Secret add name=user profile=vpn-profile password=password And while at it, create secure user/password: Assumption is that your MikroTik will also be a DNS server. Instead of editing the default encrypted profile, we can create a new one. You will need to export root certificate, to do so use these commands:Įxport-certificate ca-certificate export-passphrase="" Sign client-template name=client-certificate ca=ca-certificate Sign server-template name=server-certificate ca=ca-certificate Use these commands to create certificates:Īdd name=ca-template common-name= days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-signĪdd name=server-template common-name= days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-serverĪdd name=client-template common-name= days-valid=3650 key-size=2048 key-usage=tls-client It must match either external IP or external host name – no exceptions. Procedure is exactly the same as for OpenVPN server setup with the slight difference being that common-name really matters. Prerequisite for any VPN server is to get certificates sorted.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |