Konfigurasi OpenVPN Server MikroTik
===== BLANK ======
Konfigurasi Certificate
Dengan adanya sertifikat koneksi antara server dan client menjadi lebih aman, dan tidak sembarang client bisa terhubung dengan OpenVPN Server
Konfigurasi CA Certificate
Pergi ke menu System > Certificates lalu klik tombol (+)
General Tab (CA Certificate)
Key Usage Tab (CA Certificate)
Klik Apply lalu klik Sign
Keterangan:
Certificate: Pilih CA (yang barusan kita apply) CA CRL Host: IP Publik dari Server VPN
Lalu klik Start, Setelah mengklik Start pastikan Parameter Progress: Done
Setelah itu klik Close lalu OK
Konfigurasi Certificate server
Pergi ke menu System > Certificates lalu klik tombol (+)
General Tab (Server Certificate)
Key Usage Tab (Server Certificate)
Klik Apply lalu klik Sign
Lalu klik Start, Setelah mengklik Start pastikan Parameter Progress: Done
Setelah itu klik Close lalu ceklis kotak Trust
Apply lalu OK
Konfigurasi Certificate client
General Tab (Client Certificate)
Key Usage Tab (Client Certificate)
Klik Apply lalu klik Sign
Lalu klik Start, Setelah mengklik Start pastikan Parameter Progress: Done
Setelah itu klik Close lalu OK
HASIL PEMBUATAN CERTIFICATE
Aktifkan OpenVPN Server
Pergi ke manu PPP
Konfigurasi OpenVPN Client Android
Setelah langkah pembuatan certificate selesai untuk membuat file konfigurasi OpenVPN kita export certificate CA dan client terlebih dahulu lalu download kedalam komputer desktop kita.
Klik kanan pada certificate yang akan kita export lalu klik export
Export CA Certificate
Export client Certificate
Keterangan:
Certificate: Pilih certificate client yang telah kita buat Export Passphrase: password untuk file certificate client File Name: Masukan nama file hasil export
Setelah Certificate CA dan client di export akan muncul 3 file di file manager, yaitu: CA.crt, client.crt, client.key
Download ketiga file tersebut kedalam komputer desktop kita
Buat Secret
Pergi ke menu PPP > klik tab Secret lalu klik (+)
Keterangan:
Local Address: IP untuk sisi server Remote Address: IP untuk sisi client
Lalu buat file konfigurasi menggunakan OpenVPN config generator, Klik Disini
Keterangan:
Remote (Address):IP Publik Server VPN CA Certificate: Sertificate CA yang telah di export dan didownload Client Certificate: Sertificate CA yang telah di export dan didownload Client Key: Sertificate CA yang telah di export dan didownload Keypassphrase: Password pada saat mengexport certificate client Chipher: Metode Enkripsi, sesuaikan dengan konfigurasi OpenVPN Server Redirect Gateway: Ceklis jika ingin semua trafic dilewatkan melalui koneksi VPN Route: Tambahkan jika perlu static routing
Jika sudah, klik Generate
Salin text atau klik save untuk mendownload kedalam file text .ovpn
Isi text konfigurasi
client
dev tun
proto tcp-client
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
auth-nocache
mute 10
remote 68.183.186.59
port 1194
auth SHA1
cipher AES-256-CBC
redirect-gateway def1
auth-user-pass credentials.txt
ca [inline]
cert [inline]
key [inline]
<ca>
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIII8Gu5glhs5kwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE
AwwCQ0EwHhcNMjMwMzA4MDc0OTE3WhcNMjQwMzA3MDc0OTE3WjANMQswCQYDVQQD
DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQu0CVZBd02W3+d
3BCIIJE6nm9JM2h0n25x/boXsryFOgBeIhGypmqx0VON3/MbuHAcYp+FED9VoSxT
X+jhY80oOArfS84/6/QvSk6cQoU6M9zaPDxXSL0qYg0IzeNvn9lIZ+soowPGnpjD
9JIUF7adkpHGUs3QLVsdoUJ4qT9uorN0jBUxkc31pi3JK4K9u6fNDFd6LvxAq8ir
aP2WuqQuqFNz1st80Gckq5N9ue+sUuRqv5sO2OxDcsyQTeH1nIZ8nA1aD6nuP7Rx
NB5H8uDtJgSCJvB4sgkWmSP9Ck6ctdfKqF4iavOxeOm/mYD7Gh3+Us/RbfKs0Tp4
CN2QAG0CAwEAAaOBmjCBlzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
BjAdBgNVHQ4EFgQULH+doud83/hf3SRhhg0LAnMHtoowLwYDVR0fBCgwJjAkoCKg
IIYeaHR0cDovLzY4LjE4My4xODYuNTkvY3JsLzEuY3JsMCQGCWCGSAGG+EIBDQQX
FhVHZW5lcmF0ZWQgYnkgUm91dGVyT1MwDQYJKoZIhvcNAQELBQADggEBAKqXBjCo
ewFrJ6DuusCzJEA+6FKBPEPH65jgDUf5F2feMJKQ73VUyJcVPZ6skle3OJ8rsVvQ
4kQnpp7mKG16YNeDgJ+zZkJbtfXUla2Pi38W6yjR2HJPnjP8y0hqcgtc1vzM3wh0
plmsYpsLCg3U+sensor/iVDKGjz5VCXjxyHYLKqZYAOGtwW+9WQZ9A1US
R0U6pf8a/ZI5mdrkb6FFkcnKwnIqJJjGYsU9gvBuOlcVRpvvKJe7sSbYf6R/gS1m
mqv62IggXcqGsKoGy88uh/UltJFzC7qrTkkfIGjjUpvWeivQ53a67d58B7pw/Ucu
qAh/t+4iRbJ+wlo=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIIERPTAeYHMI0wDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE
AwwCQ0EwHhcNMjMwMzA4MDgwNTQ5WhcNMjQwMzA3MDgwNTQ5WjARMQ8wDQYDVQQD
DAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxNpAQmibZ
JY5cWT5j1ixI4ejRQPurJdUBWNuY0ypmwXOR1jreAsCVR7o3A4hc4whIgJjXNG/P
UZCDOflhkox1ptrKb/zBZmlmc8TpNYPGxKruZ/6XXl4dFo2ZePcPtJmTscb1lgDu
Xjm+1qc4fdTCMhim/RXrGncHNrTzcD8zGEl5XVxCs6AtjXaMTADo71OsMSSQRa1M
GjvBj5xv0z/mUMkFMppefa8YrA1zS+nmduJZjzmlvmr7Dm+ehHZdXIoBmXD5lqFj
mYEEhvzPKYMAeXXyVzw+NB1W9v1VY5pyj7qlhPGifzq7w8tMTw6CLWVmWWQISlEm
aAK9HPAnZem3AgMBAAGjfTB7MBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQW
BBTFe0QxVasZ2X/Zt9xmdkLNpnfg5DAfBgNVHSMEGDAWgBQsf52i53zf+F/dJGGG
DQsCcwe2ijAkBglghkgBhvhCAQ0EFxYVR2VuZXJhdGVkIGJ5IFJvdXRlck9TMA0G
CSqGSIb3DQEBCwUAA4IBAQB/p3FZQYteRF9U73L/PuIXzPnjFCM1fXtXqKoDVdpy
SffKPC9XidXv4tET+wiMRlLMz+jVbBoUDhcQ/+BmBzFlfZOoTnjz8t+sWz1+W+h4
7l8nE6XSOIcH0SWIIZUBz0GVcQZvyBefbKA9eM2iIHJOMPtTpSkzoHyPwsuFKwkM
KY+kQJgPZFEXVgeDcLL6Tv+6QyV0N+noBTRxcalCFkp23MC5raAPaOpR/gDoERv+
6XgGgejn5w+sensor/c+U2tmkLMqr0Lwabj668i0XfAj138NaNU1Bu
crl7Ky0d6NuNnO0xrHcViWZENnOSG8lD3XA/eIDWH3R/
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsTaQEJom2SWOXFk+Y9YsSOHo0UD7qyXVAVjbmNMqZsFzkdY6
3gLAlUe6NwOIXOMISICY1zRvz1GQgzn5YZKMdabaym/8wWZpZnPE6TWDxsSq7mf+
l15eHRaNmXj3D7SZk7HG9ZYA7l45vtanOH3UwjIYpv0V6xp3Bza083A/MxhJeV1c
QrOgLY12jEwA6O9TrDEkkEWtTBo7wY+cb9M/5lDJBTKaXn2vGKwNc0vp5nbiWY85
pb5q+w5vnoR2XVyKAZlw+ZahY5mBBIb8zymDAHl18lc8PjQdVvb9VWOaco+6pYTx
on86u8PLTE8Ogi1lZllkCEpRJmgCvRzwJ2XptwIDAQABAoIBAGWvPkkYevQctaxN
1RvqV+zWHAZ+OCqDgc7NEuyFNo5RsKPc/lhH0gOWbcaFc2iBKU6Y45qQzxtx3O8/
g9Y2Bfy4alDAo5LB1fbgtPtwJpYWYVJ9P7vRfUVJnKSUoYdUhM8XsmdW1F/yl0Xm
23rx0PRBVJ31GO+XdvcfsAMDxG/nKV/KUYIt5vBjgNbByQz4yieRCzXZENn6Fgrs
TflQI9Wxq7he63kNnYAm0Gl9dw3uprjxV7NO2z24V8m13k+FcEg2VK6XzUeC3aRJ
EfBLusqx0ComV3+NEqxVMQ5bxTL8Jvep0nX/ZjV+YF7CqR08eY0AWZ+s/LPO9sMz
9C3PqEkCgYEA6EDuR4Bb6KckhDQ7Y3M2/UlNrG8Gp3gEonhPT6cMvCxn7OXFxGT3
L5rIDCRFTn/hcmK2RDJjEEwNYLrH6lm9/AbHS/7Q/NBdV66pnavqFJ2gF4uUv4YE
rRtf7GtFs5j4fb1wMMH2mYyqKVttZvzwktNeYyLM2sbgsJaDg4WSR8UCgYEAw1T8
spqMpS0zODAyADnqlWGl8ZJMVypZzBdbGiih77BsVRK8+5t6S4YqoxGmNuW3wALG
I2CJbmGCWf9e9LEpGPdaBKaZedrzv3gkmtn8kPkB08rA0J38WkTIApZrIVezA2Wt
DyN3j8HawGyp+BGZfvW7dr/hdqrSrxuEugQKh0sCgYBcKG+kdZ2CqtgFkYhDRRN7
29tzYbbdOvVz1pN6Aso93Mz8JoycCog/HobksnvB02KM9fhnBStj6xmf2V28cxG8
8J+iWyFoP/HZ+heZ1f6TYZyF20AR40b1vZgJguNsiXWIx2O+JSkJ8tQOhxXZOOLp
D/AzHDr3UNUVnRPgW18ZFQKBgQCQGbaCnHl9sabDoOqCODfTFEKzwFYJR/kPE3vm
BGvSw7hn2ncIt161MLlrq62PelDgmitKFgHNKKpdcoO+yKOlA3WpUK6QsvJ3Ik7+
3inxWYH7mOw9+w8cGPnkzsshwe0SaIQPUv71UvHqWz/Y/kLa4rX1mQDf5o2fGRIF
mM2bmQKBgQC4hDJfWtHQxWl5vNvJvmCZGeZ4faufG0vgjeaPI+7yM5jrBtT6L+LB
cTRniGgE+sensor/KGg2sQaBbI7xsc1ncc6nSuLF7fx49R
o8RhrKTQH+L01lVTaEDkLYq4vWxKhb6PKaFCQZdBeVrpzi3bKfy5oA==
-----END RSA PRIVATE KEY-----
</key>
Ubah baris auth-user-pass credentials.txt
menjadi
<auth-user-pass>
budi
passwordbudi
</auth-user-pass>
Hapus baris ca [inline]
cert [inline]
key [inline]
Sehinggga keseluruhannya menjadi seperti berikut
client
dev tun
proto tcp-client
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
auth-nocache
mute 10
remote 68.183.186.59
port 1194
auth SHA1
cipher AES-256-CBC
redirect-gateway def1
<auth-user-pass>
budi
passwordbudi
</auth-user-pass>
<ca>
-----BEGIN CERTIFICATE-----
MIIDNzCCAh+gAwIBAgIII8Gu5glhs5kwDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE
AwwCQ0EwHhcNMjMwMzA4MDc0OTE3WhcNMjQwMzA3MDc0OTE3WjANMQswCQYDVQQD
DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANQu0CVZBd02W3+d
3BCIIJE6nm9JM2h0n25x/boXsryFOgBeIhGypmqx0VON3/MbuHAcYp+FED9VoSxT
X+jhY80oOArfS84/6/QvSk6cQoU6M9zaPDxXSL0qYg0IzeNvn9lIZ+soowPGnpjD
9JIUF7adkpHGUs3QLVsdoUJ4qT9uorN0jBUxkc31pi3JK4K9u6fNDFd6LvxAq8ir
aP2WuqQuqFNz1st80Gckq5N9ue+sUuRqv5sO2OxDcsyQTeH1nIZ8nA1aD6nuP7Rx
NB5H8uDtJgSCJvB4sgkWmSP9Ck6ctdfKqF4iavOxeOm/mYD7Gh3+Us/RbfKs0Tp4
CN2QAG0CAwEAAaOBmjCBlzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB
BjAdBgNVHQ4EFgQULH+doud83/hf3SRhhg0LAnMHtoowLwYDVR0fBCgwJjAkoCKg
IIYeaHR0cDovLzY4LjE4My4xODYuNTkvY3JsLzEuY3JsMCQGCWCGSAGG+EIBDQQX
FhVHZW5lcmF0ZWQgYnkgUm91dGVyT1MwDQYJKoZIhvcNAQELBQADggEBAKqXBjCo
ewFrJ6DuusCzJEA+6FKBPEPH65jgDUf5F2feMJKQ73VUyJcVPZ6skle3OJ8rsVvQ
4kQnpp7mKG16YNeDgJ+zZkJbtfXUla2Pi38W6yjR2HJPnjP8y0hqcgtc1vzM3wh0
plmsYpsLCg3U+sensor/iVDKGjz5VCXjxyHYLKqZYAOGtwW+9WQZ9A1US
R0U6pf8a/ZI5mdrkb6FFkcnKwnIqJJjGYsU9gvBuOlcVRpvvKJe7sSbYf6R/gS1m
mqv62IggXcqGsKoGy88uh/UltJFzC7qrTkkfIGjjUpvWeivQ53a67d58B7pw/Ucu
qAh/t+4iRbJ+wlo=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIIERPTAeYHMI0wDQYJKoZIhvcNAQELBQAwDTELMAkGA1UE
AwwCQ0EwHhcNMjMwMzA4MDgwNTQ5WhcNMjQwMzA3MDgwNTQ5WjARMQ8wDQYDVQQD
DAZjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxNpAQmibZ
JY5cWT5j1ixI4ejRQPurJdUBWNuY0ypmwXOR1jreAsCVR7o3A4hc4whIgJjXNG/P
UZCDOflhkox1ptrKb/zBZmlmc8TpNYPGxKruZ/6XXl4dFo2ZePcPtJmTscb1lgDu
Xjm+1qc4fdTCMhim/RXrGncHNrTzcD8zGEl5XVxCs6AtjXaMTADo71OsMSSQRa1M
GjvBj5xv0z/mUMkFMppefa8YrA1zS+nmduJZjzmlvmr7Dm+ehHZdXIoBmXD5lqFj
mYEEhvzPKYMAeXXyVzw+NB1W9v1VY5pyj7qlhPGifzq7w8tMTw6CLWVmWWQISlEm
aAK9HPAnZem3AgMBAAGjfTB7MBMGA1UdJQQMMAoGCCsGAQUFBwMCMB0GA1UdDgQW
BBTFe0QxVasZ2X/Zt9xmdkLNpnfg5DAfBgNVHSMEGDAWgBQsf52i53zf+F/dJGGG
DQsCcwe2ijAkBglghkgBhvhCAQ0EFxYVR2VuZXJhdGVkIGJ5IFJvdXRlck9TMA0G
CSqGSIb3DQEBCwUAA4IBAQB/p3FZQYteRF9U73L/PuIXzPnjFCM1fXtXqKoDVdpy
SffKPC9XidXv4tET+wiMRlLMz+jVbBoUDhcQ/+BmBzFlfZOoTnjz8t+sWz1+W+h4
7l8nE6XSOIcH0SWIIZUBz0GVcQZvyBefbKA9eM2iIHJOMPtTpSkzoHyPwsuFKwkM
KY+kQJgPZFEXVgeDcLL6Tv+6QyV0N+noBTRxcalCFkp23MC5raAPaOpR/gDoERv+
6XgGgejn5w+sensor/c+U2tmkLMqr0Lwabj668i0XfAj138NaNU1Bu
crl7Ky0d6NuNnO0xrHcViWZENnOSG8lD3XA/eIDWH3R/
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAsTaQEJom2SWOXFk+Y9YsSOHo0UD7qyXVAVjbmNMqZsFzkdY6
3gLAlUe6NwOIXOMISICY1zRvz1GQgzn5YZKMdabaym/8wWZpZnPE6TWDxsSq7mf+
l15eHRaNmXj3D7SZk7HG9ZYA7l45vtanOH3UwjIYpv0V6xp3Bza083A/MxhJeV1c
QrOgLY12jEwA6O9TrDEkkEWtTBo7wY+cb9M/5lDJBTKaXn2vGKwNc0vp5nbiWY85
pb5q+w5vnoR2XVyKAZlw+ZahY5mBBIb8zymDAHl18lc8PjQdVvb9VWOaco+6pYTx
on86u8PLTE8Ogi1lZllkCEpRJmgCvRzwJ2XptwIDAQABAoIBAGWvPkkYevQctaxN
1RvqV+zWHAZ+OCqDgc7NEuyFNo5RsKPc/lhH0gOWbcaFc2iBKU6Y45qQzxtx3O8/
g9Y2Bfy4alDAo5LB1fbgtPtwJpYWYVJ9P7vRfUVJnKSUoYdUhM8XsmdW1F/yl0Xm
23rx0PRBVJ31GO+XdvcfsAMDxG/nKV/KUYIt5vBjgNbByQz4yieRCzXZENn6Fgrs
TflQI9Wxq7he63kNnYAm0Gl9dw3uprjxV7NO2z24V8m13k+FcEg2VK6XzUeC3aRJ
EfBLusqx0ComV3+NEqxVMQ5bxTL8Jvep0nX/ZjV+YF7CqR08eY0AWZ+s/LPO9sMz
9C3PqEkCgYEA6EDuR4Bb6KckhDQ7Y3M2/UlNrG8Gp3gEonhPT6cMvCxn7OXFxGT3
L5rIDCRFTn/hcmK2RDJjEEwNYLrH6lm9/AbHS/7Q/NBdV66pnavqFJ2gF4uUv4YE
rRtf7GtFs5j4fb1wMMH2mYyqKVttZvzwktNeYyLM2sbgsJaDg4WSR8UCgYEAw1T8
spqMpS0zODAyADnqlWGl8ZJMVypZzBdbGiih77BsVRK8+5t6S4YqoxGmNuW3wALG
I2CJbmGCWf9e9LEpGPdaBKaZedrzv3gkmtn8kPkB08rA0J38WkTIApZrIVezA2Wt
DyN3j8HawGyp+BGZfvW7dr/hdqrSrxuEugQKh0sCgYBcKG+kdZ2CqtgFkYhDRRN7
29tzYbbdOvVz1pN6Aso93Mz8JoycCog/HobksnvB02KM9fhnBStj6xmf2V28cxG8
8J+iWyFoP/HZ+heZ1f6TYZyF20AR40b1vZgJguNsiXWIx2O+JSkJ8tQOhxXZOOLp
D/AzHDr3UNUVnRPgW18ZFQKBgQCQGbaCnHl9sabDoOqCODfTFEKzwFYJR/kPE3vm
BGvSw7hn2ncIt161MLlrq62PelDgmitKFgHNKKpdcoO+yKOlA3WpUK6QsvJ3Ik7+
3inxWYH7mOw9+w8cGPnkzsshwe0SaIQPUv71UvHqWz/Y/kLa4rX1mQDf5o2fGRIF
mM2bmQKBgQC4hDJfWtHQxWl5vNvJvmCZGeZ4faufG0vgjeaPI+7yM5jrBtT6L+LB
cTRniGgE+sensor/KGg2sQaBbI7xsc1ncc6nSuLF7fx49R
o8RhrKTQH+L01lVTaEDkLYq4vWxKhb6PKaFCQZdBeVrpzi3bKfy5oA==
-----END RSA PRIVATE KEY-----
</key>
Simpan perubahan lalu kirim file konfigurasi .ovpn ke HP android yang akan menjadi VPN Client
Konfigurasi di sisi HP
Download aplikasi OpenVPN, Klik Disini
Buka aplikasi OpenVPN Connect
Klik tab FILE lalu klik BROWSE
Pilih file konfigurasi .ovpn
Jika muncul pertanyaan: Klik OK
Sesuaikan Profile Name agar mudah di ingat
Setelah berhasil coba jalankan VPN
Jika sudah berhasil tersambung tampilannya akan seperti ini
Keterangan:
Sumber/referensi: https://www.youtube.com/watch?v=EWAkfhCxgwc&t=633s OpenVPN community forum