OPVN Server: Difference between revisions
No edit summary |
m 85 revisions imported |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Punya IP Publik== | |||
Sepertinya ini menjadi syarat wajib jika ingin membuat VPN, karena berkaitan dengan berbagai konfigurasi lain yang nanti akan menjadi catatan penting. | |||
==Membuat Certificate== | ==Membuat Certificate== | ||
/certificate | /certificate | ||
add name=CA common-name=CA days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign | add name=CA common-name=CA days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign | ||
Yang menggunakan WinBox dapat diikuti seperti gambar berikut : | Yang menggunakan WinBox dapat diikuti seperti gambar berikut : | ||
[[File:Ovpn-1.png|link=https://drive.google.com/uc?id=17Dx1q5FxRBzSAS9gqpvN8kSmEsAUwOIf|center|500px|New Certificate > CA|thumb]] | [[File:Ovpn-1.png|link=https://drive.google.com/uc?id=17Dx1q5FxRBzSAS9gqpvN8kSmEsAUwOIf|center|500px|New Certificate > CA|thumb]] | ||
[[File:Ovpn-2.png|link=https://drive.google.com/uc?id=1cQ1YkCL68JlOZK--OjIDZa_kl7z8TcgH|center|500px|Key Usage > CA|thumb]] | [[File:Ovpn-2.png|link=https://drive.google.com/uc?id=1cQ1YkCL68JlOZK--OjIDZa_kl7z8TcgH|center|500px|Key Usage > CA|thumb]] | ||
add name=server | add name=server common-name=server days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server | ||
[[File:Ovpn-3.png|link=https://drive.google.com/uc?id=1tPRSlEik4q8RG-TvxsbaIEbwUw6r4FH9|center|500px|New Certificate > Server|thumb]] | [[File:Ovpn-3.png|link=https://drive.google.com/uc?id=1tPRSlEik4q8RG-TvxsbaIEbwUw6r4FH9|center|500px|New Certificate > Server|thumb]] | ||
[[File:Opvn-4.png|link=https://drive.google.com/uc?id=1qzxKn4987zP6z8gAP0Nifgsx0u2Jv8ru|center|500px|Key Usage > Server|thumb]] | [[File:Opvn-4.png|link=https://drive.google.com/uc?id=1qzxKn4987zP6z8gAP0Nifgsx0u2Jv8ru|center|500px|Key Usage > Server|thumb]] | ||
| Line 41: | Line 36: | ||
[[File:Ovpn-10.png|link=https://drive.google.com/uc?id=1IyKfAQdAY-myfiM9vxGOT0OfEZx4RZZ0|500px|center|Trusted > CA|thumb]] | [[File:Ovpn-10.png|link=https://drive.google.com/uc?id=1IyKfAQdAY-myfiM9vxGOT0OfEZx4RZZ0|500px|center|Trusted > CA|thumb]] | ||
[[File:Ovpn-11.png|link=https://drive.google.com/uc?id=1rD1oeshB1_-pU6s8Y2oONAglu-84FUW2|500px|center|Trusted > server|thumb]] | [[File:Ovpn-11.png|link=https://drive.google.com/uc?id=1rD1oeshB1_-pU6s8Y2oONAglu-84FUW2|500px|center|Trusted > server|thumb]] | ||
==Export Certificate== | |||
/certificate | |||
export-certificate ca export-passphrase="" | |||
export-certificate client export-passphrase=12345678 | |||
export-certificate client1 export-passphrase=12345678 | |||
==OPVN Profile dan User== | |||
/ppp | |||
profile add name="vpn-profile" | |||
secret add name=user profile=vpn-profile password=password | |||
==Aktifkan OPVN Server== | |||
/interface ovpn-server server | |||
set default-profile=vpn-profile certificate=server-certificate require-client-certificate=yes auth=sha1,md5 cipher=blowfish128,aes256 enabled=yes | |||
Latest revision as of 22:48, 19 November 2024
Punya IP Publik[edit]
Sepertinya ini menjadi syarat wajib jika ingin membuat VPN, karena berkaitan dengan berbagai konfigurasi lain yang nanti akan menjadi catatan penting.
Membuat Certificate[edit]
/certificate add name=CA common-name=CA days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
Yang menggunakan WinBox dapat diikuti seperti gambar berikut :
add name=server common-name=server days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
add name=client common-name=client days-valid=3650 key-size=2048 key-usage=tls-client
Untuk client dapat dibuat beberapa certificate yang berbeda untuk tiap client (sesuaikan dengan jumlah client).
add name=client1 common-name=client days-valid=3650 key-size=2048 key-usage=tls-client
Sign Certificate[edit]
/certificate sign ca ca-crl-host=108.87.62.201 name=ca-certificate
Untuk CA ada beberapa yang menggunakan :
sign ca name=ca-certificate
sign server name=server-certificate ca=ca-certificate
sign client name=client-certificate ca=ca-certificate
Untuk CA ada beberapa yang menggunakan :
sign ca name=ca-certificate
Untuk diperhatikan progress saat sign sampai berhasil : done
Trust Certificate[edit]
/certificate set CA trusted=yes set server trusted=yes
Export Certificate[edit]
/certificate export-certificate ca export-passphrase="" export-certificate client export-passphrase=12345678 export-certificate client1 export-passphrase=12345678
OPVN Profile dan User[edit]
/ppp profile add name="vpn-profile" secret add name=user profile=vpn-profile password=password
Aktifkan OPVN Server[edit]
/interface ovpn-server server set default-profile=vpn-profile certificate=server-certificate require-client-certificate=yes auth=sha1,md5 cipher=blowfish128,aes256 enabled=yes