Scribd Logo
Hochladen

Willkommen bei Scribd!

  • OpenVPN Mikrotik

    Hochgeladen von

    camilo
    96 Ansichten10 Seiten
    Open VPN en Routers Mikrotik

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Open VPN en Routers Mikrotik

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    96 Ansichten10 Seiten

    OpenVPN Mikrotik

    Hochgeladen von

    camilo
    Open VPN en Routers Mikrotik

    Copyright:

    © All Rights Reserved
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 10

    Configuración​ ​OpenVPN​ ​Mikrotik

    Junio​ ​de​ ​2017


    William​ ​Rojas​ ​Ordoñez

    Link:​ ​https://www.youtube.com/watch?v=ucifDsLHj6c

    1. Primero​ ​actualizar​ ​el​ ​paquete​ ​ppp​ a


    ​ ​ ​la​ ​versión​ ​6.37.1​ ​(versión​ ​estable,​ ​evaluar​ ​si​ ​a​ ​la
    fecha​ ​existe​ ​una​ ​sin​ ​problemas).
    System>Package>ppp

    2. Configure​ ​un​ ​pool​ ​de​ ​ip’s​ ​para​ ​las​ ​conexiones​ ​a​ ​través​ ​de​ ​OpenVPN.
    IP>Pool
    /ip​ ​pool​ ​add​ ​name=openVPN​ ​ranges=192.168.1.201-192.168.1.205
    3. Cree​ ​un​ ​perfil​ ​para​ ​la​ ​conexión​ ​OpenVPN​ ​desde​ ​el​ ​menú​ ​ppp.
    PPP>Secrets
    Name:​ ​Nombre​ ​Usuario​ ​cuenta.
    Service:​​ ​Tipo​ ​ovpn.
    Profile:​ ​default-encryption.
    /ppp​ ​secret​ ​add​ ​name=support​ ​password=​ ​service=ovpn

    4. Edite​ ​los​ ​perfiles​ ​para​ ​la​ ​conexión​ ​OpenVPN​ ​desde​ ​el​ ​menú​ ​ppp.​ ​La​ ​opción
    PPP>Profiles
    Local​ ​Address:​ ​Gateway​ ​de​ ​la​ ​red.
    Remote​ ​Address:​ ​Pool​ ​Ip’s.
    5. Crear​ ​los​ ​certificados​ ​por​ ​la​ ​terminal​ ​de​ ​RouterOS.​ ​Abrir​ ​la​ ​terminal​ ​y​ ​abrir​ ​el​ ​menú
    certificates.
    System>certificates.​ ​New​ ​terminal.
    Durante​ ​la​ ​creación​ ​de​ ​los​ ​certificados​ ​es​ ​normal​ ​que​ ​la​ ​CPU​ ​de​ ​la​ ​routerBoard
    esté​ ​al​ ​máximo​ ​de​ ​capacidad.
    Editar​ ​a​ ​la​ ​conveniencia​ ​los​ ​campos​ ​entre​ ​paréntesis.

    Certificado​ ​1​ ​CA​.


    /certificate​ ​add​ ​name=CA-tpl​ ​country="CO"​ ​state="VAC"​ ​locality="CALI"​ ​organization=
    “​(NOMBRE​ ​ORGANIZACIÓN)”​​ ​unit="MA"​ ​common-name="CA"​ ​key-size=4096
    days-valid=3650​ ​key-usage=crl-sign,key-cert-sign
    /certificate​ ​sign​ ​CA-tpl​ ​ca-crl-host=127.0.0.1​ ​name="CA"

    Certificado​ ​2​ ​SERVER​.


    /certificate​ ​add​ ​name=SERVER-tpl​ ​country="CO"​ ​state="VAC"​ ​locality="Cali"
    organization="EYTEC"​ ​unit="MA"​ ​common-name=​ ​“​(IP​ ​PUBLICA​ ​SEDE)”​​ ​key-size=4096
    days-valid=1095​ ​key-usage=digital-signature,key-encipherment,tls-server
    /certificate​ ​sign​ ​SERVER-tpl​ ​ca="CA"​ ​name="SERVER"
    Certificado​ ​3​ ​CLIENT​.
    /certificate​ ​add​ ​name=CLIENT-tpl​ ​country="CO"​ ​state="VAC"​ ​locality="Cali"​ ​organization=
    “​(NOMBRE​ ​ORGANIZACIÓN)”​​ ​unit="MA"​ ​common-name="CLIENT"​ ​key-size=4096
    days-valid=3650​ ​key-usage=tls-client
    /certificate​ ​add​ ​name=CLIENT1​ ​copy-from="CLIENT-tpl"​ ​common-name="CLIENT1"
    /certificate​ ​sign​ ​CLIENT1​ ​ca="CA"​ ​name="CLIENT1"

    Export​ ​Certificado​ ​CLIENT.


    /certificate​ ​export-certificate​ ​CA​ ​export-passphrase=(​definir​ ​clave​ ​segura​)
    /certificate​ ​export-certificate​ ​CLIENT1​ ​export-passphrase=(​definir​ ​clave​ ​segura​)
    6. ​ ​Habilitar​ ​el​ ​servidor​ ​de​ ​OpenVPN​ ​para​ ​el​ ​Mikrotik​ ​en​ ​el​ ​menú​ ​ppp.
    ppp>interface>OVPN​ ​Server
    /interface​ ​ovpn-server​ ​server
    set​ ​auth=sha1​ ​certificate=SERVER​ ​cipher=aes256
    default-profile=default-encryption​ ​enabled=yes​ ​require-client-certificate=yes

    7.​ ​Descargar​ ​los​ ​certificados​ ​del​ ​menú​ ​files​ ​creando​ ​una​ ​carpeta​ ​en​ ​el​ ​escritorio
    arrastrandolos​ ​desde​ ​la​ ​ventana​ ​de​ ​Winbox​ ​al​ ​escritorio.

    8.​ ​Descargar​ ​e​ ​instale​ ​el​ ​cliente​ ​de​ ​OpenVPN​ ​del​ ​siguiente​ ​enlace:
    Link:​​ ​https://openvpn.net/index.php/open-source/downloads.html

    9.​ ​Abra​ ​una​ ​consola​ ​de​ ​simbolo​ ​de​ ​sistema​ ​de​ ​Windows​ ​y​ ​ejecute​ ​los​ ​siguientes
    comandos.
    cd​ ​c:\Users\"User"\Desktop\certs
    "c:\Program​ ​Files\OpenVPN\bin\openssl.exe"​ ​rsa​ ​-in​ ​cert_export_CLIENT1.key
    -out​ ​cert_export_CLIENT1.key
    Se​ ​le​ ​pedirá​ ​la​ ​contraseña​ ​configurada​ ​en​ ​el​ ​certificado​ ​cliente​ ​CLIENT1​ ​en​ ​el​ ​paso​ ​5
    export-passphrase​.

    Después​ ​copie​ ​los​ ​certificados​ ​del​ ​escritorio​ ​a​ ​la​ ​carpeta​ ​C:\Program
    Files\OpenVPN\config

    10.​ ​Abra​ ​un​ ​editor​ ​de​ ​texto​ ​y​ ​cree​ ​un​ ​archivo​ ​llamado​ M
    ​ TVPN.ovpn​ ​con​ ​el​ ​siguiente
    contenido.

    #​ ​Specify​ ​that​ ​we​ ​are​ ​a​ ​client​ ​and​ ​that​ ​we


    #​ ​will​ ​be​ ​pulling​ ​certain​ ​config​ ​file​ ​directives
    #​ ​from​ ​the​ ​server.
    client

    #​ ​Use​ ​the​ ​same​ ​setting​ ​as​ ​you​ ​are​ ​using​ ​on


    #​ ​the​ ​server.
    #​ ​On​ ​some​ ​systems,​ ​the​ ​VPN​ ​will​ ​not​ ​function
    #​ ​unless​ ​you​ ​partially​ ​or​ ​fully​ ​disable
    #​ ​the​ ​firewall​ ​for​ ​the​ ​TUN/TAP​ ​interface.
    #dev​ ​tap
    dev​ ​tun

    #​ ​Are​ ​we​ ​connecting​ ​to​ ​a​ ​TCP​ ​or


    #​ ​UDP​ ​server?​ ​ ​Use​ ​the​ ​same​ ​setting​ ​as
    #​ ​on​ ​the​ ​server.​ ​For​ ​MikroTik​ ​only​ ​TCP
    proto​ ​tcp-client

    #​ ​Change​ ​'myremote'​ ​to​ ​be​ ​your​ ​remote​ ​host,


    #​ ​or​ ​comment​ ​out​ ​to​ ​enter​ ​a​ ​listening
    #​ ​server​ ​mode.
    remote​ ​(Configurar​ ​IP​ ​Pública​ ​A​ ​la​ ​Conexión)

    #​ ​Reconfigure​ ​this​ ​line​ ​to​ ​use​ ​a​ ​different


    #​ ​port​ ​number​ ​than​ ​the​ ​default​ ​of​ ​1194.
    port​ ​1194

    #​ ​Most​ ​clients​ ​don't​ ​need​ ​to​ ​bind​ ​to


    #​ ​a​ ​specific​ ​local​ ​port​ ​number.
    nobind

    #​ ​Try​ ​to​ ​preserve​ ​some​ ​state​ ​across​ ​restarts.


    persist-key
    persist-tun

    #​ ​SSL/TLS​ ​client
    tls-client

    #​ ​Chech​ ​server​ ​serificate​ ​in​ ​key-usage


    remote-cert-tls​ ​server

    #​ ​SSL/TLS​ ​parms.
    #​ ​See​ ​the​ ​server​ ​config​ ​file​ ​for​ ​more
    #​ ​description.​ ​ ​It's​ ​best​ ​to​ ​use
    #​ ​a​ ​separate​ ​.crt/.key​ ​file​ ​pair
    #​ ​for​ ​each​ ​client.​ ​ ​A​ ​single​ ​ca
    #​ ​file​ ​can​ ​be​ ​used​ ​for​ ​all​ ​clients.
    ca​ ​cert_export_CA.crt
    cert​ ​cert_export_CLIENT1.crt
    key​ ​ ​cert_export_CLIENT1.key

    #​ ​moderate​ ​verbosity
    verb​ ​4
    mute​ ​10

    #​ ​Select​ ​a​ ​cryptographic​ ​cipher.


    #​ ​If​ ​the​ ​cipher​ ​option​ ​is​ ​used​ ​on​ ​the​ ​server
    #​ ​then​ ​you​ ​must​ ​also​ ​specify​ ​it​ ​here.
    cipher​ ​AES-256-CBC

    #​ ​cipher​ ​algorithm
    auth​ ​SHA1

    #​ ​Username​ ​and​ ​password​ ​file


    auth-user-pass​ ​secret

    #​ ​Nocache​ ​for​ ​auth


    auth-nocache

    #​ ​Pushing​ ​the​ ​redirect-gateway​ ​option​ ​to​ ​clients


    #​ ​will​ ​cause​ ​all​ ​IP​ ​network​ ​traffic​ ​originating
    #​ ​on​ ​client​ ​machines​ ​to​ ​pass​ ​through​ ​the​ ​OpenVPN
    #​ ​server.
    ;redirect-gateway​ ​def1

    11.​ ​Crear​ ​un​ ​archivo​ ​de​ ​nombre​ ​secret​​ ​con​ ​extensión​ ​file​ ​con​ ​las​ ​credenciales​ ​de​ ​ovpn
    configuradas​ ​en​ ​el​ ​paso​ ​3.
    12.​ ​Agregar​ ​regla​ ​de​ ​Firewall​ ​en​ ​el​ ​Mikrotik​ ​para​ ​la​ ​conexión​ ​del​ ​servidor​ ​OpenVPN

    13.​ ​Ejecute​ ​el​ ​cliente​ ​de​ ​OpenVPN​ ​de​ ​Windows​ ​para​ ​validar​ ​funcionamiento.
    14.​ ​Validar​ ​conexión​ ​a​ ​la​ ​red​ ​a​ ​través​ ​del​ ​simbolo​ ​de​ ​sistema.

    Das könnte Ihnen auch gefallen