OPENVPN - VPN MIKROTIK TUTORIAL [ENG SUB]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

Hello Guys Meet again on the Mikrotik Indonesia Youtube Channel Channel that will give tips and tricks about Mikrotik this time I will discuss OpenVPN and maybe this is the last video of the video VPN series on the Indonesian Mikrotik channel but for example you have an idea about VPN that you want to discuss again please comment below and don't forget to subscribe and click the bell button so that you get the latest video updates from us in general the functions of OpenVPN are the same as other types of VPN such as PPTP, SSTP and L2TP because it can also be used for site to site VPN which aims so that between LANs can communicate with each other and can also be applied to Mobile clients which is used when we are outside the office or working on a mobile but requires to access the local office server and OpenVPN has more and more complete security facilities so we can have a connection that is safer than other types of VPN in this video I will try 2 scenarios first there is a site to site VPN as if there were 2 offices far apart and for the mobile client which I will try to use the Windows client but later it will be slightly different from other types of VPN if for PPTP and SSTP default windows are available for configuration but for OpenVPN, you will use an application from a third party and for more details I will try the first site to site VPN first I made a topology I'll simulate like this later there is office A and office B and I want between these two LANs to communicate with each other and will use the OpenVPN type Mikrotik devices support to be used as OpenVPN server or OpenVPN client and the first requirement in these two offices must be able to connect to the internet first Basic configurations must be done first and there must be some preparation that we need to do to make OpenVPN for OpenVPN we also need Certificates and we are required to make certificates that can be installed on the Server and also the client our first step must be to make sure Office A and Office B can be connected to the internet and my position is now in office B's LAN network and this router acts as a Router Gateway at office B then my laptop is on the local network I have to make sure that router B is connected to the internet I have to open Winbox first then I have to enter my router as office B router as an example like this I have prepared beforehand and for local networks here use the 172.31.1.x IP Address 172.31.1.1 I install it as an IP for the Gateway on the Router and the other for the client can DHCP then for office A office A uses the trial Public IP 192.168.128.102 I will try to access it from here I will try to connect to 192.168.128.102 make sure to be able to connect to the internet because I have prepared this configuration beforehand if you are still hesitant in doing the basic configuration you can search this channel for the basic proxy configuration because we discussed the previous video at this time I tried remotely to the office A router which I will use later as a VPN Server First we have to prepare the certificates first we enter the System menu and certificates incidentally here I have made the certificates for the process of creating and Sign In certificates, you can learn about the previous video about SSTP in the video I explained how to make certificates how to make certificates can be trusted so they can be exported for client needs In this tutorial we also have to make certificates and export the certificates so that it can be used on the client side can for clients in office B or clients that are mobile using Windows here it appears that many certificates have been made there are CA certificates, client1, client2 then for servers too each is used for a different function so certificates for CA, client1 and client2 must be exported first how to export certificates we must enter the New Terminal menu then we type "Certificate export-certificate" for example, we want to export CA certificates first then don't forget we give passphrase This passphrase please remember correctly because it will be needed later when connected using the mobile client for example here I gave my secret passphrase and don't forget we also have to do it with certificates for client1 and client2 we will use client1 in office B and client2 we will use for Windows clients after we export CA certificates then we do export for client1 so also for client2 and for the passphrase here I use the same so I'm not confused after doing export, new files will appear in the Files menu on the Router we can see here Here there is a file for CA up to client2.key so this export file is stored in the laptop for further needs for example, I will download it by right clicking for example here I save it in the Desktop directory and I name it the Certificate folder after we save it later we can use it on our client side then to configure the VPN server certificate has been created then it has also been exported we also need to configure the VPN Server we entered the PPP menu on the Interface tab we can enter to the "OVPN Server" menu if we press this OVPN Server button, several parameters will appear there is a certificate parameter and we can point to the certificate that we have made before for authentication we can choose more than one in the cipher option we can also choose more than one type of cipher for security needs we can choose more than one cipher to be safer Default port parameters use 1194 for now the Mikrotik device supports OpenVPN with the TCP protocol with port 1194 this parameter can also be replaced we can replace, for example, want to use TCP port 443 for this experiment I use the default port, 1194 we can activate the OpenVPN server by checking Enable here We select the Certificate parameter server after that we can apply because this connection is a VPN connection don't forget to make Secrets I have prepared 2 Secrets for this experiment, ovpn1 with a password test then ovpn2 with a password test I will use it on the Office B client and the Windows client for details on how to make Secrets you can see a detailed explanation on the previous video because the steps are the same so I'm not explaining here for preparation on the server side or office A center is complete The VPN server is active and we have used certificates too we have also made Secrets so we can switch to configuration on the client or office B we open a new winbox because we are in one LAN so we can see in the Neighbor tab here I managed to remotely router in office B or as its VPN Client then the preparation on the client side is that we have to import the certificates that were already made more detailed import methods are the same as those in the video that discusses SSTP we can upload it to the Files menu via Winbox we can find the file certificates that we have saved before I saved it in the Desktop directory \ Certificates we can drag and drop this file to the Files menu in Winbox we need the CA.crt file and also the client there are a total of 4 files because we have to enter some * .key files that we must enter into the Files menu if all files have been entered then we must do the import process by going to the System-Certificates menu I have previously imported these certificates so that there can be 2 certificates here for the CA certificate and client how to import a certificate we have to press the import button then we look for the certificate file for example here we will import CA and don't forget to fill in the passphrase correctly here and we have to import the * .key file too so that the Trusted flag can appear if these two certificates already exist then we will configure the VPN client we enter the PPP menu then enter the Interface tab and we will add a new interface for the OpenVPN client for example here I name ovpn-kantorA go to the Dial Out tab and we fill in the Connect To parameter with the Office Public IP A 192.168.128.102 Port parameters must be the same as the settings on the server the username is vpn1 with a password test our profile choose default-encryption and certificates we choose client1 for authentication and cipher we compare it to the one on the server coincidentally on the server I checked more than 1 so here we can choose by default you can use authentication sha1 and blowfish ciphers let's just try applying if the user and password are matched then certificates are also correctly issued by the server so we can synchronize then there will be an R flag indicator or running if you can walk like this and we want to be able to connect between LANs so we have to do routing until this step is the same as that done by other VPNs that we previously discussed first we will make routing from office B to office A in this example in Office A, it uses IP for LAN, which is 192.168.23.0/24 and the IP address used on office B LAN is 172.31.1.1/24 then for openVPN from the secret that was on the server I got IP 10.100.100.2 then the VPN server uses 10.10.10.101 which later I can use for the gateway for the routing configuration for what IP routes to make? we can enter the IP-Routes menu then we click the + sign Etc. Our address can be filled with 192.168.230.0/24 then the gateway we fill with 10.100.100.1 or we can choose the openVPN interface because of the VPN connection, we can choose the interface for the gateway like this is making routing in office B we also need to create server-side routing or office A so that LANs can be connected to each other we are trying to do a remote on the office router A which has IP 192.168.128.102 the configuration in our office A router selects Dst. Address is office B's IP LAN and the gateway we select the VPN interface we create the routing by clicking the + button Etc. Our address is to fill in the IP LAN office B 172.31.1.0/24 with the gateway 10.100.100.2 how to test it we can do it with Ping because of my position in office B LAN then I will try Pinging to 192.168.230.254 there is a device there that is actively using the IP I will try to do the Ping command, because I am in the office LAN network B means that you can skip the VPN and can reply if you want to check whether through the VPN path or we can't do Traceroutes we type "tracert -d 192.168.230.254" here you can see through the gateway router office B this is a VPN and this is a client or PC in office B thus we can give access for example there is a server in office A and we need to access it maybe any CCTV or resource we can also access it from office A to office B and vice versa we will try to see a little difference from OpenVPN first I tried the remote to the office A router then enter the PPP menu Active Connections menu Here the Encoding looks like it is in accordance with the settings when we dial in the previous video for PPTP using MPPE encoding then SSTP can use Encoding RC4 if with Certificates and can use MMPE when SSTP doesn't use certificates then for L2TP is a combination using IPsec whereas for OpenVPN Encoding it directly uses BF-128 the explanation here might seem similar to the configuration of another VPN there is a difference before you can choose the type of cipher and openVPN also requires certificates we can make SSL certificates or buy ourselves and what I demonstrated this time I made it with Mikrotik RouterOS or self sign in certificates using this type of certificate for OpenVPN can already be run that is an example for connecting site to site OpenVPN which is almost similar to other VPNs and for the difference there is also when we are connected using a mobile client and the client directly uses the Windows operating system we will try with the same topology example with the topology available on other video VPNs so that it can be used for more detailed learning the topology and scenario are the same the difference is the type of VPN used the example of the second scenario is when we are outside the office to be able to access resources that are in an office LAN we can create a VPN first we already created a VPN server in office A then we only need to configure the client side For example, this time I tried to use the Windows operating system we checked earlier on the server side there are 2 secrets that have been made the first secret is ovpn1 and now we try to use the second secret, ovpn2 which we will apply to the Windows client on the server side it's ready. now we only need to configure the Windows client Windows operating systems are not available for openVPN client configurations maybe on most operating systems it might also be macOS, Linux and even on Android there is no openVPN client setting yet so here we need the help of a third party application for example here I have downloaded the OpenVPN application which is called OpenVPN GUI this application will help us to connect to OpenVPN Server this time we don't create a new interface like when we make PPTP or SSTP but we have to configure the files in the application for the software that I use we have to enter the application directory after we enter into the OpenVPN application directory we have to add some files to this config folder namely CA certificate, then client certificate along with * .key as well for this application we also have to create a new file with the * .ovpn extension we also have to make one more file containing Secrets to configure the username and password so you can dial into the VPN server after we enter the config folder in the OpenVPN application we also have to add several files the first is certificates that I previously exported from VPN Server and stored in the Desktop directory first we need CA certificates the second client certificates along with the key from here we try copying then we put it in the config folder in the OpenVPN application so it's not too long I will rename these files I cut it down to CA.crt I also made the client to be client.crt and finally the key file I rename to client.key then to configure determine the IP and port to do Dial Up we need a configuration file with the extension * .ovpn for more details please visit wiki.mikrotik.com in the OpenVPN manual section or on a more clear OpenVPN discussion forum for example here if I open via Notepad ++ it's actually quite simple like this example of the contents of the configuration file to fill the command in this client1.ovpn file are some commands that will be executed when this application is run the first one here is the client1.ovpn command template using tun then the determination for protocol configuration uses TCP then the remote is used to determine the IP and Port on the server that we use next to this bottom to set the Windows default gateway directly to VPN Server used to redirect traffic when when we use access in the public area and cannot access to foreign servers we can redirect traffic to our office first then used to determine the file certificate for the CA and also the client we can point to the certificate file and also the key that we copied earlier the bottom again to determine the cipher and also the type of authentication and for authentication we use a user and password and for this username and password we can navigate to the file with the name secret after the * .ovpn file is ready we need one more file for the secret that is used for this section's command settings so user and password authentication is in a file called secret so we can make one new file the contents are the username and password used to dial in the direction of OpenVPN Server we save this file without file extension first we can try saving it first with the * .txt extension after that we can rename it again after all the files in the config folder in the OpenVPN application are ready there are several certificate files then secret and client1.ovpn file then we can dial by entering the taskbar's corner then clicking 2x on the OpenVPN icon after that we will be asked to enter the same passphrase when we export file certificates I made it with "my secret" we just enter it here after we click OK if our steps are correct then we will be able to connect later here it looks like you have got IP 10.100.100.3 then a notification will appear that we are connected to the ovpn server if you have successfully connected we can check the control panel in the Network Connections menu later a new interface will appear, for example Ethernet 3 appears here we can check IP by right-clicking the status then entering details in the configuration of the * .ovpn file I made the transfer of traffic from the laptop through the server we will try to do trace routes for example to 8.8.8.8 then the default gateway of this laptop will go directly to the VPN server for example here the default VPN gateway server is 10.100.100.1 thus, our laptop will be able to access the server at the head office or divert internet traffic to office VPN lines Suppose we are in a public area that cannot access external servers we can redirect traffic to our office first like that 2 examples of configuration for OpenVPN to connect the site to sote and also the mobile client connection with a Windows laptop maybe here it looks a little complicated for the configuration but with us using OpenVPN it will get more complete path security when compared to other types of VPN here we can choose several types of ciphers that do not exist in the previous VPN type so that it can make our VPN connection safer for activation of security it's up to you to make what you like because these two security methods can run together and make our network safer and more flexible if we want to access the server that is in the local network of our headquarters this is the tutorial video about OpenVPN this time if there are questions or suggestions please provide in the comments column below don't forget to like and also share this video so that it can be more useful to others Thank you for watching see you in the next video tutorial

Info

Channel: Mikrotik Indonesia (Citraweb)

Views: 47,156

Rating: undefined out of 5

Keywords: OpenVPN, OVPN, OpenVPN Server, OpenVPN Client, Setup OpenVPN, Konfigurasi OpenVPN, OpenVPN Mikrotik, OpenVPN Windows, vpn, vpn mikrotik, vpn game mikrotik, vpn server, virtual private network, best vpn, vpn client, vpn trick, best vpn service, vpn service, Mikrotik, Mikrotik Tutorial, Mikrotik Indonesia, Mikrotik Router, Mikrotik Configuration, RouterOS, Setting Mikrotik, Citraweb Solusi Teknologi, Citraweb, CST, Mikrotik Hotspot, Routerboard, Belajar Mikrotik, Membuat OpenVPN

Id: 3vnJFTo5mIY

Channel Id: undefined

Length: 34min 7sec (2047 seconds)

Published: Sun Jul 21 2019