Table of Contents
VPS (OpenVPN Server) <=> Mikrotik (OpenVPN Client)
https://help.mikrotik.com/docs/display/ROS/OpenVPN#OpenVPN-OVPNClient
- Copy the contents of each cert and key to the appropriate sections of the client.ovpn file
- Upload
client.ovpnvia FTP or WebFig -> Files - Import
client.ovpnusing
/interface/ovpn-client/import-ovpn-configuration file-name=client.ovpn
or via WebFig -> PPP -> Import .ovpn
- You can ignore username / password (Mikrotik will set ovpnuser as a placeholder)
- Set the firewall appropriately, f.e.
/ip firewall filter add action=accept chain=input comment="openvpn client-to-client access" in-interface=openvpn-client src-address=10.0.0.0/24
NAT:
/ip firewall nat add action=masquerade chain=srcnat comment="ovpn masquerade" out-interface=openvpn-client
Debian 12
apt install openvpn easy-rsa
make-cadir /etc/easyrsa
cd /etc/easyrsa
./easyrsa init-pki
./easyrsa build-ca
./easyrsa build-server-full server
./easyrsa gen-dh
./easyrsa build-client-full mikrotik nopass
openvpn --genkey secret pki/ta.key
touch /etc/openvpn/server/server.conf
systemctl enable [email protected]| file | server.conf | client.ovpn |
|---|---|---|
| /etc/easyrsa/pki/issued/server.crt | cert <path> |
- |
| /etc/easyrsa/pki/private/server.key | key <path> |
- |
| /etc/easyrsa/pki/private/mikrotik.key | - | <key></key> |
| /etc/easyrsa/pki/issued/mikrotik.crt | - | <cert></cert> |
| /etc/easyrsa/pki/ca.crt | ca <path> |
<ca></ca> |
| /etc/easyrsa/pki/ta.key | tls-auth <path> 0 |
<tls-auth></tls-auth> + key-direction 1 |
| /etc/easyrsa/pki/dh.pem | dh <path> |
- |
mkdir /root/bin
touch /root/bin/wifi_monitor.sh
Cron:
*/5 * * * * /root/bin/wifi_monitor.sh > /dev/null
https://gist.github.com/c0m4r/204298ccf8ffdeab8de9cad0388994dc