基于Mikrotik的RouterOS路由搭建SSTP VPN服务

证书创建

/certificate
add name=ca-template-sstp common-name=ros-sstp-vpn-dtops.cc days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
add name=server-template-sstp common-name=*.ros-sstp-vpn-dtops.cc days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
add name=client-template-sstp common-name=client.ros-sstp-vpn-dtops.cc days-valid=3650 key-size=2048 key-usage=tls-client

/certificate
sign ca-template-sstp name=ca-certificate-sstp
sign server-template-sstp name=server-certificate-sstp ca=ca-certificate-sstp
sign client-template-sstp name=client-certificate-sstp ca=ca-certificate-sstp

基于Mikrotik的RouterOS路由搭建SSTP VPN服务

配置IP池,账号信息,启动服务

/ip pool add name="sstp-vpn-pool" ranges=172.20.252.1-172.20.252.254
/ppp profile add name="sstp-vpn-profile" use-encryption=yes local-address=172.20.0.1 dns-server=139.99.18.82,139.99.115.58 remote-address=sstp-vpn-pool
/ppp secret add name=lookback profile=sstp-vpn-profile password=lookback123 service=sstp
/interface sstp-server server set enabled=yes default-profile=sstp-vpn-profile authentication=mschap2 certificate=server-certificate-sstp force-aes=yes pfs=yes
/ip firewall filter add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment="Allow SSTP"

基于Mikrotik的RouterOS路由搭建SSTP VPN服务

下载CA,导入Windows系统:
基于Mikrotik的RouterOS路由搭建SSTP VPN服务

配置VPN,测试连接
基于Mikrotik的RouterOS路由搭建SSTP VPN服务

基于Mikrotik的RouterOS路由搭建SSTP VPN服务

基于Mikrotik的RouterOS路由搭建SSTP VPN服务

基于Mikrotik的RouterOS路由搭建SSTP VPN服务

总结

/certificate add name=ca-template-sstp common-name=sstp-dt-ros.com days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign
/certificate add name=server-template-sstp common-name=*.sstp-dt-ros.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server
/certificate add name=client-template-sstp common-name=client.sstp-dt-ros.com days-valid=3650 key-size=2048 key-usage=tls-client

/certificate sign ca-template-sstp name=ca-certificate-sstp
/certificate sign server-template-sstp name=server-certificate-sstp ca=ca-certificate-sstp
/certificate sign client-template-sstp name=client-certificate-sstp ca=ca-certificate-sstp

/certificate export-certificate ca-certificate-sstp export-passphrase=""
/certificate export-certificate client-certificate-sstp export-passphrase=12345678

/ip pool add name="sstp-pool" ranges=10.253.252.1-10.253.252.254

/ppp profile add name="sstp-profile" use-encryption=yes local-address=10.0.0.1 dns-server=139.99.18.82,139.99.115.58 remote-address=sstp-pool
/ppp secret add name=lookback password=lookback123 profile=sstp-profile service=sstp

/interface sstp-server server set enabled=yes default-profile=sstp-profile authentication=mschap2 certificate=server-certificate-sstp force-aes=yes pfs=yes
/ip firewall filter add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment="Allow SSTP"

基于Mikrotik的RouterOS路由搭建SSTP VPN服务

  • 本文由 发表于 2018年11月22日15:14:43
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
匿名

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: