Start openvpn server / interface ovpn-server server Secret add name=rockheung profile=ovpn-profile password=q1w2e3r4 Profile add name="ovpn-profile" use-encryption=yes local-address=192.168.90.255 remote-address=ovpn This is necessary for internet surfing /ip firewall nat add chain=srcnat out-interface=ether1 action=masquerade Pool add name="ovpn" ranges=192.168.90.10-192.168.90.254Īdd chain=input protocol=tcp dst-port=1194 action=accept comment="Allow OpenVPN"Īdd masquerade for ether1. Sign client-template name=client-certificate ca=ca-certificateĮxport ca and client certificate / certificateĮxport-certificate client-certificate export-passphrase=1q2w3e4r Sign server-template name=server-certificate ca=ca-certificate Sign those certificates sign ca-template name=ca-certificate Make new three certificate templates for ca, server, client / certificateĪdd name=ca-template common-name= days-valid=3652 key-size=2048 key-usage=crl-sign,key-cert-signĪdd name=server-template common-name=*. days-valid=3652 key-size=2048 key-usage=digital-signature,key-encipherment,tls-serverĪdd name=client-template common-name= days-valid=365 key-size=2048 key-usage=tls-client userĪdd copy-from=admin name="passenger" group=full password=1q2w3e There would be so many login attempts by bots. YOU MUST DISABLE THIS ACCOUNT AND ADD YOUR OWN ADMIN ACCOUNT. ssh -t MikroTik-CHRĭefault account is admin with no password. Accessing CHR through linode's public ip address takes minutes. I recommand using lish (linode monitoring tool on terminal) because of delaying. Shut it down, and make boot profile for CHR. Use command fdisk -l sudo gunzip -c chr-6.41.3.img.zip | sudo dd of=/dev/sda bs=1M If you have multiple disk, you should check which one is to be written. Download link is stable version of CHR raw image at this point. After boot, download latest CHR image and write it on disk. Second, boot Linode in rescue mode with disk just created above. First, create RAW disk for CHR larger than 128MB.
0 Comments
Leave a Reply. |