OPVN Server: Difference between revisions

From AbahDoku Wiki
← Older edit
No edit summary
m 85 revisions imported
 
(27 intermediate revisions by the same user not shown)
Line 1: Line 1:
Syarat :
==Punya IP Publik==
1. Memiliki IP Publik (contoh : 108.87.62.201)
Sepertinya ini menjadi syarat wajib jika ingin membuat VPN, karena berkaitan dengan berbagai konfigurasi lain yang nanti akan menjadi catatan penting.
2. Membuat Certificate di Mikrotik.
Jika syarat 1 sudah dipenuhi, lanjut ke syarat 2.
 
==Membuat Certificate==
==Membuat Certificate==
  /certificate
  /certificate
Line 10: Line 7:
[[File:Ovpn-1.png|link=https://drive.google.com/uc?id=17Dx1q5FxRBzSAS9gqpvN8kSmEsAUwOIf|center|500px|New Certificate > CA|thumb]]
[[File:Ovpn-1.png|link=https://drive.google.com/uc?id=17Dx1q5FxRBzSAS9gqpvN8kSmEsAUwOIf|center|500px|New Certificate > CA|thumb]]
[[File:Ovpn-2.png|link=https://drive.google.com/uc?id=1cQ1YkCL68JlOZK--OjIDZa_kl7z8TcgH|center|500px|Key Usage > CA|thumb]]
[[File:Ovpn-2.png|link=https://drive.google.com/uc?id=1cQ1YkCL68JlOZK--OjIDZa_kl7z8TcgH|center|500px|Key Usage > CA|thumb]]
  add name=server-template common-name=*.example.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
  add name=server common-name=server days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
[[File:Ovpn-3.png|link=https://drive.google.com/uc?id=1tPRSlEik4q8RG-TvxsbaIEbwUw6r4FH9|center|500px|New Certificate > Server|thumb]]
[[File:Ovpn-3.png|link=https://drive.google.com/uc?id=1tPRSlEik4q8RG-TvxsbaIEbwUw6r4FH9|center|500px|New Certificate > Server|thumb]]
[[File:Opvn-4.png|link=https://drive.google.com/uc?id=1qzxKn4987zP6z8gAP0Nifgsx0u2Jv8ru|center|500px|Key Usage > Server|thumb]]
[[File:Opvn-4.png|link=https://drive.google.com/uc?id=1qzxKn4987zP6z8gAP0Nifgsx0u2Jv8ru|center|500px|Key Usage > Server|thumb]]
Line 32: Line 29:
  sign ca name=ca-certificate
  sign ca name=ca-certificate
Untuk diperhatikan progress saat sign sampai berhasil : <b>done</b>
Untuk diperhatikan progress saat sign sampai berhasil : <b>done</b>
==Trust Certificate==
/certificate
set CA trusted=yes
set server trusted=yes
[[File:Ovpn-10.png|link=https://drive.google.com/uc?id=1IyKfAQdAY-myfiM9vxGOT0OfEZx4RZZ0|500px|center|Trusted > CA|thumb]]
[[File:Ovpn-11.png|link=https://drive.google.com/uc?id=1rD1oeshB1_-pU6s8Y2oONAglu-84FUW2|500px|center|Trusted > server|thumb]]
==Export Certificate==
/certificate
export-certificate ca export-passphrase=""
export-certificate client export-passphrase=12345678
export-certificate client1 export-passphrase=12345678
==OPVN Profile dan User==
/ppp
profile add name="vpn-profile"
secret add name=user profile=vpn-profile password=password
==Aktifkan OPVN Server==
/interface ovpn-server server
set default-profile=vpn-profile certificate=server-certificate require-client-certificate=yes auth=sha1,md5 cipher=blowfish128,aes256 enabled=yes

Latest revision as of 22:48, 19 November 2024

Punya IP Publik[edit]

Sepertinya ini menjadi syarat wajib jika ingin membuat VPN, karena berkaitan dengan berbagai konfigurasi lain yang nanti akan menjadi catatan penting.

Membuat Certificate[edit]

/certificate
add name=CA common-name=CA days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign

Yang menggunakan WinBox dapat diikuti seperti gambar berikut :

File:Ovpn-1.png
New Certificate > CA
File:Ovpn-2.png
Key Usage > CA
add name=server common-name=server days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
File:Ovpn-3.png
New Certificate > Server
File:Opvn-4.png
Key Usage > Server
add name=client common-name=client days-valid=3650 key-size=2048 key-usage=tls-client
File:Ovpn-5.png
New Certificate > Client
File:Ovpn-6.png
Key Usage Client

Untuk client dapat dibuat beberapa certificate yang berbeda untuk tiap client (sesuaikan dengan jumlah client). 

add name=client1 common-name=client days-valid=3650 key-size=2048 key-usage=tls-client

Sign Certificate[edit]

/certificate
sign ca ca-crl-host=108.87.62.201 name=ca-certificate

Untuk CA ada beberapa yang menggunakan : 

sign ca name=ca-certificate
File:Ovpn-7.png
Sign > CA
sign server name=server-certificate ca=ca-certificate
File:Opvn-8.png
Sign > Server
sign client name=client-certificate ca=ca-certificate
File:Opvn-9.png
Sign > Client

Untuk CA ada beberapa yang menggunakan : 

sign ca name=ca-certificate

Untuk diperhatikan progress saat sign sampai berhasil : done

Trust Certificate[edit]

/certificate
set CA trusted=yes
set server trusted=yes
File:Ovpn-10.png
Trusted > CA
File:Ovpn-11.png
Trusted > server

Export Certificate[edit]

/certificate
export-certificate ca export-passphrase=""
export-certificate client export-passphrase=12345678
export-certificate client1 export-passphrase=12345678

OPVN Profile dan User[edit]

/ppp
profile add name="vpn-profile"
secret add name=user profile=vpn-profile password=password

Aktifkan OPVN Server[edit]

/interface ovpn-server server
set default-profile=vpn-profile certificate=server-certificate require-client-certificate=yes auth=sha1,md5 cipher=blowfish128,aes256 enabled=yes
Retrieved from "https://abahdoku.wiki.gd:443/index.php?title=OPVN_Server&oldid=1074"