基于Mikrotik的RouterOS路由搭建SSTP VPN服务
1 2 3 4 5 6 7 8 9 | /certificate add name=ca-template-sstp common-name=ros-sstp-vpn-dtops.cc days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign add name=server-template-sstp common-name=*.ros-sstp-vpn-dtops.cc days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server add name=client-template-sstp common-name=client.ros-sstp-vpn-dtops.cc days-valid=3650 key-size=2048 key-usage=tls-client /certificate sign ca-template-sstp name=ca-certificate-sstp sign server-template-sstp name=server-certificate-sstp ca=ca-certificate-sstp sign client-template-sstp name=client-certificate-sstp ca=ca-certificate-sstp |
配置IP池,账号信息,启动服务
1 2 3 4 5 | /ip pool add name= "sstp-vpn-pool" ranges=172.20.252.1-172.20.252.254 /ppp profile add name= "sstp-vpn-profile" use-encryption= yes local -address=172.20.0.1 dns-server=139.99.18.82,139.99.115.58 remote-address=sstp-vpn-pool /ppp secret add name=lookback profile=sstp-vpn-profile password=lookback123 service=sstp /interface sstp-server server set enabled= yes default-profile=sstp-vpn-profile authentication=mschap2 certificate=server-certificate-sstp force-aes= yes pfs= yes /ip firewall filter add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment= "Allow SSTP" |
总结
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 | /certificate add name=ca-template-sstp common-name=sstp-dt-ros.com days-valid=3650 key-size=2048 key-usage=crl-sign,key-cert-sign /certificate add name=server-template-sstp common-name=*.sstp-dt-ros.com days-valid=3650 key-size=2048 key-usage=digital-signature,key-encipherment,tls-server /certificate add name=client-template-sstp common-name=client.sstp-dt-ros.com days-valid=3650 key-size=2048 key-usage=tls-client /certificate sign ca-template-sstp name=ca-certificate-sstp /certificate sign server-template-sstp name=server-certificate-sstp ca=ca-certificate-sstp /certificate sign client-template-sstp name=client-certificate-sstp ca=ca-certificate-sstp /certificate export -certificate ca-certificate-sstp export -passphrase= "" /certificate export -certificate client-certificate-sstp export -passphrase=12345678 /ip pool add name= "sstp-pool" ranges=10.253.252.1-10.253.252.254 /ppp profile add name= "sstp-profile" use-encryption= yes local -address=10.0.0.1 dns-server=139.99.18.82,139.99.115.58 remote-address=sstp-pool /ppp secret add name=lookback password=lookback123 profile=sstp-profile service=sstp /interface sstp-server server set enabled= yes default-profile=sstp-profile authentication=mschap2 certificate=server-certificate-sstp force-aes= yes pfs= yes /ip firewall filter add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment= "Allow SSTP" |