Esse artigo foi homologado no equipamento CCR1036-8G-2S+, na versão v6.49.18, o uso em uma versão diferente pode não resultar da mesma forma.
/certificate add \
name=ca1-ovpn-smart-layer-mhs \
common-name=ca1-ovpn-smart-layer-mhs \
country=BR \
state=GO \
locality=MHS \
organization="SMART LAYER MORRINHOS" \
unit="001-IPV4" \
key-usage=crl-sign,key-cert-sign \
days-valid=9999 \
#
/certificate sign \
ca1-ovpn-smart-layer-mhs \
ca-crl-host=192.0.2.254 \
#
/certificate export-certificate \
ca1-ovpn-smart-layer-mhs \
type=pem \
file-name=ca1-ovpn-smart-layer-mhs \
#
/certificate add \
name=server1-ovpn-smart-layer-mhs \
common-name=server1-ovpn-smart-layer-mhs \
country=BR \
state=GO \
locality=MHS \
organization="SMART LAYER MORRINHOS" \
unit="001-IPV4" \
key-usage=digital-signature,key-encipherment,tls-server \
days-valid=9999 \
#
/certificate sign \
server1-ovpn-smart-layer-mhs \
ca=ca1-ovpn-smart-layer-mhs \
#
/certificate set \
server1-ovpn-smart-layer-mhs \
trusted=yes \
#
/certificate add \
name=client1-ovpn-admin \
common-name=client1-ovpn-admin \
country=BR \
state=GO \
locality=MHS \
organization="SMART LAYER MORRINHOS" \
unit="ADMIN" \
key-usage=tls-client \
days-valid=9999 \
#
/certificate sign \
client1-ovpn-admin \
ca=ca1-ovpn-smart-layer-mhs \
#
/certificate set \
client1-ovpn-admin \
trusted=yes \
#
/certificate export-certificate \
client1-ovpn-admin \
type=pem \
export-passphrase=#@SenhaSegura2024#@ \
file-name=client1-ovpn-admin \
#
/ip pool add \
name=OVPN \
ranges=10.98.7.2-10.98.7.254 \
#
/ppp profile add \
name=OVPN \
local-address=10.98.7.1 \
remote-address=OVPN \
change-tcp-mss=yes \
only-one=yes \
#
/interface ovpn-server server set \
disabled=yes \
certificate=server1-ovpn-sv-internet-psg \
cipher=aes256 \
auth=sha1 \
default-profile=OVPN \
port=443 \
keepalive-timeout=30
max-mtu=1400 \
require-client-certificate=yes \
#
/ppp secret add \
name=smart \
password=#@SenhaSegura2024#@ \
service=ovpn \
#
/execute \
script="[:put (\"client\ndev tun\nremote 192.0.2.254 443 tcp\ntun-mtu 1400\ntls-client\nnobind\nuser nobody\ngroup nogroup\nping 15\nping-restart 45\npersist-tun\npersist-key\nmute-replay-warnings\nverb 3\ncipher AES-256-CBC\nauth SHA1\npull\nauth-user-pass\nconnect-retry 1\nreneg-sec 3600\nremote-cert-tls server\nroute 0.0.0.0 128.0.0.0\nroute 128.0.0.0 128.0.0.0\n\n\".[file get ca1-ovpn-smart-layer-mhs.crt contents].\"\n\n\".[file get client1-ovpn-admin.crt contents].\"\n\n\".[file get client1-ovpn-admin.key contents].\"\")]" \
file="sv_internet_psg_admin_tcp.ovpn\00" \
#