ponedeljek, 21. december 2015

Generating self signed certificate for mikrotik SSTP VPN



If you ever traveled around the world, and are a PPTP or L2TP VPN user, you sometimes have troubles connecting to VPN especialy from open WiFi spots or some hotel WiFi networks. Since allot of those networks block all outgoing trafic by port, only alowing port 80 and 443, that are the backbone of internet. In case you use VPN like PPTP, you will not be able to connect since the port used is other then ports mentioned above. It is realy useful too if the WiFI blocks P2P traffic that alot of hotel WiFi networks do. If you have a encrypted connection to your home router, their routers are not able to see the trafic since it is encrypted an therefore cant block it. well the speed is bad but it works…

So if you want to have a SSTP VPN that uses port 443, you will first of all need a self signed certificate and private key. You can get that online, or just make one on your own. Its simple and fast if you know how to do it.

So here is how i got my certificate:


First of all you download OpenVPN version 2.3.2-l003. Just google it and install all the components to default location. You know, next,next,next,…

Go to instalation folder in Easy-RSA folder and rename file vars.bat.something to vars.bat
Now go edit this file in Notepad.

Change these values to your right information. The only one that is realy important is  KEY_CN that must be identical as your static IP address others you can set as you wish.

KEY_COUNTRY=Your Country
KEY_PROVINCE=Whatever
KEY_CITY=Whatever
KEY_ORG=Your Organization if your doing this for your Company
KEY_EMAIL=your email
KEY_CN=YOUR STATIC IP ADDRESS
KEY_NAME=Whatever
KEY_OU=Whatever
PKCS11_MODULE_PATH=changeme
PKCS11_PIN=1234

When done save the bat file and open CMD in administrator mode and go to install directory of OpenVPN in folder Easy-RSA. There run these batch files in order:
1.       Vars.bat
2.       Clean-all.bat
3.       Build-ca.bat

After you done this you go to folder Keys that is located as subfolder in Easy-rsa. There you will find 2 files. CA.CER and CA.KEY. Those are your 2 files you will need for setting up SSTP VPN on a Mikrotik.

Note : the default validity fort his certificate is 10 years and 1024bit RSA encription. If you would like to be more, or less, or even change the name of the Certificate before is generated, edit the build-ca.bat file, before executing it.

In our next blog we will create SSTP  server on Mikrotik And configure a Windows 7/8/10 connection to it.

May the force be with you. :D

Ni komentarjev:

Objavite komentar