{"id":1183,"date":"2021-05-06T03:53:53","date_gmt":"2021-05-06T06:53:53","guid":{"rendered":"https:\/\/blog.abratel.com.br\/?p=1183"},"modified":"2021-05-06T03:59:58","modified_gmt":"2021-05-06T06:59:58","slug":"openvpn-site-to-site-entre-pfsense-server-e-mikrotik-client","status":"publish","type":"post","link":"https:\/\/blog.abratel.com.br\/?p=1183","title":{"rendered":"OpenVPN Site-to-Site entre PFsense Server e Mikrotik client"},"content":{"rendered":"<p><iframe loading=\"lazy\" title=\"Mikrotik to Pfsense Openvpn\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/QHY7-dsTduA?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe><\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"mtprKMZ6El\"><p><a href=\"https:\/\/oriolrius.cat\/2016\/08\/22\/openvpn-between-pfsense-and-mikrotik\/\">OpenVPN between pfSense and Mikrotik<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"&#8220;OpenVPN between pfSense and Mikrotik&#8221; &#8212; oriolrius.cat\" src=\"https:\/\/oriolrius.cat\/2016\/08\/22\/openvpn-between-pfsense-and-mikrotik\/embed\/#?secret=mtprKMZ6El\" data-secret=\"mtprKMZ6El\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>PFSense 2.4.4-RELEASE-p3<br \/>\nMikrotik 6.45.3<\/p>\n<p>Follow the modifications:<\/p>\n<p>PFSENSE:<\/p>\n<p>System -&gt; Cert Manager -&gt; CAs<br \/>\nCreate new CA (vpn-tunnel-ca). Export &#8220;CA cert&#8221; file (my-ca.crt).<\/p>\n<p>System -&gt; Cert Manager -&gt; Certificates<br \/>\nCreate two certificates (use CA created above) &#8211; one for the VPN Server (vpn-tunnel) and one for the MikroTik client (mik-vpn). Export cert and key files for client certificate (mik-vpn.crt and mik-vpn.key).<\/p>\n<p>VPN -&gt; OpenVPN -&gt; Server<br \/>\nCreate new VPN server:<br \/>\nServer Mode: Peer to Peer (SSL\/TLS)<br \/>\nProtocol: TCP<br \/>\nDevice Mode: tun<br \/>\nInterface: WAN<br \/>\nLocal port: 24100<br \/>\nTLS Authentication: (clear checkbox, MikroTik doesn&#8217;t support shared TLS key)<br \/>\nPeer Certificate Authority: vpn-tunnel-ca<br \/>\nServer Certificate: vpn-tunnel<br \/>\nEncryption algorithm: AES-256-CBC (256 bit key, 128 bit block)<br \/>\nAuth Digest Algorithm: SHA1 (160-bit)<br \/>\nHardware Crypto: No Hardware Crypto Aceleration<br \/>\nCertificate Depth: One (Client + Server)<br \/>\nIPv4 Tunnel Network: 10.200.0.0\/29<br \/>\nIPv4 Local Network\/s: 192.168.1.0\/24<br \/>\nIPv4 Remote Network\/s: 192.168.2.0\/24<br \/>\nCompression: Omit Preference (Use OpenVPN Default)<br \/>\nTopology: net30 &#8211; Isolated \/30 network per client<\/p>\n<p>*Very important, fix the route of the remote network in PFSense<br \/>\nClient Specific Overrides:<br \/>\n+Add<br \/>\nServer List: *select your server<br \/>\nCommon Name: &#8220;common name of certificate client&#8221;<br \/>\nAdvanced: iroute 192.168.2.0 255.255.255.0;<\/p>\n<p>MikroTik:<br \/>\nCopy two certificate files and the key file to Files. Import all of them from System\/Certificates.<\/p>\n<p>PPP -&gt; Profiles &#8211; create new:<br \/>\nName: ovpn-profile<br \/>\nLocal address: 10.200.0.6<br \/>\nRemote address: 10.200.0.5<br \/>\nChange TCP MSS: yes<br \/>\n*Protocols:<br \/>\nUse Compression: no<br \/>\nUse Encryption: yes<\/p>\n<p>PPP -&gt; Interface<br \/>\ncreate new OVPN Client:<br \/>\nName: ovpn-office<br \/>\nConnect To: 1.1.1.1 (Your IP PFSense VPN Server)<br \/>\nPort: 24100<br \/>\nMode: ip<br \/>\nUser: any<br \/>\nProfile: ovpn-profile<br \/>\nCertificate: mik-vpn.crt_0<br \/>\nAuth: sha 1<br \/>\nCipher: aes 256<br \/>\nAdd Default Route: (do not check this)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenVPN between pfSense and Mikrotik PFSense 2.4.4-RELEASE-p3 Mikrotik 6.45.3 Follow the modifications: PFSENSE: System -&gt; Cert Manager -&gt; CAs Create new CA (vpn-tunnel-ca). Export &#8220;CA cert&#8221; file (my-ca.crt). System -&gt; Cert Manager -&gt; Certificates Create two certificates (use CA created above) &#8211; one for the&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[7],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/1183"}],"collection":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1183"}],"version-history":[{"count":3,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/1183\/revisions"}],"predecessor-version":[{"id":1200,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/1183\/revisions\/1200"}],"wp:attachment":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1183"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1183"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1183"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}