{"id":3651,"date":"2024-08-15T20:59:26","date_gmt":"2024-08-15T12:59:26","guid":{"rendered":"https:\/\/ros.tw\/wp\/?p=3651"},"modified":"2024-08-15T20:59:26","modified_gmt":"2024-08-15T12:59:26","slug":"routeros-v7-open-vpn-server-%e5%bb%ba%e7%ab%8b%e8%ad%89%e6%9b%b8%e6%95%99%e5%ad%b8","status":"publish","type":"post","link":"https:\/\/ros.tw\/wp\/?p=3651","title":{"rendered":"RouterOS V7 OPEN-VPN SERVER \u5efa\u7acb\u8b49\u66f8\u6559\u5b78"},"content":{"rendered":"<p>\u9996\u5148\u5efa\u7acb\u8b49\u66f8<\/p>\n<p>\u7e3d\u5171\u9700\u8981\u7522\u751f\u4e09\u500b\u6191\u8b49\uff1aCA \u6191\u8b49\u3001\u7528\u6236\u7aef\u6191\u8b49\u548c\u4f3a\u670d\u5668\u6191\u8b49\u3002<\/p>\n<p>1.\u5efa\u7acbCA\u8b49\u66f8<br \/>\n\u9019\u88e1\u4f7f\u7528CLI\u65b9\u5f0f\u64cd\u4f5c\u4ecb\u7d39<br \/>\n\u53ea\u9700\u8981\u628a\u8a2d\u7f6e\u547d\u4ee4\u8907\u88fd\u8cbc\u4e0a\u5373\u53ef<\/p>\n<p>\/certificate add name=ca-cert common-name=ca-cert days-valid=365 key-size=2048 key-usage=crl-sign,key-cert-sign<\/p>\n<p>\u9019\u500b\u662fCA \u6191\u8b49, \u540d\u7a31\u53eb\u505a&#8221;ca-cert&#8221; ,\u5bc6\u9470\u70ba 2048\u4f4d\u5143,\u8b49\u66f8\u6709\u6548\u5929\u6578\u8a2d\u5b9a\u70ba365\u5929.<br \/>\n1\u5e74\u5230\u671f\u5f8c\u9700\u8981\u518d\u91cd\u65b0\u64cd\u4f5c\u5efa\u7acb\u8b49\u66f8\u4e00\u6b21,\u5982\u679c\u4e0d\u5e0c\u671b\u9019\u9ebc\u983b\u7e41\u64cd\u4f5c,\u53ef\u4ee5\u81ea\u884c\u628a365\u5929\u8a2d\u4e45\u4e00\u9ede,\u4f8b\u59823650\u5929,\u4e5f\u5c31\u662f10\u5e74.<\/p>\n<p><a href=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229214646.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3770\" src=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229214646.png\" alt=\"\" width=\"396\" height=\"566\" \/><\/a><\/p>\n<p>2.\u5efa\u7acb\u4f3a\u670d\u5668\u6191\u8b49<\/p>\n<p>\u4e00\u6a23\u628a\u8a2d\u7f6e\u547d\u4ee4\u8907\u88fd\u8cbc\u4e0a\u5373\u53ef<br \/>\n\/certificate add name=server-cert common-name=server-cert days-valid=365 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server<\/p>\n<p>\u4f3a\u670d\u5668\u6191\u8b49\u540d\u7a31\u70ba&#8221;server-cert&#8221;<\/p>\n<p>&nbsp;<\/p>\n<p>3.\u5efa\u7acb\u7528\u6236\u7aef\u6191\u8b49<\/p>\n<p>\u4e00\u6a23\u628a\u8a2d\u7f6e\u547d\u4ee4\u8907\u88fd\u8cbc\u4e0a\u5373\u53ef<\/p>\n<p>\/certificate add name=client-cert common-name=client-cert days-valid=365 key-size=2048 key-usage=tls-client<br \/>\n\u7528\u6236\u7aef\u6191\u8b49\u540d\u7a31\u70ba&#8221;client-cert&#8221;<\/p>\n<p><a href=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229213157.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3760\" src=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229213157.png\" alt=\"\" width=\"580\" height=\"237\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>\u63a5\u4e0b\u4f86\u64cd\u4f5c\u7c3d\u7f72\u8b49\u66f8<\/p>\n<p>4.\u7c3d\u7f72CA\u8b49\u66f8<br \/>\n\u4e00\u6a23\u628a\u8a2d\u7f6e\u547d\u4ee4\u8907\u88fd\u8cbc\u4e0a\u5373\u53ef,\u4f46\u662f\u8a18\u5f97\u5148\u628a\u5e95\u4e0b\u7684\u4e2d\u6587\u8a3b\u89e3\u66ff\u63db\u6210\u4f60\u5be6\u969b\u7684IP\u6216\u57df\u540d<br \/>\n\/certificate sign ca-cert name=ca-cert ca-crl-host=&#8221;1.2.3.4&#8243;<\/p>\n<p>\u7c3d\u7f72\u8b49\u66f8\u6703\u9700\u8981\u4e00\u4e9b\u6642\u9593(\u5927\u7d041~10\u79d2\u5167),\u53d6\u6c7a\u65bc\u8def\u7531\u5668\u7684CPU\u6027\u80fd.<\/p>\n<p>&nbsp;<\/p>\n<p>5.\u7c3d\u7f72\u5ba2\u6236\u7aef\u548c\u4f3a\u670d\u5668\u8b49\u66f8<\/p>\n<p>\u4e00\u6a23\u8907\u88fd\u8cbc\u4e0a\u5373\u53ef<br \/>\n\/certificate sign server-cert name=server-cert ca=ca-cert<br \/>\n\/certificate sign client-cert name=client-cert ca=ca-cert<\/p>\n<p>\u540c\u6a23\u7c3d\u7f72\u8b49\u66f8\u9700\u8981\u4e00\u4e9b\u6642\u9593.<\/p>\n<p>&nbsp;<\/p>\n<p>6. \u4fe1\u4efb\u4f3a\u670d\u5668\u6191\u8b49<br \/>\n\u8907\u88fd\u8cbc\u4e0a\u5373\u53ef<br \/>\n\/certificate set server-cert trusted=yes<\/p>\n<p>&nbsp;<\/p>\n<p>\u8a2d\u7f6e\u5230\u6b64\u5373\u5b8c\u6210\u4e09\u500b\u8b49\u66f8\u7684\u5efa\u7acb\u8207\u7c3d\u7f72.<\/p>\n<p><a href=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/E819O9_EEPO4BY1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3762\" src=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/E819O9_EEPO4BY1.png\" alt=\"\" width=\"585\" height=\"259\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>\u63a5\u4e0b\u4f86\u64cd\u4f5c\u532f\u51fa\u8b49\u66f8<\/p>\n<p>7.\u532f\u51faCA\u8b49\u66f8<br \/>\n\u5e95\u4e0b\u7684export-passphrase \u9019\u4e0d\u9700\u8981\u586b,\u4f7f\u7528\u9810\u8a2d\u5373\u53ef.<br \/>\n\/certificate export-certificate ca-cert export-passphrase=&#8221;&#8221;<\/p>\n<p>&nbsp;<\/p>\n<p>8.\u63a5\u8457\u532f\u51fa\u5ba2\u6236\u7aef\u8b49\u66f8<br \/>\n\u4e00\u6a23\u8907\u88fd\u8cbc\u4e0a\u5373\u53ef,\u4f46\u662f\u5e95\u4e0b\u7684password\u8981\u66ff\u63db\u81ea\u8a2d\u4e00\u7d44\u5bc6\u78bc.\u5bc6\u78bc\u81f3\u5c118\u500b\u5b57\u4ee5\u4e0a<br \/>\n\/certificate export-certificate client-cert export-passphrase=&#8221;[password]&#8221;<\/p>\n<p>&nbsp;<\/p>\n<p>\u64cd\u4f5c\u5230\u9019\u4e00\u6b65\u5373\u5b8c\u6210\u5168\u90e8\u7684\u8b49\u66f8\u5efa\u7acb\u4ee5\u53ca\u532f\u51fa,<br \/>\n\u6aa2\u67e5\u4f60\u7684Winbox Files\u8cc7\u6599\u593e\u88e1\u9762\u6703\u751f\u6210\u4e09\u500b\u8b49\u66f8\u6a94\u6848.<a href=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229213110.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3759\" src=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229213110.png\" alt=\"\" width=\"600\" height=\"326\" \/><\/a><\/p>\n<p>9.\u63a5\u4e0b\u4f86\u8a2d\u5b9aOVPN,\u8a2d\u5b9a\u65b9\u5f0f\u8ddf\u57fa\u672c\u7684VPN\u8a2d\u7f6e\u4e00\u6a23<\/p>\n<p>10.\u518d\u4f86\u9ede\u9078PPP\u9078\u55ae\u8996\u7a97\u4e26\u5c0e\u89bd\u81f3 Interface\u9801\u9762\u3002 \u6309\u4e00\u4e0b\u9802\u90e8\u6b04\u4f4d\u4e2d\u7684\u300cOVPN Server\u300d\u6309\u9215\u5373\u53ef\u7de8\u8f2f\u8a2d\u5b9a\u3002<\/p>\n<p>11.<br \/>\n\u63a5\u4e0b\u4f86\u8a2d\u5b9aOVPN\u9810\u8a2d\u9023\u63a5\u57e0\u70ba1194\uff0c\u4f60\u53ef\u4ee5\u81ea\u8a02\u63db\u6210\u5176\u4ed6\u9023\u63a5\u57e0\u3002<br \/>\nMode\u6a21\u5f0f\u8a2d\u5b9a\u70baip\uff08layer3 VPN\uff09\u6216 ethernet\uff08layer2 VPN\uff09\u3002\u82e5\u7121\u7279\u6b8a\u9700\u6c42,\u5efa\u8b70\u4f7f\u7528ip\u6a21\u5f0f\u3002<br \/>\n\u5c07\u5354\u5b9a\u8a2d\u70ba UDP \u6216 TCP\uff0c\u5177\u9ad4\u53d6\u6c7a\u65bc\u60a8\u8981\u4f7f\u7528\u54ea\u4e00\u7a2e\u3002 UDP \u662f\u63a8\u85a6\u9078\u9805\u3002<br \/>\n\u7db2\u8def\u906e\u7f69\u4f7f\u7528\u7cfb\u7d71\u9810\u8a2d24\u5373\u53ef<br \/>\ncertificate \u6191\u8b49\u9078\u9805\u9019\u908a\u8a18\u5f97\u8b8a\u66f4\u70ba\u60a8\u7684\u4f3a\u670d\u5668\u6191\u8b49(\u9078server-cert\u9019\u500b), \u4e26\u5c07\u201cRequire Client Certificate\u201d \u6309\u9215\u6253\u52fe<br \/>\n\u5728\u300c\u8eab\u4efd\u9a57\u8b49\u300d\u90e8\u5206\u4e2d\uff0c\u9078\u53d6 sha1 \u8907\u9078\u6846\u4e26\u53d6\u6d88\u9078\u53d6\u6240\u6709\u5176\u4ed6\u8907\u9078\u6846<br \/>\n\u5728\u300c\u5bc6\u78bc\u300d\u90e8\u5206\u4e2d\uff0c\u9078\u53d6 AES 128\u3001192 \u548c 256 \u7684\u65b9\u584a\u3002\u53d6\u6d88\u9078\u53d6\u6240\u6709\u5176\u4ed6\u65b9\u584a\u3002<\/p>\n<p>\u5e95\u4e0b\u7684&#8221;Redirect Gateway&#8221;\u9810\u8a2d\u662f disabled\u6253\u52fe,\u5982\u679c\u4f60\u7684OVPN\u4f7f\u7528\u8005\u9023\u4e0a\u4f86\u5f8c\u8981\u900f\u904e\u9019\u53f0OVPN Server\u806f\u7db2,\u5247\u5fc5\u9808\u628a\u6253\u52fe\u63db\u6210&#8221;defl&#8221;<\/p>\n<p><a href=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229214613.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3769\" src=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229214613.png\" alt=\"\" width=\"556\" height=\"779\" \/><\/a><\/p>\n<p>\u6700\u5f8c,OVPN SERVER \u8a2d\u5b9a\u597d\u4e4b\u5f8c,\u53ef\u4ee5\u5c07\u9023\u7dda\u8a2d\u5b9a\u6a94\u532f\u51fa\u4ee5\u65b9\u4fbf\u63d0\u4f9b\u7d66\u4f7f\u7528\u8005\u96fb\u8166\u532f\u5165\u8a2d\u5b9a\u5f8c\u9023\u7dda.<\/p>\n<p><a href=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229214823.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3771\" src=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229214823.png\" alt=\"\" width=\"559\" height=\"397\" \/><\/a><br \/>\n\u9ede\u9078Export.ovpn\u6309\u9215\u5f8c , \u586b\u5165\u4f60\u9019\u53f0\u4f3a\u670d\u5668\u7684IP\u6216\u57df\u540d,\u5e95\u4e0b\u8b49\u66f8\u6b04\u4f4d\u4e5f\u586b\u5165\u5c0d\u61c9\u7684\u6a94\u6848\u540d\u7a31\u5f8c\u5373\u53ef\u5b8c\u6210\u8a2d\u5b9a\u6a94\u532f\u51fa.<br \/>\n\u9023\u7dda\u8a2d\u5b9a\u6a94\u532f\u51fa\u9019\u500b\u529f\u80fd\u9700\u8981V7\u7248\u672c\u624d\u5177\u5099,V6\u7248\u672c\u76ee\u524d\u6c92\u6709\u9019\u500b\u529f\u80fd.<\/p>\n<p>\u6aa2\u67e5\u4f60\u7684Winbox Files\u8cc7\u6599\u662f\u5426\u591a\u4e86\u4e00\u500bclientxxxxxx.ovpn\u7684\u6a94\u6848,<a href=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229213633.png\"><br \/>\n<img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3763\" src=\"https:\/\/ros.tw\/wp\/wp-content\/uploads\/2023\/12\/20231229213633.png\" alt=\"\" width=\"574\" height=\"269\" \/><\/a><\/p>\n<p>\u53ea\u8981\u628a\u9019\u500b\u6a94\u6848\u6293\u4e0b\u4f86\u50b3\u7d66\u4f7f\u7528\u8005\u8b93\u4ed6\u532f\u5165\u81ea\u5df1\u7684\u96fb\u8166\u5f8c\u5373\u53ef\u4f7f\u7528OPEN-VPN\u7684\u9023\u7dda\u8edf\u9ad4\u9023\u4e0a\u4f86.<\/p>\n<p>\u4ee5\u4e0a\u8b49\u66f8\u8a2d\u5b9a\u5b8c\u6210.<\/p>\n<p>\u5e95\u4e0b\u63d0\u4f9b\u5f71\u7247\u6559\u5b78\u53c3\u8003<\/p>\n<p>. RouterOS V7 OPEN-VPN SERVER \u5efa\u7acb\u8b49\u66f8\u6559\u5b78\u0007inherit\u0006closed\u0006closed \u00103757-revision-v1\u0099\u00b1\u00fb\\]\u0099\u00b1\u00fa\u071d\u00ad\u000e \u0019https:\/\/ros.tw\/wp\/?p=3772\brevision \u00010 N-VPN\u7684\u9023\u7dda\u8edf\u9ad4\u9023\u4e0a\u4f86.<\/p>\n<p>\u4ee5\u4e0a\u8b49\u66f8\u8a2d\u5b9a\u5b8c\u6210.<\/p>\n<p>\u5e95\u4e0b\u63d0\u4f9b\u5f71\u7247\u6559\u5b78\u53c3\u8003<\/p>\n<p><a href=\"https:\/\/youtu.be\/w6nm0tTfBBc\">https:\/\/youtu.be\/w6nm0tTfBBc<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u9996\u5148\u5efa\u7acb\u8b49\u66f8 \u7e3d\u5171\u9700\u8981\u7522\u751f\u4e09\u500b\u6191\u8b49\uff1aCA \u6191\u8b49\u3001\u7528\u6236\u7aef\u6191\u8b49\u548c\u4f3a\u670d\u5668\u6191\u8b49\u3002 1.\u5efa &hellip; <a href=\"https:\/\/ros.tw\/wp\/?p=3651\">\u95b1\u8b80\u5168\u6587 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"gallery","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3651","post","type-post","status-publish","format-gallery","hentry","category-ros","post_format-post-format-gallery"],"_links":{"self":[{"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=\/wp\/v2\/posts\/3651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3651"}],"version-history":[{"count":1,"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=\/wp\/v2\/posts\/3651\/revisions"}],"predecessor-version":[{"id":3652,"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=\/wp\/v2\/posts\/3651\/revisions\/3652"}],"wp:attachment":[{"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ros.tw\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}