https://paksamsul.smkn1pogalan.sch.id/index.php?action=history&feed=atom&title=OpenVPN_Site_to_Site OpenVPN Site to Site - Riwayat revisi 2026-04-28T03:25:14Z Riwayat revisi halaman ini di wiki MediaWiki 1.41.1 https://paksamsul.smkn1pogalan.sch.id/index.php?title=OpenVPN_Site_to_Site&diff=1156&oldid=prev Samsul: ←Membuat halaman berisi 'Sumber: https://www.marthur.com/networking/mikrotik-setup-a-site-to-site-openvpn-connection/314/ %MikroTik Identity% HQ %Client Name% Cabang %MikroTik Loc...' 2023-01-25T16:16:30Z <p>←Membuat halaman berisi &#039;Sumber: https://www.marthur.com/networking/mikrotik-setup-a-site-to-site-openvpn-connection/314/ %MikroTik Identity% HQ %Client Name% Cabang %MikroTik Loc...&#039;</p> <p><b>Halaman baru</b></p><div>Sumber: https://www.marthur.com/networking/mikrotik-setup-a-site-to-site-openvpn-connection/314/<br /> <br /> <br /> %MikroTik Identity% HQ<br /> %Client Name% Cabang<br /> %MikroTik Local IP% 192.168.88.198<br /> %Passphrase% 123456789<br /> <br /> <br /> ==MIKROTIK A (SERVER): CERTIFICATE SETUP &amp; EXPORT==<br /> <br /> ===CREATE THE CERTIFICATES===<br /> <br /> /certificate add name=ca-template common-name=CA-HQ key-usage=key-cert-sign,crl-sign<br /> /certificate add name=server-template common-name=SERVER<br /> /certificate add name=client-Cabang-template common-name=client-Cabang<br /> <br /> ===SIGN THE CERTIFICATES===<br /> <br /> Butuh waktu, jangan copy paste sekaligus.<br /> <br /> /certificate sign ca-template ca-crl-host=192.168.88.198 name=CA-HQ<br /> /certificate sign ca=CA-HQ server-template name=SERVER<br /> /certificate sign ca=CA-HQ client-Cabang-template name=client-Cabang<br /> <br /> ===ENABLE “TRUSTED” FOR THE CERTIFICATE AUTHORITY AND SERVER ONLY===<br /> <br /> /certificate set CA-HQ trusted=yes<br /> /certificate set SERVER trusted=yes<br /> <br /> The Certificates window should now look similar to this screenshot.<br /> <br /> ===EXPORT THE CERTIFICATES===<br /> <br /> /certificate export-certificate CA-HQ<br /> /certificate export-certificate client-Cabang export-passphrase=123456789<br /> <br /> Ambil file menggunakan FTP<br /> <br /> cert_export_CA-HQ.crt<br /> cert_export_client-Cabang.key<br /> cert_export_client-Cabang.crt<br /> <br /> ==MIKROTIK B (CLIENT): CERTIFICATE SETUP &amp; IMPORT==<br /> <br /> Upload file menggunakan FTP<br /> <br /> cert_export_CA-HQ.crt<br /> cert_export_client-Cabang.key<br /> cert_export_client-Cabang.crt<br /> <br /> <br /> ===IMPORT THE CERTIFICATES===<br /> <br /> /certificate import file-name=cert_export_CA-HQ.crt passphrase=&quot;&quot;<br /> /certificate import file-name=cert_export_client-Cabang.crt passphrase=123456789<br /> /certificate import file-name=cert_export_client-Cabang.key passphrase=123456789<br /> <br /> <br /> ==MIKROTIK A (SERVER): OPENVPN PPP CONFIGURATION==<br /> <br /> ===IMPORT THE CERTIFICATES===<br /> <br /> /ppp profile add name=openvpn local-address=10.10.200.1 remote-address=10.10.200.2 change-tcp-mss=yes use-compression=no use-encryption=required<br /> <br /> ==CREATE A PPP SECRET (MODIFY COMMAND AS NEEDED)==<br /> <br /> /ppp secret add name=Cabang password=123456789 profile=openvpn service=ovpn<br /> <br /> <br /> ===CONFIGURE THE OVPN SERVER (MODIFY COMMAND AS NEEDED)===<br /> <br /> /interface ovpn-server server set certificate=SERVER cipher=blowfish128,aes128,aes192,aes256 default-profile=openvpn enabled=yes require-client-certificate=yes<br /> <br /> ===CREATE A ROUTE (MODIFY COMMAND AS NEEDED)===<br /> <br /> /ip route add dst-address=192.168.200.0/24 gateway=10.10.200.2<br /> <br /> ==MIKROTIK A (SERVER): OPENVPN FIREWALL/NAT CONFIGURATION==<br /> <br /> CREATE THE FIREWALL FILTER AND NAT BYPASS RULES (MODIFY COMMAND AS NEEDED):<br /> <br /> # /ip firewall filter add chain=input dst-port=1194 protocol=tcp<br /> # /ip firewall nat add chain=srcnat src-address=192.168.100.0/24 dst-address=192.168.200.0/24 place-before=0<br /> <br /> ==MIKROTIK B (CLIENT): OPENVPN PPP CONFIGURATION==<br /> <br /> ===CREATE A OVPN CLIENT (MODIFY COMMAND AS NEEDED)===<br /> <br /> # /interface ovpn-client add certificate=cert_export_client-Cabang.crt_0 cipher=aes256 connect-to=71.157.75.49 mac-address=02:2F:03:6C:10:59 name=ovpn-Texas password=NyTx325 profile=default-encryption user=NewYork<br /> <br /> /interface ovpn-client add certificate=cert_export_client-Cabang.crt_0 cipher=aes256 connect-to=10.10.200.1 name=ovpn-ke-HQ password=123456789 profile=default-encryption user=Cabang<br /> <br /> ===CREATE A ROUTE (MODIFY COMMAND AS NEEDED)===<br /> <br /> /ip route add dst-address=192.168.100.0/24 gateway=10.10.200.1<br /> <br /> <br /> MIKROTIK B (CLIENT): OPENVPN FIREWALL/NAT CONFIGURATION<br /> CREATE THE FIREWALL FILTER AND NAT BYPASS RULES (MODIFY COMMAND AS NEEDED):<br /> <br /> # /ip firewall filter add chain=input dst-port=1194 protocol=tcp<br /> # /ip firewall nat add chain=srcnat src-address=192.168.88.0/24 dst-address=192.168.100.0/24 place-before=0<br /> <br /> ==Referensi==<br /> <br /> * https://www.marthur.com/networking/mikrotik-setup-a-site-to-site-openvpn-connection/314/</div> Samsul