .crt file 948 may/08/2019 14:12:51 10 cert_export_openvpn@openVPN.crt .crt file 924 may/08/2019 14:13:00 11 cert_export_openvpn@openVPN.key .key file 1054 may/08/2019 14:13:00

Сертефиуаты забрать по scp