/certificate add name="KR" country="KR" state="KR" locality="seoul" organization="조직명" unit="조직명" common-name="KR" key-size=4096 days-valid=3650 key-usage=crl-sign,key-cert-sign
/certificate sign "KR" ca-crl-host=127.0.0.1 name="KR"
/certificate add name="server" country="KR" state="KR" locality="seoul" organization="조직명" unit="조직명" common-name="server" key-size=4096 days-valid=3650 key-usage=digital-signature,key-encipherment,tls-server
/certificate sign server ca="KR" name="server"
/certificate add name="client1" country="KR" state="KR" locality="seoul" organization="조직명" unit="조직명" common-name="client1" key-size=4096 days-valid=3650 key-usage=tls-client
/certificate sign client1 ca="KR" name="client1"
/certificate add name="client2" country="KR" state="KR" locality="seoul" organization="조직명" unit="조직명" common-name="client2" key-size=4096 days-valid=3650 key-usage=tls-client
/certificate sign client2 ca="KR" name="client2"
/certificate add name="계정" copy-from="client1" common-name="계정"
/certificate sign "계정" ca="KR" name="계정"
/certificate export-certificate "KR" export-passphrase=""
/certificate export-certificate "계정" export-passphrase="패스워드"
/ip pool add name=ovpn ranges=10.81.234.5-10.81.234.10
/ip dhcp-server network add address=10.81.234.0/24 comment=vpn dns-server=168.126.63.1 gateway=10.81.234.1 netmask=24
/ppp profile add bridge=bridge dns-server=168.126.63.1 local-address=ovpn name=open_vpn remote-address=ovpn use-compression=no use-encryption=required
/interface ovpn-server server set certificate=server cipher=blowfish128,aes128,aes192,aes256 default-profile=open_vpn enabled=yes require-client-certificate=yes
/ppp secret add name="계정" password="패스워드" profile=open_vpn service=ovpn
/ip firewall filter add action=accept chain=input comment=OPEN_VPN dst-port=1194 protocol=tcp
'네트워크 > Mikrotik' 카테고리의 다른 글
Mikrotik 한국 IP list 자동 다운로드 스크립트 (0) | 2023.02.10 |
---|---|
Mikrotik config Backup 스크립트 (0) | 2023.02.10 |
SYN/DoS/DDoS Protection (0) | 2021.08.10 |