OpenVPN

From MikroTik Wiki
Revision as of 10:01, 31 October 2007 by Pingus (talk | contribs) (RouterOS as server)
Jump to: navigation, search

Server configuration

RouterOS as server

Define a profile: 

/ppp profile 
add change-tcp-mss=default comment="" local-address=192.168.0.4 \
name="your_profile" only-one=default remote-address=192.168.0.5 \
use-compression=default use-encryption=required use-vj-compression=default

Add a user: 

/ppp secret 
add caller-id="" comment="" disabled=no limit-bytes-in=0 \
limit-bytes-out=0 name="username" password="password" \
routes="" service=any

OpenVPN server configuration: 

/interface ovpn-server server 
set auth=sha1,md5 certificate=router_cert \
cipher=blowfish128,aes128,aes192,aes256 default-profile=your_profile \
enabled=yes keepalive-timeout=disabled max-mtu=1500 mode=ip netmask=32 \
port=1194 require-client-certificate=yes

Add an OpenVPN server instance: 

/interface ovpn-server 
add comment="" disabled=no name="ovpn-client.example.com" user="username"

Client configuration

Linux as client

This is a working client.conf file for the Linux OpenVPN client. The certificates are signed by CAcert.org. 

 dev tun0
 proto tcp-client
 
 remote openvpn.example.com 1194 # Remote OpenVPN Servername or IP address
 
 ca   rootCA.cert
 cert client.cert
 key  client.key
 
 tls-client
 tls-remote openvpn.example.com # FQDN, the same as in the certificate
 
 port 1194 # necessary?
 
 user nobody
 group nogroup
 
 #comp-lzo # Do not use compression. It doesn't work with RouterOS (tested with 3.0rc9)
 
 # More reliable detection when a system loses its connection.
 ping 15
 ping-restart 45
 ping-timer-rem
 persist-tun
 persist-key
 
 # Silence  the output of replay warnings, which are a common false
 # alarm on WiFi networks.  This option preserves the  security  of
 # the replay protection code without the verbosity associated with
 # warnings about duplicate packets.
 mute-replay-warnings
 
 # Verbosity level.
 # 0 = quiet, 1 = mostly quiet, 3 = medium output, 9 = verbose
 verb 3
 
 cipher AES-256-CBC
 auth SHA1
 pull
 
 auth-user-pass auth.conf

The file auth.conf holds your username/password combination. On the first line must be the username and on the second line your password. 

 username
 password

RouterOS as client

comming soon ...

Retrieved from "https://wiki.mikrotik.com/index.php?title=OpenVPN&oldid=5859"