Community discussions

 
jphconstantin
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Fri Sep 22, 2017 7:17 pm
Location: Switzerland

Several VPN, several certificates

Sun Aug 04, 2019 4:13 pm

Hello,
I configured a VPN/IPSec according to the wiki https://wiki.mikrotik.com/wiki/Manual:I ... entication between my router and an Android tablett: everything is fine.
Now I want to add a new VPN (site to site) by using OVPN.

1) Is it possible to have several VPN ?
2) I already defined 3 certificates (ca,server,client): shall I use ca and server certificates for the second VPN or shall I define others ?

Thank you by advance,
ccr1009-7g-1c-pc
router os v 6.44.3
 
tdw
Member Candidate
Member Candidate
Posts: 173
Joined: Sat May 05, 2018 11:55 am

Re: Several VPN, several certificates

Sun Aug 04, 2019 5:23 pm

Now I want to add a new VPN (site to site) by using OVPN.

1) Is it possible to have several VPN ?
Yes
2) I already defined 3 certificates (ca,server,client): shall I use ca and server certificates for the second VPN or shall I define others ?
The OpenVPN (and SSTP) server only allow a single server certificate to be configured, and client certificates are optional. Ensure you are using a recent version of RouterOS which has the 'Verify server certifcate' checkbox present in the OpenVPN client properties, previous versions did not have this option and were susceptible to man-in-the-middle attacks.

If the existing site will be the only VPN server then create additional client certificates from the existing CA as required. Import the CA, and client certificate if used, at the new site.

If the new site is not only a VPN client to the original site, but will also be a VPN server (so mobile clients can connect to the new site directly) create an additional server certificate with appropriate CN (Common Name) & SAN (Subject Alternate Name) values and import at the new site.

The additional server and client certificates should be exported and imported with private keys.

Who is online

Users browsing this forum: No registered users and 24 guests