{"id":6637,"date":"2025-09-23T13:13:26","date_gmt":"2025-09-23T10:13:26","guid":{"rendered":"https:\/\/skeletor.org.ua\/?p=6637"},"modified":"2025-09-23T13:13:26","modified_gmt":"2025-09-23T10:13:26","slug":"mikrotik-openvpn-tls","status":"publish","type":"post","link":"https:\/\/skeletor.org.ua\/?p=6637","title":{"rendered":"[Mikrotik] OpenVPN + TLS"},"content":{"rendered":"\n

\u041d\u0430\u0440\u0435\u0448\u0442\u0456! \u0412 mikrotik <\/strong>\u0432 OpenVPN <\/strong>\u043c\u043e\u0436\u043d\u0430 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0432\u0430\u0442\u0438 TLS <\/strong>auth. \u0426\u0435 \u043c\u043e\u0436\u043b\u0438\u0432\u043e \u043b\u0438\u0448\u0435 \u043f\u043e\u0447\u0438\u043d\u0430\u044e\u0447\u0438 \u0437 \u0432\u0435\u0440\u0441\u0456\u0457 7.17rc3<\/strong>.<\/p>\n\n\n\n

\u0429\u043e\u0431 \u0446\u0435 \u0441\u043f\u0440\u0430\u0446\u044e\u0432\u0430\u043b\u043e, \u0442\u0440\u0435\u0431\u0430 \u0456\u043c\u043f\u043e\u0440\u0442\u0443\u0432\u0430\u0442\u0438 \u043a\u043e\u043d\u0444\u0456\u0433 openvpn <\/strong>\u044f\u043a \u043e\u0434\u0438\u043d \u0444\u0430\u0439\u043b, \u0432\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0456 \u044f\u043a\u043e\u0433\u043e \u0431\u0443\u0434\u0443\u0442\u044c \u0456 \u043a\u043b\u044e\u0447\u0456 \u0456 \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0438. \u0410 \u0442\u0430\u043a\u043e\u0436, \u0454 \u043e\u0434\u0438\u043d \u043d\u044e\u0430\u043d\u0441, \u043f\u0440\u043e \u044f\u043a\u0438\u0439 \u043d\u0435 \u043f\u0438\u0448\u0443\u0442\u044c \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0456\u0457 – \u0442\u0440\u0435\u0431\u0430 \u0432 \u0441\u0430\u043c\u043e\u043c\u0443 \u043f\u043e\u0447\u0430\u0442\u043a\u0443 \u043a\u043e\u043d\u0444\u0456\u0433\u0443 \u0432\u043a\u0430\u0437\u0443\u0432\u0430\u0442\u0438, \u0449\u043e \u0446\u0435 client<\/strong>, \u0456\u043d\u0430\u043a\u0448\u0435 \u0431\u0443\u0434\u0435 \u043f\u043e\u043c\u0438\u043b\u043a\u0430:<\/p>\n\n

<\/p>\n

\n[admin@MikroTik] > \/interface\/ovpn-client\/import-ovpn-configuration file-name=OfficeUser.ovpn \n  progress: only ovpn client configuration can be imported\n\nadd \"client\" in the first line.\n<\/pre>\n\n\n
\u041e\u0442\u0436\u0435, \u043f\u0440\u0438\u0431\u043b\u0438\u0437\u043d\u0438\u0439 \u043a\u043e\u043d\u0444\u0456\u0433 ovpn <\/strong>\u0431\u0443\u0434\u0435<\/p>\n\n\n
\nclient\n...\n<ca>\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n<\/ca>\nkey-direction 1\n<tls-auth>\n#\n# 2048 bit OpenVPN static key\n#\n-----BEGIN OpenVPN Static key V1-----\n-----END OpenVPN Static key V1-----\n<\/tls-auth>\n<cert>\n-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n<\/cert>\n<key>\n-----BEGIN PRIVATE KEY-----\n-----END PRIVATE KEY-----\n<\/key>\n<\/pre>\n\n\n
\u041f\u0440\u043e\u0431\u0443\u0454\u043c\u043e<\/p>\n\n\n
\n[admin@MikroTik] > \/interface\/ovpn-client\/import-ovpn-configuration file-name=OfficeUser.ovpn \n  progress: config 'ovpn-import1750751599' import completed with warnings, please see system log\n\n[admin@MikroTik] > ip route print \nFlags: D - DYNAMIC; A - ACTIVE; c - CONNECT, d - DHCP, v - VPN\nColumns: DST-ADDRESS, GATEWAY, ROUTING-TABLE, DISTANCE\n    DST-ADDRESS      GATEWAY                ROUTING-TABLE  DISTANCE\nDAd 0.0.0.0\/0        192.168.1.1            main                  1\nDAc 10.44.0.0\/24     ovpn-import1750751599  main                  0\nDAv 10.101.1.0\/24    10.44.0.1              main                  1\nDAv 10.202.1.0\/24    10.44.0.1              main                  1\nDAc 192.168.1.0\/24   ether1                 main                  0\nDAc 192.168.88.0\/24  bridge                 main                  0\n\n[admin@MikroTik] > interface ovpn-client print \nFlags: X - disabled; R - running; H - hw-crypto; Ta - tls-auth; Tc - tls-crypt \n 0  RHTa   name=\"ovpn-import1750751599\" mac-address=FE:C2:87:01:2E:34 max-mtu=1500 connect-to=XX.XX.XX.XX port=1194 mode=ip \n           protocol=tcp user=\"ovpnuser\" password=\"\" profile=default certificate=cert_ovpn-import1750751599 \n           verify-server-certificate=yes tls-version=any auth=sha1 cipher=aes256-cbc use-peer-dns=yes add-default-route=no \n           route-nopull=no \n<\/pre>\n\n\n
\u042f\u043a\u0449\u043e \u0442\u0440\u0435\u0431\u0430 \u0443\u0432\u0456\u043c\u043a\u043d\u0443\u0442\u0438 NAT <\/strong>(masquerade<\/strong>) \u043d\u0430 \u0446\u044c\u043e\u043c\u0443 \u0456\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0456, \u0442\u043e \u0440\u043e\u0431\u0438\u043c\u043e \u0442\u0430\u043a <\/p>\n\n\n
\n[admin@MikroTik] > \/ip firewall nat add chain=srcnat out-interface=ovpn-import1750751599 action=masquerade\n<\/pre>","protected":false},"excerpt":{"rendered":"
\u041d\u0430\u0440\u0435\u0448\u0442\u0456! \u0412 mikrotik \u0432 OpenVPN \u043c\u043e\u0436\u043d\u0430 \u0432\u0438\u043a\u043e\u0440\u0438\u0441\u0442\u043e\u0432\u0443\u0432\u0430\u0442\u0438 TLS auth. \u0426\u0435 \u043c\u043e\u0436\u043b\u0438\u0432\u043e \u043b\u0438\u0448\u0435 \u043f\u043e\u0447\u0438\u043d\u0430\u044e\u0447\u0438 \u0437 \u0432\u0435\u0440\u0441\u0456\u0457 7.17rc3. \u0429\u043e\u0431 \u0446\u0435 \u0441\u043f\u0440\u0430\u0446\u044e\u0432\u0430\u043b\u043e, \u0442\u0440\u0435\u0431\u0430 \u0456\u043c\u043f\u043e\u0440\u0442\u0443\u0432\u0430\u0442\u0438 \u043a\u043e\u043d\u0444\u0456\u0433 openvpn \u044f\u043a \u043e\u0434\u0438\u043d \u0444\u0430\u0439\u043b, \u0432\u0441\u0435\u0440\u0435\u0434\u0438\u043d\u0456 \u044f\u043a\u043e\u0433\u043e \u0431\u0443\u0434\u0443\u0442\u044c \u0456 \u043a\u043b\u044e\u0447\u0456 \u0456 \u0441\u0435\u0440\u0442\u0438\u0444\u0456\u043a\u0430\u0442\u0438. \u0410 \u0442\u0430\u043a\u043e\u0436, \u0454 \u043e\u0434\u0438\u043d \u043d\u044e\u0430\u043d\u0441, \u043f\u0440\u043e \u044f\u043a\u0438\u0439 \u043d\u0435 \u043f\u0438\u0448\u0443\u0442\u044c \u0432 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u0446\u0456\u0457 – \u0442\u0440\u0435\u0431\u0430 \u0432 \u0441\u0430\u043c\u043e\u043c\u0443 \u043f\u043e\u0447\u0430\u0442\u043a\u0443 \u043a\u043e\u043d\u0444\u0456\u0433\u0443 \u0432\u043a\u0430\u0437\u0443\u0432\u0430\u0442\u0438, \u0449\u043e \u0446\u0435 client, \u0456\u043d\u0430\u043a\u0448\u0435 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38],"tags":[],"class_list":["post-6637","post","type-post","status-publish","format-standard","hentry","category-mikrotik"],"_links":{"self":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6637","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6637"}],"version-history":[{"count":1,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6637\/revisions"}],"predecessor-version":[{"id":6638,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=\/wp\/v2\/posts\/6637\/revisions\/6638"}],"wp:attachment":[{"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6637"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6637"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/skeletor.org.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6637"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}