Server ip : 192.168.10.1
OpenVPN server bind ip : 172.28.10.1
protocol : udp
auth : sha512
cipher : aes256
client
username : user1
password : user1
user1's ip : 172.28.10.100
allow one connection per user
verify both server certificate and client certificate
OpenVPN server
/certificate
add name=CA common-name=ca key-usage=key-cert-sign,crl-sign days-valid=3650
add name=Server common-name=server key-usage=digital-signature,key-encipherment,tls-server days-valid=3650
add name=Client common-name=client key-usage=tls-client days-valid=3650
sign CA
sign Server ca=CA
sign Client ca=CA
set Server trusted=yes
export-certificate CA file-name=CA type=pkcs12 export-passphrase=""
export-certificate Client file-name=Client type=pkcs12 export-passphrase=12345678
/ppp
profile add name=ovpn local-address=172.28.10.1 use-ipv6=no use-encryption=yes only-one=yes
secret add name=user1 password=user1 service=ovpn profile=ovpn remote-address=172.28.10.100
/interface ovpn-server server set enabled=yes protocol=udp default-profile=ovpn certificate=Server require-client-certificate=yes tls-version=only-1.2 auth=sha512 cipher=aes256
OpenVPN client
/certificate
import name=CA file-name=cert_export_CA.p12 passphrase=""
import name=Client file-name=cert_export_Client.p12 passphrase=12345678
/interface ovpn-client add connect-to=192.168.10.1 protocol=udp user=user1 password=user1 certificate=Client verify-server-certificate=yes tls-version=only-1.2 auth=sha512 cipher=aes256 use-peer-dns=no add-default-route=no disabled=no
