Difference between revisions of "Mikrotik: OpenVPN Server ke Kali Linux Client"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Berikut adalah **langkah-langkah lengkap untuk konfigurasi OpenVPN Server di MikroTik** agar dapat diakses oleh **client Kali Linux**: --- ## ✅ 1. **Persiapan** Pastikan...") |
Onnowpurbo (talk | contribs) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Berikut adalah | + | Berikut adalah '''langkah-langkah lengkap untuk konfigurasi OpenVPN Server di MikroTik''' agar dapat diakses oleh '''client Kali Linux''': |
| − | + | ==Persiapan== | |
| − | |||
| − | |||
Pastikan MikroTik dan Kali Linux: | Pastikan MikroTik dan Kali Linux: | ||
| Line 11: | Line 9: | ||
* Kali Linux memiliki OpenVPN terinstal (`sudo apt install openvpn`) | * Kali Linux memiliki OpenVPN terinstal (`sudo apt install openvpn`) | ||
| − | + | ==Generate Certificate dan Key== | |
| − | + | Gunakan fitur '''MikroTik Certificate''' untuk membuat sertifikat. | |
| − | + | '''a. Buat CA:''' | |
| − | + | /certificate | |
| + | add name=ca-template common-name=myCA key-usage=key-cert-sign,crl-sign | ||
| + | sign ca-template name=ca-cert | ||
| − | + | '''b. Buat Server Certificate:''' | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | add name=server-template common-name=server | |
| + | sign server-template ca=ca-cert name=server-cert | ||
| − | + | '''c. Buat Client Certificate:''' | |
| − | |||
| − | |||
| − | |||
| − | + | add name=client-template common-name=client | |
| + | sign client-template ca=ca-cert name=client-cert | ||
| − | + | ==Enable OpenVPN Server== | |
| − | |||
| − | |||
| − | |||
| − | --- | + | /interface ovpn-server server |
| + | set enabled=yes \ | ||
| + | certificate=server-cert \ | ||
| + | require-client-certificate=yes \ | ||
| + | auth=sha1 \ | ||
| + | cipher=aes256 \ | ||
| + | port=1194 | ||
| − | + | ==Buat PPP Profile dan Secret== | |
| − | + | '''a. Buat profile:''' | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | --- | + | /ppp profile |
| + | add name=ovpn-profile local-address=10.8.0.1 remote-address=10.8.0.2 dns-server=8.8.8.8 | ||
| − | + | '''b. Buat user untuk VPN:''' | |
| − | + | /ppp secret | |
| + | add name=client password=123 profile=ovpn-profile service=ovpn | ||
| − | + | ==Buka Firewall port OpenVPN== | |
| − | |||
| − | |||
| − | |||
| − | + | /ip firewall filter | |
| + | add chain=input protocol=tcp dst-port=1194 action=accept | ||
| − | + | ==Export Sertifikat dan Kunci== | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
Export sertifikat agar bisa digunakan di Kali Linux: | Export sertifikat agar bisa digunakan di Kali Linux: | ||
| − | + | /certificate export-certificate ca-cert export-passphrase="" | |
| − | /certificate export-certificate ca-cert export-passphrase="" | + | /certificate export-certificate client-cert export-passphrase="123456789" |
| − | /certificate export-certificate client-cert export-passphrase="" | ||
| − | |||
| − | Download file `.crt` dan `.key` dari | + | Download file `.crt` dan `.key` dari '''Files''' di MikroTik: |
* `ca-cert.crt` | * `ca-cert.crt` | ||
| Line 88: | Line 69: | ||
* `client-cert.key` | * `client-cert.key` | ||
| − | + | ==Konfigurasi Client OpenVPN di Kali Linux== | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | '''a. Install OpenVPN (jika belum)''' | |
| − | + | sudo apt update && sudo apt install openvpn | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | '''b. Buat file konfigurasi: `client.ovpn`''' | |
| − | |||
| − | |||
| − | + | client | |
| − | + | dev tun | |
| − | key | + | proto tcp |
| + | remote [IP-PUBLIK-MIKROTIK] 1194 | ||
| + | resolv-retry infinite | ||
| + | nobind | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | remote-cert-tls server | ||
| + | |||
| + | auth-user-pass | ||
| + | cipher AES-256-GCM | ||
| + | auth SHA1 | ||
| − | verb 3 | + | ca cert_export_ca-cert.crt |
| − | + | cert cert_export_client-cert.crt | |
| + | key client-cert.key | ||
| + | |||
| + | verb 3 | ||
| − | + | '''c. Simpan file `client.ovpn`, `ca-cert.crt`, `client-cert.crt`, dan `client-cert.key` di folder yang sama.''' | |
| − | + | ==Menjalankan VPN dari Kali== | |
| − | + | sudo openvpn --config client.ovpn | |
| − | |||
| − | |||
| − | sudo openvpn --config client.ovpn | ||
| − | |||
Masukkan username dan password sesuai yang dibuat di MikroTik (`client` dan `123`). | Masukkan username dan password sesuai yang dibuat di MikroTik (`client` dan `123`). | ||
| − | + | ==Verifikasi Koneksi== | |
| − | |||
| − | |||
Di MikroTik: | Di MikroTik: | ||
| − | + | /ppp active print | |
| − | /ppp active print | ||
| − | |||
Akan muncul entry koneksi OVPN aktif dari client. | Akan muncul entry koneksi OVPN aktif dari client. | ||
| − | |||
| − | |||
| − | |||
| − | |||
Latest revision as of 16:17, 13 May 2025
Berikut adalah langkah-langkah lengkap untuk konfigurasi OpenVPN Server di MikroTik agar dapat diakses oleh client Kali Linux:
Persiapan
Pastikan MikroTik dan Kali Linux:
- MikroTik sudah memiliki koneksi internet
- Port TCP 1194 terbuka di firewall MikroTik
- Kali Linux memiliki OpenVPN terinstal (`sudo apt install openvpn`)
Generate Certificate dan Key
Gunakan fitur MikroTik Certificate untuk membuat sertifikat.
a. Buat CA:
/certificate add name=ca-template common-name=myCA key-usage=key-cert-sign,crl-sign sign ca-template name=ca-cert
b. Buat Server Certificate:
add name=server-template common-name=server sign server-template ca=ca-cert name=server-cert
c. Buat Client Certificate:
add name=client-template common-name=client sign client-template ca=ca-cert name=client-cert
Enable OpenVPN Server
/interface ovpn-server server set enabled=yes \ certificate=server-cert \ require-client-certificate=yes \ auth=sha1 \ cipher=aes256 \ port=1194
Buat PPP Profile dan Secret
a. Buat profile:
/ppp profile add name=ovpn-profile local-address=10.8.0.1 remote-address=10.8.0.2 dns-server=8.8.8.8
b. Buat user untuk VPN:
/ppp secret add name=client password=123 profile=ovpn-profile service=ovpn
Buka Firewall port OpenVPN
/ip firewall filter add chain=input protocol=tcp dst-port=1194 action=accept
Export Sertifikat dan Kunci
Export sertifikat agar bisa digunakan di Kali Linux:
/certificate export-certificate ca-cert export-passphrase="" /certificate export-certificate client-cert export-passphrase="123456789"
Download file `.crt` dan `.key` dari Files di MikroTik:
- `ca-cert.crt`
- `client-cert.crt`
- `client-cert.key`
Konfigurasi Client OpenVPN di Kali Linux
a. Install OpenVPN (jika belum)
sudo apt update && sudo apt install openvpn
b. Buat file konfigurasi: `client.ovpn`
client dev tun proto tcp remote [IP-PUBLIK-MIKROTIK] 1194 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth-user-pass cipher AES-256-GCM auth SHA1
ca cert_export_ca-cert.crt cert cert_export_client-cert.crt key client-cert.key verb 3
c. Simpan file `client.ovpn`, `ca-cert.crt`, `client-cert.crt`, dan `client-cert.key` di folder yang sama.
Menjalankan VPN dari Kali
sudo openvpn --config client.ovpn
Masukkan username dan password sesuai yang dibuat di MikroTik (`client` dan `123`).
Verifikasi Koneksi
Di MikroTik:
/ppp active print
Akan muncul entry koneksi OVPN aktif dari client.