• Kiếm tiền với Hostinger

    Kiếm Tiền Cùng Hostinger

    Bạn đang tìm kiếm cách kiếm thêm thu nhập online? Hãy tham gia ngay chương trình Affiliate của Hostinger! Với mỗi khách hàng đăng ký thông qua liên kết của bạn, bạn sẽ nhận được khoản hoa hồng hấp dẫn.

    Hostinger cung cấp các dịch vụ lưu trữ web (hosting) chất lượng cao với mức giá cạnh tranh, giúp bạn dễ dàng giới thiệu và thu hút người dùng.

    Đừng bỏ lỡ cơ hội tuyệt vời này để tăng thêm thu nhập thụ động.

    Tham Gia Ngay

(Mikrotik) Configure OpenVPN client to site on Mikrotik Router

TigerDao

Administrator
Thành viên BQT
In this content, we will guide you through configuring OpenVPN client to site on the Mikrotik Router device, allowing external devices to connect to the internal client.

(IMG)


– The above example model has been configured with the corresponding IP and srcnat for local devices to go to the internet.

– First we need to create CA, server, and client certificates. Go System -> Certificatesselect + Create Ca certificates as below, at tab General You can add information about Coutry, State,… if you want, change it Day Vaild as you want.


(IMG)


– At tab Key Usage select “crl sign, key cert sign”then select Apply. Then choose Signin CA CRL Host enters the router’s Wan IP -> select Start and wait for the device to process. When the device reports done, we can close the window.


(IMG)

(IMG)


– Continue creating Server certificatestab Key Usage select “digital signature, key encryption, tls server”then select Apply. Then choose Signat CA select the CA name created above, -> select Start and wait for the device to process. Reopen the newly created Server certificates and select them Trusted.


(IMG)

(IMG)

(IMG)


– Create Client certificatestab Key Usage select “tls client”then select Apply. Then choose Signat CA select the CA name created above, -> select Start and wait for the device to process. Similarly create certificates for other clients if any.


(IMG)

(IMG)

(IMG)


– Right-click or open the CA and select client certificates created above Exportfor client certificates you can set Passphrase if desired.


(IMG)

(IMG)


– Go to menu Filesat the window File list will display the exported files, select and download the files to your computer.


(IMG)


– Now comes the menu IP -> Poolcreate a pool level for vpn clients, different from the dhcp level level for local devices.


(IMG)


– Then go there PPP -> create PPP Profile as below, Local Address : IP address of the bridge interface, Remote Address : ip pool created above and Bridge Select the bridge interface name.


(IMG)


– Switch tabs Secretscreate a new user for the remote client, select the item name and password. password, service select ovpn and choose Profile created above.


(IMG)


– Via tab Interface select OVPN Serverand set as below.


(IMG)


– Go Interfaces -> at the interface tab select int bridge. bridgeARP section select proxy-arp.


(IMG)


– On the machine that needs remote, install Openvpn software, then create a folder and put the certificate files created above, create a config file with the extension .ovpn With the content as below, change the content depending on the Wan IP address you will connect the CA name, cert, key depending on your file name.


client
dev tun
proto tcp-client
remote. remote 10.0.0.2

port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
shift CA.crt

cert Client.crt

key Client.key

verb 4
mute 10
cipher AES-256-CBC
auth SHA1
auth-user-pass secret.secret

auth-nocache



(IMG)


– Create a secret file containing the user and password you created for the remote user, save the file without the extension.


(IMG)


– The folder will include files as shown below.


(IMG)


– Open Openvpn connect software, select import profile and select upload config file .ovpn created above, then select connect now you will be asked to enter the password created when exporting the client key if any.


(IMG)


– Check that the connection is successful and can connect to the local host.

(IMG)

(IMG)




!!! Thank you for following the article!!!

Xem tiếp...
 
Top