controlwhe.blogg.se - Mikrotik routeros 6.42 key generator

CA directory contain several configuration files so it is necessary to check which one is use: Easy-rsa will ask to confirm each KEY_* variable during certificate generation, so it is possible to change both values for each certificate.ĬRL configuration is directly in openssl.cnf. For example like this:ĬN and NAME will be different for each certificate so i left it as "changeme". It is required that you modify it to reflect your settings.

There are details about certificates at end of "vars" file. I prefer strict security so i changed key size from 1024 to 4096. On other Linux distribution you should find easy-rsa installation and copy it to desired working directory.īefore certificates can be generated it is necessary to customize "vars" file inside new ca directory ("ovpn" in this example). Gentoo users can use following rsync command: Select empty directory and then use (I selected "ovpn"): Ubuntu have additional command to create CA directory.

Other users: please try to find easy-rsa using your distributions package manager or download it from GitHub Prepare CA directory Maybe in future I'll debug what was wrong with pkitool.

I am not sure if this was fail of this tool or my fail but right now i am using different way to generate certificate. I used "valid" in name of this section because I get wrongly generated certificates using "pkitool". it is not possible to set IP on server and client outside of OVPN configuration).

It is required that client address is managed and assigned by OVPN Server (e.g.

Server can be specified by FQDN only in ROS 6.4 and later.

Only TCP connection as base channel for OVPN is supported by MikroTik (ROS 6.18).

Each connection is authorized by certificate (optional), username and password.

It is not possible to create "password less" connection.

It is possible to select CA+user+pass authorization method or simple user+pass.

"require-client-certificate" is working only since ROS 6.12.

While I was designing my network I found following limitations (features ?) of OVPN implementation: This document describe my findings and my way of configuration. I am using OVPN client / server on MikroTik to connect several network/location.

4.8 Grant access for VPN clients through firewall.

4.6 Fix name of user in configuration (interface name).

4.3 Allow VPN connection to pass through firewall.

2.4 Certificate Revocation List (optional).