Lewatkan ke konten utama

Konfigurasi Open VPN Server Mikrotik Dengan Mikrotik

Tujuan : agar client terhubung secara lokal pada jaringan 192.168.80.0/24

1. Informasi Sistem

  • Router: MikroTik RouterOS

  • VPN Protocol: OpenVPN

  • LAN Server: 192.168.80.0/24

  • Gateway LAN: 192.168.80.1

  • Subnet VPN: 10.10.10.0/24

  • Port OVPN: 1194 (TCP)

2. Pembuatan Sertifikat di MikroTik

2.1 Buat CA (Certificate Authority)

Buka terminal mikrotik:
/certificate add name=ca-template common-name=MyCA key-usage=key-cert-sign,crl-sign sign ca-template name=MyCA

Cek status Pastikan CA statusnya: trusted=yes
/certificate print

Jika belum:
/certificate set MyCA trusted=yes

2.2 Buat Sertifikat Server

/certificate add name=server-template common-name=ovpn-server sign server-template ca=MyCA name=ovpn-server

/certificate set ovpn-server trusted=yes

2.3 Buat Sertifikat Client

/certificate add name=client1-template common-name=client1 sign client1-template ca=MyCA name=client1

2.4 Export Sertifikat ke Client

/certificate export-certificate client1 export-passphrase=1234 /certificate export-certificate MyCA

File yang akan muncul di Files:

  • client1.crt

  • client1.key

  • MyCA.crt

Download file tersebut ke PC client.

3. Konfigurasi OVPN Server

3.1 Buat IP Pool

/ip pool add name=ovpn-pool ranges=10.10.10.10-10.10.10.50

3.2 Buat PPP Profile

/ppp profile add name=ovpn-profile \ local-address=10.10.10.1 \ remote-address=ovpn-pool \ dns-server=8.8.8.8

3.3 Buat User VPN

/ppp secret add name=user1 \ password=123456 \ service=ovpn \ profile=ovpn-profile

3.4 Aktifkan OVPN Server

/interface ovpn-server server set enabled=yes \ port=1194 \ mode=ip \ netmask=24 \ authentication=sha1 \ cipher=aes256 \ certificate=ovpn-server \ require-client-certificate=yes

4. Firewall

4.1 Allow Port OVPN

/ip firewall filter add chain=input protocol=tcp port=1194 action=accept comment="Allow OVPN"

4.2 NAT Internet

/ip firewall nat add chain=srcnat out-interface=ether3-WAN action=masquerade

5. Konfigurasi Client Windows

5.1 Install OpenVPN Client

Download pada https://openvpn.net/community/ atau untuk mencari repository lama pada https://build.openvpn.net/downloads/releases/?C=M&O=D 

lalu Install OpenVPN GUI.

5.2 Copy File Sertifikat

File:

  • MyCA.crt

  • client1.crt

  • client1.key

untuk dibuat client1.ovpn :

client dev tun proto tcp-client remote 36.67.22.18 1194 route 192.168.80.0 255.255.255.0 resolv-retry infinite nobind persist-key persist-tun

auth SHA1 cipher AES-256-CBC data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC data-ciphers-fallback AES-256-CBC

remote-cert-tls server auth-user-pass auth-nocache

<ca> sertifikat dalam MyCA.crt </ca>

<cert> sertifikat dalam client1.crt </cert>

<key> sertifikat dalam client1.key </key>

5.3 Import File Sertifikat client1.ovpn pada OpenVPN GUI

image.png

6. Connect VPN

  • Jalankan OpenVPN GUI

  • Klik kanan → Connect

  • Masukkan username & password secret PPP

7. Verifikasi

Uji koneksi ke 192.168.80.1

image.png

Tidak ada komentar
Kembali ke atas