Архив метки: openvpn

OpenVPN на Mikrotik

Настройка OpenVPN сервера на Mikrotik

Создание сертификатов и ключей подписи для сервера и клиента

Сертификаты будем создавать на машине c win10. Скачиваем сам OpenVPN (в моем случае это версия 2.4.6) для генерации сертификатов.

Важно, при установке выбрать все галочки.

Открываем папку “C:Program filesOpenVPNeasy-rsa“, запускаем init-config.bat, появится файл vars.bat.sample, открываем его и редактируем такие строки:
```
set KEY_COUNTRY=BY
set KEY_PROVINCE=GomelRegion
set KEY_CITY=Gomel
set KEY_ORG=VTelecom
set KEY_EMAIL=disnetern@disnetern.ru
set KEY_CN=server
set KEY_NAME=server
set KEY_OU=disnetern
```
Эти параметры оставить неизменными “Key_CN” и “Key_NAME”, остальные можно вписать произвольно. Сохраняем как vars.bat в сваю домашнюю папку (в текущую не разрешат права), а потом перемещаем этот файл в “C:Program filesOpenVPNeasy-rsa” с подтверждением замены.

Теперь открываем openssl-1.0.0.cnf и выставляем параметр default_days=3650 (3650= это 10 лет, можете выставить нужное время истекания сертификата по своему усмотрению ).

Теперь открываем CMD от имени администратора и пишем поочередно команды:
```
cd C:Program FilesOpenVPNeasy-rsa
vars.bat
clean-all.bat
```
«Скопировано файлов: 1». Значит, процедура успешна. Если выдало сообщение ” vars.bat не является внутренней или внешней командой, исполняемой программой или пакетным файлом.” То отредактируйте в этом файле правильные, полные пути до команды.

Далее поочередно вбиваем команды для создания ключей:
```
build-dh 
build-ca
```
Если опять выдало сообщение об ошибке – редактируем полный путь до команды openssl. (В моем случает нужно было указать полный адрес с пробелом, указав его в двойных кавычках). Все вопросы подтверждаем Enter. Дальше набираем:
```
build-key-server server
```
Все вопросы подтверждаем Enter, а на последние два соглашаемся “Y”

Далее создаем сертификат клиента:
```
build-key client
```
При ошибке, редактируем путь. На вопрос Common Name – ввести client. В конце два раза подтвердить “Y”.

С сертификатами готово. Забираем их из папки C:Program FilesOpenVPNeasy-rsakeys : ca.crt, server.crt, server.key

Настройка сервера OpenVPN на mikrotik

Заливаем файлы сертификатов и ключа на роутер Mikrotik, где будем настраивать сервер.

Далее произведём импорт сертификатов, System – Certificates, выбираем поочередно сертификаты из списка ca.crt, server.crt, server.key и жмём кнопку Import:

Создаём новый пул IP адресов для наших клиентов OpenVPN. IP -> Pool, добавили диапазон, например, 172.16.244.10-172.16.244.50, и назвал пул OVPN-pool

Далее создаём PPP профиль. PPP -> Profiles-> вводим имя профиля, локальный адрес роутера, в моем случае 172.16.244.1, с созданным пулом адресов OVPN-pool, остальные настройки выставляем по желанию.

Далее настраиваем сам OpenVPN сервер, PPP->Interface->OVPN Server, ставим Enabled, выбираем нужный порт, mode выставляем ip, выбираем созданный ранее профиль, ставим Require Client Certificate и выбираем сертификат server, остальные параметры по желанию.

Создадим пользователя, переходим в раздел PPP -> Secrets, вводим имя пользователя, пароль, указываем сервис и профиль.

Так как используются сертификаты, необходимо что бы время на сервере и на клиенте совпадало, для этого настраиваем ntp клиент и временную зону на роутере в разделе- System ->Clock/NTP Client. Адреса для NTP клиента можно взять, например, здесь.

Еще не забудьте настроить Ваш фаерфол для разрешения порта для OVPN, IP -> Firewall->Filter Rules

Теперь можно подключаться к нашему OVPN серверу.

Настройка Mikrotik в качестве клиента OpenVPN сервера

Сначала необходимо добавить сертификаты клиента на роутер (client.crt и client.key). Не передавайте никому закрытый ключ сертификата – “ca.key”, имея его можно создавать сертификаты подписанные данным ключом.

Делаем импорт сертификатов, идём в раздел System – Certificates, выбираем поочередно сертификаты client.crt->client.key.

Само соединение OpenVPN настраивается в меню PPP-> добавить OVPN Client

Указываем адрес сервера, логин/пароль, порт, клиентский сертификат и тип шифрования:

Готово! Можем пользоваться.

2018-09-17T13:20:56

MikroTik

MikroTik Site to Site OpenVPN Server Setup (RouterOS Client)

VPN (Virtual Private Network) technology provides a secure and encrypted tunnel across a public network. So, a private network user can send and receive data to any remote private network through VPN tunnel as if his/her network device was directly connected to that private network.

MikroTik OpenVPN Server provides a secure and encrypted tunnel across public network for transporting IP traffic using PPP. OpenVPN Server uses SSL Certificates. So, OpenVPN Tunnel is a trusted tunnel to send and receive data across public network. MikroTik OpenVPN Server can be applied in two methods.

Connecting remote workstation/client with OpenVPN: In this method, OpenVPN client software, installed any operating system such as Windows, can communicate with MikroTik OpenVPN server through OpenVPN tunnel whenever required and can access remote private network as if it was directly connected to the remote private network.
Site to Site OpenVPN: This method is also known as VPN between routers. In this method, an OpenVPN client supported router always establishes an OpenVPN tunnel with MikroTik OpenVPN Server. So, private networks of these routers can communicate with each other as if they were directly connected to the same router.

The goal of this article is to create a site to site OpenVPN Tunnel across public network. So, in this article I will show how to configure OpenVPN Tunnel between two MikroTik RouterOS so that local networks of these routers can communicate with each other as if they were directly connected to the same router.

Network Diagram

To configure a site to site OpenVPN Tunnel between two MikroTik RouterOS, I am following a network diagram like below image.

In this network, Office1 Router is connected to internet through ether1 interface having IP address 192.168.70.2/30. In your real network, this IP address should be replaced with public IP address. Office1 Router’s ether2 interface is connected to local network having IP network 10.10.11.0/24. We will configure OpenVPN Server in this router and after OpenVPN configuration the router will create a virtual interface (OVPN Tunnel) across public network whose IP address will be 172.22.22.1.

On the other hand, Office2 Router is a remote router and can access Office1 Router’s WAN IP. Office2 Router’s ether1 interface is connected to internet having IP address 192.168.40.2/30 and ether2 has a local IP network 10.10.12.0/24. We will configure OpenVPN client in this router and after OpenVPN client configuration the router will have a virtual interface (OVPN Tunnel) across public network whose IP address will be 172.22.22.2.

Core Devices and IP Information

To configure a site to site OpenVPN between two Routers, I am using two MikroTik RouterOS v6.38.1. IP information that I am using for this network configuration are given below.

Office 1 Router WAN IP: 192.168.70.2/30, LAN IP Block 10.10.11.0/24 and Tunnel interface IP 172.22.22.1/30
Office 2 Router WAN IP: 192.168.80.2/30, LAN IP Block 10.10.12.0/24 and Tunnel interface IP 172.22.22.2/30

This IP information is just for my RND purpose. Change this information according to your network requirements.

Site to Site OpenVPN Configuration

We will now start Site to Site OpenVPN configuration with MikroTik Router according to the above network diagram. Complete site to site OpenVPN configuration can be divided into two parts.

Part 1: Office1 Router Configuration for OpenVPN Server
Part 2: Office2 Router Configuration for OpenVPN Client

Part 1: Office1 Router Configuration for OpenVPN Server

We will configure OpenVPN Server in Office1 RouterOS. Complete RouterOS configuration for OpenVPN Server can be divided into four steps.

Step 1: MikroTik RouterOS basic configuration
Step 2: Creating SSL certificate for OpenVPN server
Step 3: OpenVPN Server configuration
Step 4: PPP Secret creation for OpenVPN

Step 1: MikroTik RouterOS Basic Configuration

In MikroTik RouterOS basic configuration, we will assign WAN, LAN and DNS IP and perform NAT and Route configuration. The following steps will show how to do these topics in your RouterOS.

Login to MikroTik RouterOS using winbox and go to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, put WAN IP address (192.168.70.2/30) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and click on Apply and OK button. Click on PLUS SIGN again and put LAN IP (10.10.11.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and click on Apply and OK button.
Go to IP > DNS and put DNS servers IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.
Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Under General tab, choose srcnat from Chain dropdown menu and click on Action tab and then choose masquerade from Action dropdown menu. Click on Apply and OK button.
Go to IP > Routes and click on PLUS SIGN (+). In New Route window, click on Gateway input field and put WAN Gateway address (192.168.70.1) in Gateway input field and click on Apply and OK button.

Basic RouterOS configuration has been completed. Now we will Create SSL certificate for OpenVPN Server.

Step 2: Creating SSL certificate for OpenVPN Server

OpenVPN Server configuration requires SSL certificate because OpenVPN uses SSL certificate for secure communication. MikroTik RouterOS version 6 gives ability to create, store and manage certificates in certificate store. So, we will create required OpenVPN certificate from our RouterOS. OpenVPN Server requires the following certificates:

CA (Certification Authority) certificate and
Server certificate

Creating CA certificate

The following steps will show how to create CA certificate in MikroTik RouterOS.

Go to System > Certificates menu item from winbox and click on Certificates tab and then click on PLUS SIGN (+). New Certificate window will appear.
Put your CA certificate name (for example: ca) in Name input field. Also put a certificate common name (for example: ca) in Common Name input field.
You will find some optional fields in General tab. You can fill if you wish. All fields are self-defined.
Click on Key Usage tab and uncheck all checkboxes except crl sign and key cert. sign
Click on Apply button and then click on Sign button. Sign window will appear now.
Your newly created certificate template will appear in certificate dropdown menu. Select your newly created certificate template if it is not selected.
Put MikroTik Router’s WAN IP address (192.168.70.2) in CA CRL Host input field.
Click on Sign button. Your Sign certificate will be created within few seconds.
Click on OK button to close New Certificate window.
If newly created CA certificate does not show T flag or Trusted property shows no value, double click on your CA certificate and click on Trusted checkbox located at the bottom of General tab and then click on Apply and OK button.

CA certificate has been created successfully. Now we will create server certificate.

Creating Server Certificate

The following steps will show how to create server certificate in MikroTik RouterOS.

Click on PLUS SIGN (+) again. New Certificate window will appear.
Put your server certificate name (for example: server) in Name input field. Also put a certificate common name (for example: server) in Common Name input field.
If you have put any optional field for CA certificate, put them here also.
Click on Key Usage tab and uncheck all checkboxes.
Click on Apply button and then click on Sign button. Sign window will appear now.
Your newly server created certificate template will appear in certificate dropdown menu. Select your newly created certificate template if it is not selected.
Also select CA certificate from CA dropdown menu.
Click on Sign button. Your Sign certificate will be created within few seconds.
Click on OK button to close New Certificate window.
If newly created server certificate does not show T flag or Trusted property shows no value, double click on your server certificate and click on Trusted checkbox located at the bottom of General tab and then click on Apply and OK button.

Server certificate has been created successfully. Now we will enable and configure OpenVPN Server in MikroTik RouterOS.

Step 3: OpenVPN Server Configuration in MikroTik Router

After creating SSL certificate, we are now eligible to enable OpenVPN Server in MikroTik Router. The following steps will show how to enable OpenVPN Server in your MikroTik Router with proper configuration.

Click on PPP menu item from winbox and then click on Interface tab.
Click on OVPN Server button. OVPN Server window will appear.
Click on Enabled checkbox.
From Certificate dropdown menu, choose server certificate that we created before.
From Auth. Panel, uncheck all checkboxes except sha1.
From Cipher panel, uncheck all checkboxes except aes 256.
Now click on Apply and OK button.

OpenVPN Server is now running in MikroTik Router. Now we will create OpenVPN user who will be connected to this server.

Step 4: PPP Secret creation for OpenVPN

After OpenVPN Server setup, we need to create OpenVPN user who will be connected to OpenVPN Server. OpenVPN Server uses PPP user for authentication. So, we will now create PPP secret (username and password) for OpenVPN client. The following steps will show how to create PPP secret in MikroTik Router.

Click on PPP menu item from winbox and then click on Secrets tab.
Click on PLUS SIGN (+). New PPP Secret window will appear.
Put username (For example: sayeed) in Name input and password in Password input field. This username and password will be required at the time of OpenVPN client configuration.
Choose ovpn from Service dropdown menu.
Put Office 1 Router’s virtual interface IP (172.22.22.1) in Local Address input field and put Office 2 Router’s virtual interface IP (172.22.22.2) in Remote Address input field.
Put static routes to reach Office2 Router’s local network in Routes input filed. This route will be added in Office1 Router’s routing table when OpenVPN user will be connected from Office2 Router. The route format is: dst-address gateway metric (example for this configuration: 10.10.12.0/24 172.22.22.2 1). Several routes may be specified separated with commas.
Click on Apply and OK button.

PPP user who will be connected from remote client machine has been created. Whenever your created user will be connected from OpenVPN client router (Office2 Router), the Remote Address IP will be assigned for its virtual interface and the routes will be created in Office1 Router’s routing table so that Office1 Router’s local network can reach remote router’s (Office2 Router) local network.

Office1 Router configuration for OpenVPN Server has been completed. Now Office1 Router is ready to create OpenVPN Tunnel for its OpenVPN user. In the next part, we will configure our Office2 Router so that it can connect to Office1 Router through OVPN Tunnel to reach Office1 Router’s local network.

Part 2: Office2 Router Configuration for OpenVPN Client

According to our network diagram, Office2 Router is working as an OpenVPN client router. So, we will configure OpenVPN client in Office2 Router. Complete RouterOS configuration can be divided into three steps.

Basic RouterOS Configuration
OpenVPN client configuration
Static route configuration

Step 1: Basic RouterOS Configuration

Basic RouterOS configuration includes assigning WAN, LAN and DNS IP as well as NAT and Route configuration. The following steps will guide you about basic RouterOS configuration.

Login to Office2 RouterOS using winbox and go to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, put WAN IP address (192.168.80.2/30) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and click on Apply and OK button. Click on PLUS SIGN again and put LAN IP (10.10.12.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and click on Apply and OK button.
Go to IP > DNS and put DNS servers IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.
Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Under General tab, choose srcnat from Chain dropdown menu and click on Action tab and then choose masquerade from Action dropdown menu. Click on Apply and OK button.
Go to IP > Routes and click on PLUS SIGN (+). In New Route window, click on Gateway input field and put WAN Gateway address (192.168.80.1) in Gateway input field and click on Apply and OK button.

Basic RouterOS configuration in Office2 Router has been completed. Now it is time to create OpenVPN Client in our MikroTik Router.

Step 2: OpenVPN Client Configuration

After completing RouterOS basic configuration, we will now configure OpenVPN client in Office2 Router. The following steps will show you how to create OVPN client in your MikroTik Router.

Click on Interfaces menu item from winbox and then click on Interface tab. Click on PLUS SIGN (+) dropdown menu and then choose OVPN Client option. New Interface window will appear.
Click on General tab and put OpenVPN interface name (openvpn-server) in Name input field.
Click on Dial Out tab and put Office1 Router’s WAN IP (192.168.70.2) in Connect To input field. This IP must be reachable from Office2 Router.
Put username (sayeed) and password that you have provided in Office1 Router’s PPP user configuration, in User and Password input field respectively.
From dropdown menu, choose sha1 encryption method.
From Cipher dropdown menu, choose aes 256
Click on Apply and OK button.

As soon as you provide the above information, an OVPN Tunnel will be created between Office1 and Office2 Router and provided local and remote IP address will be assigned in office1 and Office2 Router’s virtual interface respectively. At this stage, Office1 Router as well as its local network will be able to reach Office2 Router and its local network but Office2 Router and its local network will only be able to reach Office1 Router but not its local network. To reach Office1 Router’s local network, a static route must be added in Office2 Router’s routing table.

Step 3: Static Route Configuration

After configuring OVPN Client in Office2 Router, Office 2 Router can only access Office 1 Router but not its local network. To solve this issue, a route is required in Office2 Router’s routing table. The following steps will show how to add a route in Office2 Router’s routing table statically.

Go to IP > Routes and then click on PLUS SIGN (+).
In New Route window, provide Office1 Router’s local network (10.10.11.0/24) where you want to reach, in Dst. Address input field.
Click on Gateway input field and then choose OpenVPN client interface (openvpn-server) that you have created at the of OVPN client configuration, from Gateway dropdown menu.
Click on Apply and OK button.

Now Office 2 Router and its local network will be able to access Office 1 Router’s local network.

Office1 Router and Office2 Router Configuration for establishing an OVPN Tunnel between them has been completed. Now both router’s local networks are eligible to access each other. To check your configuration, do a ping request from any local network machine to other local network machine. If everything is OK, your ping request will be success.

Follow below video if you face any confusion to configure site to site OpenVPN in MikroTik Router. I think it will reduce your any confusion.

<br /> <a href="https://youtu.be/-RZfqIQ6PeA" target="_blank" style="position:absolute; top:0; left:0; display:inline-block; width:100%; height:100%; z-index:5;" rel="noopener noreferrer"> </div><p><br /> <br /> <br /> </p><p><strong>MikroTik VPN Configuration with Site to Site OpenVPN Service</strong> has been explained in this article. I hope you will be able to configure your Site to Site VPN with MikroTik OpenVPN service if you follow the above explanation carefully. However, if you face any confusion to do above steps properly, feel free to discuss in comment or contact with me from <a href="https://systemzone.net/contact/" target="_blank" rel="noopener noreferrer">Contact</a> page. I will try my best to stay with you.</p><p><br /> <br /> </p><div class="date">2018-04-09T22:11:25</div><div id="name">MikroTik Router Tutorials & Guides</div><p><script data-no-optimize="1">!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).LazyLoad=e()}(this,function(){"use strict";function e(){return(e=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n,a=arguments[e];for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(t[n]=a[n])}return t}).apply(this,arguments)}function i(t){return e({},it,t)}function o(t,e){var n,a="LazyLoad::Initialized",i=new t(e);try{n=new CustomEvent(a,{detail:{instance:i}})}catch(t){(n=document.createEvent("CustomEvent")).initCustomEvent(a,!1,!1,{instance:i})}window.dispatchEvent(n)}function l(t,e){return t.getAttribute(gt+e)}function c(t){return l(t,bt)}function s(t,e){return function(t,e,n){e=gt+e;null!==n?t.setAttribute(e,n):t.removeAttribute(e)}(t,bt,e)}function r(t){return s(t,null),0}function u(t){return null===c(t)}function d(t){return c(t)===vt}function f(t,e,n,a){t&&(void 0===a?void 0===n?t(e):t(e,n):t(e,n,a))}function _(t,e){nt?t.classList.add(e):t.className+=(t.className?" ":"")+e}function v(t,e){nt?t.classList.remove(e):t.className=t.className.replace(new RegExp("(^|\\s+)"+e+"(\\s+|$)")," ").replace(/^\s+/,"").replace(/\s+$/,"")}function g(t){return t.llTempImage}function b(t,e){!e||(e=e._observer)&&e.unobserve(t)}function p(t,e){t&&(t.loadingCount+=e)}function h(t,e){t&&(t.toLoadCount=e)}function n(t){for(var e,n=[],a=0;e=t.children[a];a+=1)"SOURCE"===e.tagName&&n.push(e);return n}function m(t,e){(t=t.parentNode)&&"PICTURE"===t.tagName&&n(t).forEach(e)}function a(t,e){n(t).forEach(e)}function E(t){return!!t[st]}function I(t){return t[st]}function y(t){return delete t[st]}function A(e,t){var n;E(e)||(n={},t.forEach(function(t){n[t]=e.getAttribute(t)}),e[st]=n)}function k(a,t){var i;E(a)&&(i=I(a),t.forEach(function(t){var e,n;e=a,(t=i[n=t])?e.setAttribute(n,t):e.removeAttribute(n)}))}function L(t,e,n){_(t,e.class_loading),s(t,ut),n&&(p(n,1),f(e.callback_loading,t,n))}function w(t,e,n){n&&t.setAttribute(e,n)}function x(t,e){w(t,ct,l(t,e.data_sizes)),w(t,rt,l(t,e.data_srcset)),w(t,ot,l(t,e.data_src))}function O(t,e,n){var a=l(t,e.data_bg_multi),i=l(t,e.data_bg_multi_hidpi);(a=at&&i?i:a)&&(t.style.backgroundImage=a,n=n,_(t=t,(e=e).class_applied),s(t,ft),n&&(e.unobserve_completed&&b(t,e),f(e.callback_applied,t,n)))}function N(t,e){!e||0<e.loadingCount||0<e.toLoadCount||f(t.callback_finish,e)}function C(t,e,n){t.addEventListener(e,n),t.llEvLisnrs[e]=n}function M(t){return!!t.llEvLisnrs}function z(t){if(M(t)){var e,n,a=t.llEvLisnrs;for(e in a){var i=a[e];n=e,i=i,t.removeEventListener(n,i)}delete t.llEvLisnrs}}function R(t,e,n){var a;delete t.llTempImage,p(n,-1),(a=n)&&--a.toLoadCount,v(t,e.class_loading),e.unobserve_completed&&b(t,n)}function T(o,r,c){var l=g(o)||o;M(l)||function(t,e,n){M(t)||(t.llEvLisnrs={});var a="VIDEO"===t.tagName?"loadeddata":"load";C(t,a,e),C(t,"error",n)}(l,function(t){var e,n,a,i;n=r,a=c,i=d(e=o),R(e,n,a),_(e,n.class_loaded),s(e,dt),f(n.callback_loaded,e,a),i||N(n,a),z(l)},function(t){var e,n,a,i;n=r,a=c,i=d(e=o),R(e,n,a),_(e,n.class_error),s(e,_t),f(n.callback_error,e,a),i||N(n,a),z(l)})}function G(t,e,n){var a,i,o,r,c;t.llTempImage=document.createElement("IMG"),T(t,e,n),E(c=t)||(c[st]={backgroundImage:c.style.backgroundImage}),o=n,r=l(a=t,(i=e).data_bg),c=l(a,i.data_bg_hidpi),(r=at&&c?c:r)&&(a.style.backgroundImage='url("'.concat(r,'")'),g(a).setAttribute(ot,r),L(a,i,o)),O(t,e,n)}function D(t,e,n){var a;T(t,e,n),a=e,e=n,(t=It[(n=t).tagName])&&(t(n,a),L(n,a,e))}function V(t,e,n){var a;a=t,(-1<yt.indexOf(a.tagName)?D:G)(t,e,n)}function F(t,e,n){var a;t.setAttribute("loading","lazy"),T(t,e,n),a=e,(e=It[(n=t).tagName])&&e(n,a),s(t,vt)}function j(t){t.removeAttribute(ot),t.removeAttribute(rt),t.removeAttribute(ct)}function P(t){m(t,function(t){k(t,Et)}),k(t,Et)}function S(t){var e;(e=At[t.tagName])?e(t):E(e=t)&&(t=I(e),e.style.backgroundImage=t.backgroundImage)}function U(t,e){var n;S(t),n=e,u(e=t)||d(e)||(v(e,n.class_entered),v(e,n.class_exited),v(e,n.class_applied),v(e,n.class_loading),v(e,n.class_loaded),v(e,n.class_error)),r(t),y(t)}function $(t,e,n,a){var i;n.cancel_on_exit&&(c(t)!==ut||"IMG"===t.tagName&&(z(t),m(i=t,function(t){j(t)}),j(i),P(t),v(t,n.class_loading),p(a,-1),r(t),f(n.callback_cancel,t,e,a)))}function q(t,e,n,a){var i,o,r=(o=t,0<=pt.indexOf(c(o)));s(t,"entered"),_(t,n.class_entered),v(t,n.class_exited),i=t,o=a,n.unobserve_entered&&b(i,o),f(n.callback_enter,t,e,a),r||V(t,n,a)}function H(t){return t.use_native&&"loading"in HTMLImageElement.prototype}function B(t,i,o){t.forEach(function(t){return(a=t).isIntersecting||0<a.intersectionRatio?q(t.target,t,i,o):(e=t.target,n=t,a=i,t=o,void(u(e)||(_(e,a.class_exited),$(e,n,a,t),f(a.callback_exit,e,n,t))));var e,n,a})}function J(e,n){var t;et&&!H(e)&&(n._observer=new IntersectionObserver(function(t){B(t,e,n)},{root:(t=e).container===document?null:t.container,rootMargin:t.thresholds||t.threshold+"px"}))}function K(t){return Array.prototype.slice.call(t)}function Q(t){return t.container.querySelectorAll(t.elements_selector)}function W(t){return c(t)===_t}function X(t,e){return e=t||Q(e),K(e).filter(u)}function Y(e,t){var n;(n=Q(e),K(n).filter(W)).forEach(function(t){v(t,e.class_error),r(t)}),t.update()}function t(t,e){var n,a,t=i(t);this._settings=t,this.loadingCount=0,J(t,this),n=t,a=this,Z&&window.addEventListener("online",function(){Y(n,a)}),this.update(e)}var Z="undefined"!=typeof window,tt=Z&&!("onscroll"in window)||"undefined"!=typeof navigator&&/(gle|ing|ro)bot|crawl|spider/i.test(navigator.userAgent),et=Z&&"IntersectionObserver"in window,nt=Z&&"classList"in document.createElement("p"),at=Z&&1<window.devicePixelRatio,it={elements_selector:".lazy",container:tt||Z?document:null,threshold:300,thresholds:null,data_src:"src",data_srcset:"srcset",data_sizes:"sizes",data_bg:"bg",data_bg_hidpi:"bg-hidpi",data_bg_multi:"bg-multi",data_bg_multi_hidpi:"bg-multi-hidpi",data_poster:"poster",class_applied:"applied",class_loading:"litespeed-loading",class_loaded:"litespeed-loaded",class_error:"error",class_entered:"entered",class_exited:"exited",unobserve_completed:!0,unobserve_entered:!1,cancel_on_exit:!0,callback_enter:null,callback_exit:null,callback_applied:null,callback_loading:null,callback_loaded:null,callback_error:null,callback_finish:null,callback_cancel:null,use_native:!1},ot="src",rt="srcset",ct="sizes",lt="poster",st="llOriginalAttrs",ut="loading",dt="loaded",ft="applied",_t="error",vt="native",gt="data-",bt="ll-status",pt=[ut,dt,ft,_t],ht=[ot],mt=[ot,lt],Et=[ot,rt,ct],It={IMG:function(t,e){m(t,function(t){A(t,Et),x(t,e)}),A(t,Et),x(t,e)},IFRAME:function(t,e){A(t,ht),w(t,ot,l(t,e.data_src))},VIDEO:function(t,e){a(t,function(t){A(t,ht),w(t,ot,l(t,e.data_src))}),A(t,mt),w(t,lt,l(t,e.data_poster)),w(t,ot,l(t,e.data_src)),t.load()}},yt=["IMG","IFRAME","VIDEO"],At={IMG:P,IFRAME:function(t){k(t,ht)},VIDEO:function(t){a(t,function(t){k(t,ht)}),k(t,mt),t.load()}},kt=["IMG","IFRAME","VIDEO"];return t.prototype={update:function(t){var e,n,a,i=this._settings,o=X(t,i);{if(h(this,o.length),!tt&&et)return H(i)?(e=i,n=this,o.forEach(function(t){-1!==kt.indexOf(t.tagName)&&F(t,e,n)}),void h(n,0)):(t=this._observer,i=o,t.disconnect(),a=t,void i.forEach(function(t){a.observe(t)}));this.loadAll(o)}},destroy:function(){this._observer&&this._observer.disconnect(),Q(this._settings).forEach(function(t){y(t)}),delete this._observer,delete this._settings,delete this.loadingCount,delete this.toLoadCount},loadAll:function(t){var e=this,n=this._settings;X(t,n).forEach(function(t){b(t,e),V(t,n,e)})},restoreAll:function(){var e=this._settings;Q(e).forEach(function(t){U(t,e)})}},t.load=function(t,e){e=i(e);V(t,e)},t.resetStatus=function(t){r(t)},Z&&function(t,e){if(e)if(e.length)for(var n,a=0;n=e[a];a+=1)o(t,n);else o(t,e)}(t,window.lazyLoadOptions),t});!function(e,t){"use strict";function a(){t.body.classList.add("litespeed_lazyloaded")}function n(){console.log("[LiteSpeed] Start Lazy Load Images"),d=new LazyLoad({elements_selector:"[data-lazyloaded]",callback_finish:a}),o=function(){d.update()},e.MutationObserver&&new MutationObserver(o).observe(t.documentElement,{childList:!0,subtree:!0,attributes:!0})}var d,o;e.addEventListener?e.addEventListener("load",n,!1):e.attachEvent("onload",n)}(window,document);</script><script data-optimized="1" type="litespeed/javascript" data-src="https://readmag.ru/wp-content/litespeed/js/4500e12d47122e2e7251a4a42085ff7c.js?ver=b5696"></script><script>const litespeed_ui_events=["mouseover","click","keydown","wheel","touchmove","touchstart"];var urlCreator=window.URL||window.webkitURL;function litespeed_load_delayed_js_force(){console.log("[LiteSpeed] Start Load JS Delayed"),litespeed_ui_events.forEach(e=>{window.removeEventListener(e,litespeed_load_delayed_js_force,{passive:!0})}),document.querySelectorAll("iframe[data-litespeed-src]").forEach(e=>{e.setAttribute("src",e.getAttribute("data-litespeed-src"))}),"loading"==document.readyState?window.addEventListener("DOMContentLoaded",litespeed_load_delayed_js):litespeed_load_delayed_js()}litespeed_ui_events.forEach(e=>{window.addEventListener(e,litespeed_load_delayed_js_force,{passive:!0})});async function litespeed_load_delayed_js(){let t=[];for(var d in document.querySelectorAll('script[type="litespeed/javascript"]').forEach(e=>{t.push(e)}),t)await new Promise(e=>litespeed_load_one(t[d],e));document.dispatchEvent(new Event("DOMContentLiteSpeedLoaded")),window.dispatchEvent(new Event("DOMContentLiteSpeedLoaded"))}function litespeed_load_one(t,e){console.log("[LiteSpeed] Load ",t);var d=document.createElement("script");d.addEventListener("load",e),d.addEventListener("error",e),t.getAttributeNames().forEach(e=>{"type"!=e&&d.setAttribute("data-src"==e?"src":e,t.getAttribute(e))});let a=!(d.type="text/javascript");!d.src&&t.textContent&&(d.src=litespeed_inline2src(t.textContent),a=!0),t.after(d),t.remove(),a&&e()}function litespeed_inline2src(t){try{var d=urlCreator.createObjectURL(new Blob([t.replace(/^(?:)?$/gm,"$1")],{type:"text/javascript"}))}catch(e){d="data:text/javascript;base64,"+btoa(t.replace(/^(?:)?$/gm,"$1"))}return d}</script></body></p></div><footer class="entry-meta"> Опубликованно в разделе <a href="https://readmag.ru/category/post" rel="category tag">Публикации</a> прикрепленные теги <a href="https://readmag.ru/tag/mikrotik" rel="tag">Mikrotik</a>, <a href="https://readmag.ru/tag/mikrotik-router-tutorials-guides" rel="tag">MikroTik Router Tutorials & Guides</a>, <a href="https://readmag.ru/tag/openvpn" rel="tag">openvpn</a> Дата публикации <a href="https://readmag.ru/post/mikrotik-site-to-site-openvpn-server-setup-routeros-client.html" title="10:11 пп" rel="bookmark"><time class="entry-date" datetime="2018-04-09T22:11:25+04:00">9 апреля, 2018</time></a><span class="by-author"> автор: <span class="author vcard"><a class="url fn n" href="https://readmag.ru/author/admin" title="Посмотреть все записи автора admin" rel="author">admin</a></span></span>.</footer></article><article id="post-71196" class="post-71196 post type-post status-publish format-standard hentry category-post tag-mikrotik tag-mikrotik-router-tutorials-guides tag-openvpn"><header class="entry-header"><h1 class="entry-title"> <a href="https://readmag.ru/post/mikrotik-openvpn-setup-with-windows-client.html" rel="bookmark">MikroTik OpenVPN Setup with Windows Client</a></h1></header><div class="entry-content"><p><body></p><p><strong>VPN </strong>(<strong>V</strong>irtual <strong>P</strong>rivate <strong>N</strong>etwork) technology provides a secure and encrypted tunnel across a public network. So, a private network user can send and receive data to any remote private network through VPN tunnel as if his/her network device was directly connected to that private network.</p><p><br /> <br /> <br /> </p><p>MikroTik OpenVPN Server provides a secure and encrypted tunnel across public network for transporting IP traffic using PPP. OpenVPN uses SSL Certificates. So, OpenVPN Tunnel is a trusted tunnel to send and receive data across public network. MikroTik OpenVPN Server can be applied in two methods.</p><p><br /> <br /> <br /> </p><ul><li><strong>Connecting remote workstation/client: </strong>In this method, OpenVPN client software installed any operating system such as Windows can communicate with MikroTik OpenVPN server through OpenVPN tunnel whenever required and can access remote private network as if it was directly connected to the remote private network.</li><li><strong>Site to Site OpenVPN: </strong>This method is also known as VPN between routers. In this method, an OpenVPN client supported router always establishes an OpenVPN tunnel with MikroTik OpenVPN Server. So, private networks of these routers can communicate with each other as if they were directly connected to the same router.</li></ul><p><br /> <br /> <br /> </p><p>The goal of this article is to connect a remote client using OpenVPN Tunnel across public network. So, in this article I will only show how to configure MikroTik OpenVPN Server for connecting a remote workstation/client (Windows Client).</p><p><br /> <br /> <br /> </p><p><strong>Network Diagram</strong></p><p><br /> <br /> <br /> </p><p>To configure a MikroTik OpenVPN Tunnel for connecting a remote workstation/client, I am following a network diagram like below image.</p><p><br /> <br /> <br /> </p><div class="wp-block-image size-full wp-image-2085"><figure class="aligncenter"><img data-lazyloaded="1" src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2MDAiIGhlaWdodD0iMzQwIiB2aWV3Qm94PSIwIDAgNjAwIDM0MCI+PHJlY3Qgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgc3R5bGU9ImZpbGw6I2NmZDRkYjtmaWxsLW9wYWNpdHk6IDAuMTsiLz48L3N2Zz4=" loading="lazy" decoding="async" width="600" height="340" data-src="https://readmag.ru/wp-content/uploads/2018/04/openvpn-remote-office-network.jpg" alt="OpenVPN Remote Office Network" class="wp-image-2085" data-srcset="https://readmag.ru/wp-content/uploads/2018/04/openvpn-remote-office-network.jpg 600w, https://readmag.ru/wp-content/uploads/2018/04/openvpn-remote-office-network-90x51.jpg 90w, https://readmag.ru/wp-content/uploads/2018/04/openvpn-remote-office-network-353x200.jpg 353w" data-sizes="(max-width: 600px) 100vw, 600px"/><figcaption>OpenVPN Remote Office Network</figcaption></figure></div><p><br /> <br /> <br /> </p><p>In this network, MikroTik Router (<strong><em>RouterOS</em></strong><strong><em> </em></strong><strong><em>v6.38.1</em></strong>) is connected to internet through ether1 interface having IP address 192.168.30.2/30. In your real network, this IP address should be replaced with public IP address. MikroTik Router’s ether2 interface is connected to local network having IP network 10.10.11.0/24. We will configure OpenVPN server in this router and after OpenVPN configuration the router will create a virtual interface (OpenVPN Tunnel) across public network whose IP address will be 10.10.11.1. On the other hand, a remote laptop (workstation/client) is connected to internet and wants to connect to our OpenVPN server for accessing local network resources. We will configure OpenVPN client in this laptop and after establishing an OpenVPN Tunnel across public network, this laptop will get a MikroTik Router’s local IP 10.10.11.10 and will be able to access MikroTik Router’s private network.</p><p><br /> <br /> <br /> </p><h2 class="wp-block-heading">MikroTik OpenVPN Server Configuration</h2><p><br /> <br /> <br /> </p><p>We will now start OpenVPN Server configuration. Complete OpenVPN configuration can be divided into two parts.</p><p><br /> <br /> <br /> </p><ul><li>Part 1: OpenVPN Server Configuration in MikroTik Router</li><li>Part 2: OpenVPN Client Configuration in Windows OS</li></ul><p><br /> <br /> <br /> </p><h3 class="wp-block-heading">Part 1: OpenVPN Server Configuration in MikroTik Router</h3><p><br /> <br /> <br /> </p><p>According to our network diagram, MikroTik Router is our OpenVPN Server. So, we will setup and configure OpenVPN Server in MikroTik Router. Complete MikroTik RouterOS configuration for OpenVPN Server can be divided into five steps.</p><p><br /> <br /> </p><div style="margin-bottom:15px;margin-top:5px" class="aicp"><script async="" src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"/>  <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-9968584289141188" data-ad-slot="9607722129" data-ad-format="auto" data-full-width-responsive="true"/> <script> (adsbygoogle = window.adsbygoogle || []).push({}); ]]></script></div><p><br /> <br /> <br /> </p><ul><li>Step 1: MikroTik Router basic configuration</li><li>Step 2: Creating SSL certificate for OpenVPN server and client</li><li>Step 3: OpenVPN Server configuration</li><li>Step 4: PPP Secret creation for OpenVPN client</li><li>Step 5: Enabling Proxy ARP on LAN interface</li></ul><p><br /> <br /> <br /> </p><p><strong>Step 1: MikroTik Router basic configuration</strong></p><p><br /> <br /> <br /> </p><p>In MikroTik Router basic configuration, we will assign WAN, LAN and DNS IP and perform NAT and Route configuration. The following steps will show how to do these topics in your RouterOS.</p><p><br /> <br /> <br /> </p><ul><li>Login to MikroTik RouterOS using winbox and go to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, put WAN IP address (192.168.30.2/30) in Address input field and choose WAN interface (ether1) from Interface dropdown menu and click on Apply and OK button. Click on PLUS SIGN again and put LAN IP (10.10.11.1/24) in Address input field and choose LAN interface (ether2) from Interface dropdown menu and click on Apply and OK button.</li><li>Go to IP > DNS and put DNS servers IP (8.8.8.8 or 8.8.4.4) in Servers input field and click on Apply and OK button.</li><li>Go to IP > Firewall and click on NAT tab and then click on PLUS SIGN (+). Under General tab, choose <em><u>srcnat</u></em> from Chain dropdown menu and click on Action tab and then choose <em>masquerade</em> from Action dropdown menu. Click on Apply and OK button.</li><li>Go to IP > Routes and click on PLUS SIGN (+). In New Route window, click on Gateway input field and put WAN Gateway address (192.168.30.1) in Gateway input field and click on Apply and OK button.</li></ul><p><br /> <br /> <br /> </p><p>Basic RouterOS configuration has been completed. Now we will Create SSL certificate for OpenVPN server and client.</p><p><br /> <br /> <br /> </p><p><strong>Step 2: Creating SSL certificate for OpenVPN Server and Client</strong></p><p><br /> <br /> <br /> </p><p>OpenVPN server and client configuration requires SSL certificate because OpenVPN uses SSL certificate for secure communication. MikroTik RouterOS version 6 gives ability to create, store and manage certificates in certificate store. So, we will create required OpenVPN certificate from our RouterOS. OpenVPN server and client configuration requires three types of certificates:</p><p><br /> <br /> <br /> </p><ol><li>CA (Certification Authority) certificate</li><li>Server certificate and</li><li>Client certificate</li></ol><p><br /> <br /> <br /> </p><p><strong>Creating CA certificate</strong></p><p><br /> <br /> <br /> </p><p>The following steps will show how to create CA certificate in MikroTik RouterOS.</p><p><br /> <br /> </p><div style="margin-bottom:15px;margin-top:15px" class="aicp"><script="" type="litespeed/javascript" data-src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"/> <ins class="adsbygoogle" style="display:block; text-align:center;" data-ad-layout="in-article" data-ad-format="fluid" data-ad-client="ca-pub-9968584289141188" data-ad-slot="2484076935"/> <script> (adsbygoogle = window.adsbygoogle || []).push({}); ]]></script></div><p><br /> <br /> <br /> </p><ul><li>Go to System > Certificates menu item from winbox and click on Certificates tab and then click on PLUS SIGN (+). New Certificate window will appear.</li><li>Put your CA certificate name (for example: ca) in Name input field. Also put a certificate common name (for example: ca) in Common Name input field.</li><li>You will find some optional fields in General tab. You can fill if you wish. All fields are self-defined.</li><li>Click on Key Usage tab and uncheck all checkboxes except <em>crl sign</em> and <em>key cert. sign </em></li><li>Click on Apply button and then click on Sign button. Sign window will appear now.</li><li>Your newly created certificate template will appear in certificate dropdown menu. Select your newly created certificate template if it is not selected.</li><li>Put MikroTik Router’s WAN IP address (192.168.30.2) in CA CRL Host input field.</li><li>Click on Sign button. Your Sign certificate will be created within few seconds.</li><li>Click on OK button to close New Certificate window.</li><li>If newly created CA certificate does not show T flag or Trusted property shows <em>no</em> value, double click on your CA certificate and click on Trusted checkbox located at the bottom of General tab and then click on Apply and OK button.</li></ul><p><br /> <br /> <br /> </p><p>CA certificate has been created successfully. Now we will create server certificate.</p><p><br /> <br /> <br /> </p><p><strong>Creating Server Certificate </strong></p><p><br /> <br /> <br /> </p><p>The following steps will show how to create server certificate in MikroTik RouterOS.</p><p><br /> <br /> <br /> </p><ul><li>Click on PLUS SIGN (+) again. New Certificate window will appear.</li><li>Put your server certificate name (for example: server) in Name input field. Also put a certificate common name (for example: server) in Common Name input field.</li><li>If you have put any optional field for CA certificate, put them here also.</li><li>Click on Key Usage tab and uncheck all checkboxes except <em>digital signature</em>, <em>key encipherment</em> and <em>tls server</em></li><li>Click on Apply button and then click on Sign button. Sign window will appear now.</li><li>Your newly server created certificate template will appear in certificate dropdown menu. Select your newly created certificate template if it is not selected.</li><li>Also select CA certificate from CA dropdown menu.</li><li>Click on Sign button. Your Sign certificate will be created within few seconds.</li><li>Click on OK button to close New Certificate window.</li><li>If newly created server certificate does not show T flag or Trusted property shows <em>no</em> value, double click on your server certificate and click on Trusted checkbox located at the bottom of General tab and then click on Apply and OK button.</li></ul><p><br /> <br /> <br /> </p><p>Server certificate has been created successfully. Now we will create client certificate.</p><p><br /> <br /> <br /> </p><p><strong>Creating Client Certificate</strong></p><p><br /> <br /> <br /> </p><p>The following steps will show how to create client certificate in MikroTik RouterOS.</p><p><br /> <br /> <br /> </p><ul><li>Click on PLUS SIGN (+) again. New Certificate window will appear.</li><li>Put your client certificate name (for example: client) in Name input field. Also put a certificate common name (for example: client) in Common Name input field.</li><li>If you have put any optional field for CA certificate, put them here also.</li><li>Click on Key Usage tab and uncheck all checkboxes except <em>tls client</em></li><li>Click on Apply button and then click on Sign button. Sign window will appear now.</li><li>Your newly created client certificate template will appear in certificate dropdown menu. Select your newly created certificate template if it is not selected.</li><li>Also select CA certificate from CA dropdown menu.</li><li>Click on Sign button. Your Sign certificate will be created within few seconds.</li><li>Click on OK button to close New Certificate window.</li><li>Client certificate does not require T flag.</li></ul><p><br /> <br /> <br /> </p><p>Client certificate has been created successfully. Now we will export CA and Client certificates so that OpenVPN client can use this certificate.</p><p><br /> <br /> </p><div style="margin-bottom:15px;margin-top:5px" class="aicp"><script async="" src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"/>  <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-9968584289141188" data-ad-slot="9607722129" data-ad-format="auto" data-full-width-responsive="true"/> <script> (adsbygoogle = window.adsbygoogle || []).push({}); ]]></script></div><p><br /> <br /> <br /> </p><p><strong>Exporting CA and Client Certificates</strong></p><p><br /> <br /> <br /> </p><p>OpenVPN server will use server certificate from MikroTik RouterOS certificate store. But client certificate has to supply to the OpenVPN client. So, we need to export client certificate as well as CA certificate from RouterOS certificate store. The following steps will show how to export CA certificate and client certificate from MikroTik certificate store.</p><p><br /> <br /> <br /> </p><ul><li>Click twice on your CA certificate and then click on Export button from right button panel. Export window will appear.</li><li>Choose your CA certificate from Certificate dropdown menu.</li><li>Click on Export button now. Your CA certificate will be exported and Export window will be closed. Your exported CA certificate will be stored in File List.</li><li>Again, click on Export button from right button panel and choose your client certificate from Certificate dropdown menu.</li><li>Put a password in Export Passphrase input field. The password must be at least 8 characters and this password has to provide when OpenVPN client will be connected.</li><li>Click on Export button now. Your client certificate and key file will be exported in File List.</li><li>Now click on Files menu from winbox left menu panel. You will find two certificate file (.crt) and one key (.key) are exported here.</li><li>Drag and Drop these three files in a folder on your Desktop. We will use these files when OpenVPN client will be configured.</li></ul><p><br /> <br /> <br /> </p><p>Creating SSL certificate for OpenVPN server and client has been completed. Now we will configure our OpenVPN Server in MikroTik Router.</p><p><br /> <br /> <br /> </p><p><strong>Step 3: OpenVPN Server Configuration in MikroTik Router</strong></p><p><br /> <br /> <br /> </p><p>After creating SSL certificate, we are now eligible to enable OpenVPN Server in MikroTik Router. The following steps will show how to enable OpenVPN Server in your MikroTik Router with proper configuration.</p><p><br /> <br /> <br /> </p><ul class="clearfix"><li/></ul><p><br /> <br /> <br /> </p><ul class="clearfix"><li>Click on PPP menu item from winbox and then click on Interface tab.</li><li>Click on OVPN Server button. OVPN Server window will appear.</li><li>Click on <em>Enabled</em> checkbox.</li><li>From Certificate dropdown menu, choose server certificate that we created before. Also click on Require Client Certificate checkbox.</li><li>From Auth. Panel, uncheck all checkboxes except sha1.</li><li>From Cipher panel, uncheck all checkboxes except aes 256.</li><li>Now click on Apply and OK button.</li></ul><p><br /> <br /> <br /> </p><p>OpenVPN Server is now running in MikroTik Router. Now we will create OpenVPN user who will be connected to this server.</p><p><br /> <br /> <br /> </p><p><strong>Step 4: PPP Secret creation for OpenVPN client</strong></p><p><br /> <br /> <br /> </p><p>After OpenVPN Server setup, we need to create OpenVPN user who will be connected to OpenVPN Server. OpenVPN Server uses PPP user for authentication. So, we will now create PPP secret (username and password) for OpenVPN client. The following steps will show how to create PPP secret in MikroTik Router.</p><p><br /> <br /> <br /> </p><ul><li>Click on PPP menu item from winbox and then click on Secrets tab.</li><li>Click on PLUS SIGN (+). New PPP Secret window will appear.</li><li>Put username (For example: <em>sayeed</em>) in Name input and password in Password input field. This username and password will be required at the time of OpenVPN client configuration.</li><li>Choose <em>ovpn</em> from Service dropdown menu.</li><li>Put the gateway IP (10.10.11.1) in Local Address input field and put a LAN IP (10.10.11.10) that will be assigned in client workstation when this user will be connected, in Remote Address input field.</li><li>Click on Apply and OK button.</li></ul><p><br /> <br /> <br /> </p><p>PPP user who will be connected from remote client machine has been created. At this point, if the user gets connected from the remote client machine and try to ping any workstation from the remote machine, the ping will time out because the remote client is unable to get ARPs from workstations. The solution is to set up proxy-arp on the LAN interface.</p><p><br /> <br /> <br /> </p><p><strong>Step 4: Enabling Proxy ARP on LAN Interface</strong></p><p><br /> <br /> <br /> </p><p>The following steps will show how to enable proxy-arp on the LAN interface.</p><p><br /> <br /> <br /> </p><ul><li>Click on <em>Interfaces</em>menu item from winbox and then click on interface tab.</li><li>Click twice on your LAN interface (ether2). Interface property window will appear.</li><li>Under General tab, choose <em>proxy-arp from ARP dropdown menu. </em></li><li><em>Click Apply and OK button. </em></li></ul><p><br /> <br /> <br /> </p><p>After enabling proxy-arp, the remote client can successfully reach all workstations in the local network behind the router.</p><p><br /> <br /> <br /> </p><p>MikroTik OpenVPN Server is now completely ready to accept OpenVPN client. So, we will now configure OpenVPN client in Windows Operating System.</p><p><br /> <br /> <br /> </p><h3 class="wp-block-heading">Part 2: OpenVPN Client configuration in Windows OS</h3><p><br /> <br /> <br /> </p><p>OpenVPN.net provides OpenVPN client software for all the operating systems. You can visit to <a href="https://openvpn.net/index.php/download/community-downloads.html" target="_blank" rel="noopener noreferrer">download page</a> and download your OpenVPN client that is matched with your system requirement. I am using Windows 7, 64-bit operating system. So, I have downloaded <strong>Installer (64-bit), Windows Vista and later</strong> package. At the time of this article, the OpenVPN client version was 2.3.18.</p><p><br /> <br /> <br /> </p><p>After downloading, install OpenVPN client in your operating system following the instruction. Installation process is as simple as installing other software in Windows operating system.</p><p><br /> <br /> <br /> </p><p>After OpenVPN client installation, go to configuration file location (by default: <em>C:Program FilesOpenVPNconfig</em> or <em>C:Program Files (x86)OpenVPNconfig</em> depending on your operating system) and follow my below steps to configure OpenVPN client.</p><p><br /> <br /> </p><div style="margin-bottom:15px;margin-top:15px" class="aicp"><script async="" src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"/>  <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-9968584289141188" data-ad-slot="9607722129" data-ad-format="auto" data-full-width-responsive="true"/> <script> (adsbygoogle = window.adsbygoogle || []).push({}); ]]></script></div><p><br /> <br /> <br /> </p><ul><li>Create a file having (.ovpn) extension (for example: client.ovpn) and copy and paste below property and its value in this file and then save your file.<div class="command"></p><p>#Template client.ovpnclient</p><p></p><p>dev tun</p><p></p><p>proto tcp-client</p><p></p><p>remote 192.168.30.2</p><p></p><p>port 1194</p><p></p><p>nobind</p><p></p><p>persist-key</p><p></p><p>persist-tun</p><p></p><p>tls-client</p><p></p><p>remote-cert-tls server</p><p></p><p>ca ca.crt</p><p></p><p>cert client.crt</p><p></p><p>key client.key</p><p></p><p>verb 4</p><p></p><p>mute 10</p><p></p><p>cipher AES-256-CBC</p><p></p><p>auth SHA1</p><p></p><p>auth-user-pass secret</p><p></p><p>auth-nocache</p><p></p></div><p></p><p>Here, change remote IP Address according to your MikroTik WAN IP.</p><p></li><li>Now copy and paste your exported CA and Client certificate files that you saved in your Desktop by dragging and dropping from MikroTik File List, in this location and rename CA file as ca.crt, client certificate file as client.crt and key file as client.key because we have used these names in our configuration file.</li><li>Create another file named <em>secret</em> (because we have put auth-user-pass file is secret) without any extension and put OpenVPN PPP username at first line and password in second line and then save this file.</li><li>Now run OpenVPN client software. You will find a new icon in your Taskbar or System tray like below image.<br /><figure><img data-lazyloaded="1" src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyMDciIGhlaWdodD0iMjU2IiB2aWV3Qm94PSIwIDAgMjA3IDI1NiI+PHJlY3Qgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgc3R5bGU9ImZpbGw6I2NmZDRkYjtmaWxsLW9wYWNpdHk6IDAuMTsiLz48L3N2Zz4=" loading="lazy" decoding="async" class="size-full wp-image-2086 aligncenter" data-src="https://readmag.ru/wp-content/uploads/2018/04/OpenVPN-client-icon.jpg" alt="OpenVPN client icon" width="207" height="256" data-srcset="https://readmag.ru/wp-content/uploads/2018/04/OpenVPN-client-icon.jpg 207w, https://readmag.ru/wp-content/uploads/2018/04/OpenVPN-client-icon-73x90.jpg 73w, https://readmag.ru/wp-content/uploads/2018/04/OpenVPN-client-icon-162x200.jpg 162w" data-sizes="(max-width: 207px) 100vw, 207px"/></figure><div/></li><li>Click mouse right button on this icon and then click Connect option. OpenVPN Connection window will appear and it will ask to put your client certificate password that you have entered at the time of client certificate exportation.</li></ul><p><br /> <br /> <br /> </p><p>If you put correct password and if everything is OK, your OpenVPN client will be connected and an OpenVPN tunnel will be created between OpenVPN client and server.To check your configuration, do a ping request to any remote network workstation or server. If everything is OK, your ping request will be success.</p><p><br /> <br /> <br /> </p><p>If you face any confusion to follow above steps properly, watch my video about <a href="https://youtu.be/6l1sYGLrlz0" target="_blank" rel="noopener noreferrer">MikroTik OpenVPN Server Configuration with Windows Client</a> carefully. I hope it will reduce your any confusion.</p><p><br /> <br /> </p><div style="position: relative;padding-bottom: 56.25%; padding-top: 25px;height: 0;margin:20px 0;"><br /> <iframe style="position: absolute;top: 0;left: 0; width: 100%; height: 100%;" src="https://www.youtube.com/embed/6l1sYGLrlz0" frameborder="0" allowfullscreen="allowfullscreen"/><br /> <a href="https://youtu.be/6l1sYGLrlz0" target="_blank" style="position:absolute; top:0; left:0; display:inline-block; width:100%; height:100%; z-index:5;" rel="noopener noreferrer"> </div><p><br /> <br /> <br /> </p><p><strong>MikroTik OpenVPN Server configuration with Windows Client</strong> has been explained in this article. I hope you will be able to configure your OpenVPN Server and Client if you follow the explanation carefully. However, if you face any confusion to follow above steps properly, feel free to discuss in comment or contact with me from <a href="https://systemzone.net/contact/" target="_blank" rel="noopener noreferrer">Contact</a> page. I will try my best to stay with you.</p><p><br /> <br /> </p><div class="date">2018-04-02T23:11:55</div><div id="name">MikroTik Router Tutorials & Guides</div><p><script data-no-optimize="1">!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).LazyLoad=e()}(this,function(){"use strict";function e(){return(e=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n,a=arguments[e];for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(t[n]=a[n])}return t}).apply(this,arguments)}function i(t){return e({},it,t)}function o(t,e){var n,a="LazyLoad::Initialized",i=new t(e);try{n=new CustomEvent(a,{detail:{instance:i}})}catch(t){(n=document.createEvent("CustomEvent")).initCustomEvent(a,!1,!1,{instance:i})}window.dispatchEvent(n)}function l(t,e){return t.getAttribute(gt+e)}function c(t){return l(t,bt)}function s(t,e){return function(t,e,n){e=gt+e;null!==n?t.setAttribute(e,n):t.removeAttribute(e)}(t,bt,e)}function r(t){return s(t,null),0}function u(t){return null===c(t)}function d(t){return c(t)===vt}function f(t,e,n,a){t&&(void 0===a?void 0===n?t(e):t(e,n):t(e,n,a))}function _(t,e){nt?t.classList.add(e):t.className+=(t.className?" ":"")+e}function v(t,e){nt?t.classList.remove(e):t.className=t.className.replace(new RegExp("(^|\\s+)"+e+"(\\s+|$)")," ").replace(/^\s+/,"").replace(/\s+$/,"")}function g(t){return t.llTempImage}function b(t,e){!e||(e=e._observer)&&e.unobserve(t)}function p(t,e){t&&(t.loadingCount+=e)}function h(t,e){t&&(t.toLoadCount=e)}function n(t){for(var e,n=[],a=0;e=t.children[a];a+=1)"SOURCE"===e.tagName&&n.push(e);return n}function m(t,e){(t=t.parentNode)&&"PICTURE"===t.tagName&&n(t).forEach(e)}function a(t,e){n(t).forEach(e)}function E(t){return!!t[st]}function I(t){return t[st]}function y(t){return delete t[st]}function A(e,t){var n;E(e)||(n={},t.forEach(function(t){n[t]=e.getAttribute(t)}),e[st]=n)}function k(a,t){var i;E(a)&&(i=I(a),t.forEach(function(t){var e,n;e=a,(t=i[n=t])?e.setAttribute(n,t):e.removeAttribute(n)}))}function L(t,e,n){_(t,e.class_loading),s(t,ut),n&&(p(n,1),f(e.callback_loading,t,n))}function w(t,e,n){n&&t.setAttribute(e,n)}function x(t,e){w(t,ct,l(t,e.data_sizes)),w(t,rt,l(t,e.data_srcset)),w(t,ot,l(t,e.data_src))}function O(t,e,n){var a=l(t,e.data_bg_multi),i=l(t,e.data_bg_multi_hidpi);(a=at&&i?i:a)&&(t.style.backgroundImage=a,n=n,_(t=t,(e=e).class_applied),s(t,ft),n&&(e.unobserve_completed&&b(t,e),f(e.callback_applied,t,n)))}function N(t,e){!e||0<e.loadingCount||0<e.toLoadCount||f(t.callback_finish,e)}function C(t,e,n){t.addEventListener(e,n),t.llEvLisnrs[e]=n}function M(t){return!!t.llEvLisnrs}function z(t){if(M(t)){var e,n,a=t.llEvLisnrs;for(e in a){var i=a[e];n=e,i=i,t.removeEventListener(n,i)}delete t.llEvLisnrs}}function R(t,e,n){var a;delete t.llTempImage,p(n,-1),(a=n)&&--a.toLoadCount,v(t,e.class_loading),e.unobserve_completed&&b(t,n)}function T(o,r,c){var l=g(o)||o;M(l)||function(t,e,n){M(t)||(t.llEvLisnrs={});var a="VIDEO"===t.tagName?"loadeddata":"load";C(t,a,e),C(t,"error",n)}(l,function(t){var e,n,a,i;n=r,a=c,i=d(e=o),R(e,n,a),_(e,n.class_loaded),s(e,dt),f(n.callback_loaded,e,a),i||N(n,a),z(l)},function(t){var e,n,a,i;n=r,a=c,i=d(e=o),R(e,n,a),_(e,n.class_error),s(e,_t),f(n.callback_error,e,a),i||N(n,a),z(l)})}function G(t,e,n){var a,i,o,r,c;t.llTempImage=document.createElement("IMG"),T(t,e,n),E(c=t)||(c[st]={backgroundImage:c.style.backgroundImage}),o=n,r=l(a=t,(i=e).data_bg),c=l(a,i.data_bg_hidpi),(r=at&&c?c:r)&&(a.style.backgroundImage='url("'.concat(r,'")'),g(a).setAttribute(ot,r),L(a,i,o)),O(t,e,n)}function D(t,e,n){var a;T(t,e,n),a=e,e=n,(t=It[(n=t).tagName])&&(t(n,a),L(n,a,e))}function V(t,e,n){var a;a=t,(-1<yt.indexOf(a.tagName)?D:G)(t,e,n)}function F(t,e,n){var a;t.setAttribute("loading","lazy"),T(t,e,n),a=e,(e=It[(n=t).tagName])&&e(n,a),s(t,vt)}function j(t){t.removeAttribute(ot),t.removeAttribute(rt),t.removeAttribute(ct)}function P(t){m(t,function(t){k(t,Et)}),k(t,Et)}function S(t){var e;(e=At[t.tagName])?e(t):E(e=t)&&(t=I(e),e.style.backgroundImage=t.backgroundImage)}function U(t,e){var n;S(t),n=e,u(e=t)||d(e)||(v(e,n.class_entered),v(e,n.class_exited),v(e,n.class_applied),v(e,n.class_loading),v(e,n.class_loaded),v(e,n.class_error)),r(t),y(t)}function $(t,e,n,a){var i;n.cancel_on_exit&&(c(t)!==ut||"IMG"===t.tagName&&(z(t),m(i=t,function(t){j(t)}),j(i),P(t),v(t,n.class_loading),p(a,-1),r(t),f(n.callback_cancel,t,e,a)))}function q(t,e,n,a){var i,o,r=(o=t,0<=pt.indexOf(c(o)));s(t,"entered"),_(t,n.class_entered),v(t,n.class_exited),i=t,o=a,n.unobserve_entered&&b(i,o),f(n.callback_enter,t,e,a),r||V(t,n,a)}function H(t){return t.use_native&&"loading"in HTMLImageElement.prototype}function B(t,i,o){t.forEach(function(t){return(a=t).isIntersecting||0<a.intersectionRatio?q(t.target,t,i,o):(e=t.target,n=t,a=i,t=o,void(u(e)||(_(e,a.class_exited),$(e,n,a,t),f(a.callback_exit,e,n,t))));var e,n,a})}function J(e,n){var t;et&&!H(e)&&(n._observer=new IntersectionObserver(function(t){B(t,e,n)},{root:(t=e).container===document?null:t.container,rootMargin:t.thresholds||t.threshold+"px"}))}function K(t){return Array.prototype.slice.call(t)}function Q(t){return t.container.querySelectorAll(t.elements_selector)}function W(t){return c(t)===_t}function X(t,e){return e=t||Q(e),K(e).filter(u)}function Y(e,t){var n;(n=Q(e),K(n).filter(W)).forEach(function(t){v(t,e.class_error),r(t)}),t.update()}function t(t,e){var n,a,t=i(t);this._settings=t,this.loadingCount=0,J(t,this),n=t,a=this,Z&&window.addEventListener("online",function(){Y(n,a)}),this.update(e)}var Z="undefined"!=typeof window,tt=Z&&!("onscroll"in window)||"undefined"!=typeof navigator&&/(gle|ing|ro)bot|crawl|spider/i.test(navigator.userAgent),et=Z&&"IntersectionObserver"in window,nt=Z&&"classList"in document.createElement("p"),at=Z&&1<window.devicePixelRatio,it={elements_selector:".lazy",container:tt||Z?document:null,threshold:300,thresholds:null,data_src:"src",data_srcset:"srcset",data_sizes:"sizes",data_bg:"bg",data_bg_hidpi:"bg-hidpi",data_bg_multi:"bg-multi",data_bg_multi_hidpi:"bg-multi-hidpi",data_poster:"poster",class_applied:"applied",class_loading:"litespeed-loading",class_loaded:"litespeed-loaded",class_error:"error",class_entered:"entered",class_exited:"exited",unobserve_completed:!0,unobserve_entered:!1,cancel_on_exit:!0,callback_enter:null,callback_exit:null,callback_applied:null,callback_loading:null,callback_loaded:null,callback_error:null,callback_finish:null,callback_cancel:null,use_native:!1},ot="src",rt="srcset",ct="sizes",lt="poster",st="llOriginalAttrs",ut="loading",dt="loaded",ft="applied",_t="error",vt="native",gt="data-",bt="ll-status",pt=[ut,dt,ft,_t],ht=[ot],mt=[ot,lt],Et=[ot,rt,ct],It={IMG:function(t,e){m(t,function(t){A(t,Et),x(t,e)}),A(t,Et),x(t,e)},IFRAME:function(t,e){A(t,ht),w(t,ot,l(t,e.data_src))},VIDEO:function(t,e){a(t,function(t){A(t,ht),w(t,ot,l(t,e.data_src))}),A(t,mt),w(t,lt,l(t,e.data_poster)),w(t,ot,l(t,e.data_src)),t.load()}},yt=["IMG","IFRAME","VIDEO"],At={IMG:P,IFRAME:function(t){k(t,ht)},VIDEO:function(t){a(t,function(t){k(t,ht)}),k(t,mt),t.load()}},kt=["IMG","IFRAME","VIDEO"];return t.prototype={update:function(t){var e,n,a,i=this._settings,o=X(t,i);{if(h(this,o.length),!tt&&et)return H(i)?(e=i,n=this,o.forEach(function(t){-1!==kt.indexOf(t.tagName)&&F(t,e,n)}),void h(n,0)):(t=this._observer,i=o,t.disconnect(),a=t,void i.forEach(function(t){a.observe(t)}));this.loadAll(o)}},destroy:function(){this._observer&&this._observer.disconnect(),Q(this._settings).forEach(function(t){y(t)}),delete this._observer,delete this._settings,delete this.loadingCount,delete this.toLoadCount},loadAll:function(t){var e=this,n=this._settings;X(t,n).forEach(function(t){b(t,e),V(t,n,e)})},restoreAll:function(){var e=this._settings;Q(e).forEach(function(t){U(t,e)})}},t.load=function(t,e){e=i(e);V(t,e)},t.resetStatus=function(t){r(t)},Z&&function(t,e){if(e)if(e.length)for(var n,a=0;n=e[a];a+=1)o(t,n);else o(t,e)}(t,window.lazyLoadOptions),t});!function(e,t){"use strict";function a(){t.body.classList.add("litespeed_lazyloaded")}function n(){console.log("[LiteSpeed] Start Lazy Load Images"),d=new LazyLoad({elements_selector:"[data-lazyloaded]",callback_finish:a}),o=function(){d.update()},e.MutationObserver&&new MutationObserver(o).observe(t.documentElement,{childList:!0,subtree:!0,attributes:!0})}var d,o;e.addEventListener?e.addEventListener("load",n,!1):e.attachEvent("onload",n)}(window,document);</script><script data-optimized="1" type="litespeed/javascript" data-src="https://readmag.ru/wp-content/litespeed/js/4500e12d47122e2e7251a4a42085ff7c.js?ver=b5696"></script><script>const litespeed_ui_events=["mouseover","click","keydown","wheel","touchmove","touchstart"];var urlCreator=window.URL||window.webkitURL;function litespeed_load_delayed_js_force(){console.log("[LiteSpeed] Start Load JS Delayed"),litespeed_ui_events.forEach(e=>{window.removeEventListener(e,litespeed_load_delayed_js_force,{passive:!0})}),document.querySelectorAll("iframe[data-litespeed-src]").forEach(e=>{e.setAttribute("src",e.getAttribute("data-litespeed-src"))}),"loading"==document.readyState?window.addEventListener("DOMContentLoaded",litespeed_load_delayed_js):litespeed_load_delayed_js()}litespeed_ui_events.forEach(e=>{window.addEventListener(e,litespeed_load_delayed_js_force,{passive:!0})});async function litespeed_load_delayed_js(){let t=[];for(var d in document.querySelectorAll('script[type="litespeed/javascript"]').forEach(e=>{t.push(e)}),t)await new Promise(e=>litespeed_load_one(t[d],e));document.dispatchEvent(new Event("DOMContentLiteSpeedLoaded")),window.dispatchEvent(new Event("DOMContentLiteSpeedLoaded"))}function litespeed_load_one(t,e){console.log("[LiteSpeed] Load ",t);var d=document.createElement("script");d.addEventListener("load",e),d.addEventListener("error",e),t.getAttributeNames().forEach(e=>{"type"!=e&&d.setAttribute("data-src"==e?"src":e,t.getAttribute(e))});let a=!(d.type="text/javascript");!d.src&&t.textContent&&(d.src=litespeed_inline2src(t.textContent),a=!0),t.after(d),t.remove(),a&&e()}function litespeed_inline2src(t){try{var d=urlCreator.createObjectURL(new Blob([t.replace(/^(?:)?$/gm,"$1")],{type:"text/javascript"}))}catch(e){d="data:text/javascript;base64,"+btoa(t.replace(/^(?:)?$/gm,"$1"))}return d}</script></body></p></div><footer class="entry-meta"> Опубликованно в разделе <a href="https://readmag.ru/category/post" rel="category tag">Публикации</a> прикрепленные теги <a href="https://readmag.ru/tag/mikrotik" rel="tag">Mikrotik</a>, <a href="https://readmag.ru/tag/mikrotik-router-tutorials-guides" rel="tag">MikroTik Router Tutorials & Guides</a>, <a href="https://readmag.ru/tag/openvpn" rel="tag">openvpn</a> Дата публикации <a href="https://readmag.ru/post/mikrotik-openvpn-setup-with-windows-client.html" title="11:11 пп" rel="bookmark"><time class="entry-date" datetime="2018-04-02T23:11:55+04:00">2 апреля, 2018</time></a><span class="by-author"> автор: <span class="author vcard"><a class="url fn n" href="https://readmag.ru/author/admin" title="Посмотреть все записи автора admin" rel="author">admin</a></span></span>.</footer></article><article id="post-69258" class="post-69258 post type-post status-publish format-standard hentry category-post tag-mikrotik tag-openvpn tag-vpn"><header class="entry-header"><h1 class="entry-title"> <a href="https://readmag.ru/post/nastrojka-openvpn-client-na-mikrotik-s-zamenoj-shlyuza.html" rel="bookmark">Настройка openvpn client на mikrotik с заменой шлюза</a></h1></header><div class="entry-content"><p style="text-align: justify;">Мне понадобилось использовать роутер mikrotik в качестве клиента openvpn с заменой шлюза по-умолчанию на сервер openvpn. Проще говоря мне нужно было скрыть весь трафик и направить его только через vpn сервер. В openvpn это реализуется очень просто, достаточно на сервере указать для конкретного пользователя параметр redirect-gateway def1. На клиенте под windows это без проблем работает. В микротике пришлось разбираться.</p><p> <a href="https://readmag.ru/post/nastrojka-openvpn-client-na-mikrotik-s-zamenoj-shlyuza.html#more-69258" class="more-link">Читать <span class="meta-nav">→</span></a></p></div><footer class="entry-meta"> Опубликованно в разделе <a href="https://readmag.ru/category/post" rel="category tag">Публикации</a> прикрепленные теги <a href="https://readmag.ru/tag/mikrotik" rel="tag">Mikrotik</a>, <a href="https://readmag.ru/tag/openvpn" rel="tag">openvpn</a>, <a href="https://readmag.ru/tag/vpn" rel="tag">VPN</a> Дата публикации <a href="https://readmag.ru/post/nastrojka-openvpn-client-na-mikrotik-s-zamenoj-shlyuza.html" title="11:12 пп" rel="bookmark"><time class="entry-date" datetime="2016-08-01T23:12:43+04:00">1 августа, 2016</time></a><span class="by-author"> автор: <span class="author vcard"><a class="url fn n" href="https://readmag.ru/author/admin" title="Посмотреть все записи автора admin" rel="author">admin</a></span></span>.</footer></article><article id="post-1239178" class="post-1239178 post type-post status-publish format-standard hentry category-linux tag-crimea-karro tag-debian tag-it-service tag-linux tag-openvpn tag-system tag-ubuntu"><header class="entry-header"><h1 class="entry-title"> <a href="https://readmag.ru/linux/openvpn-set-firewall-ufw-ubuntu-gnu-linux.html" rel="bookmark">openVPN / Set Firewall (ufw) / Ubuntu GNU-Linux</a></h1></header><div class="entry-content"><div dir="ltr" style="text-align: left;" trbidi="on">Настройка Firewall (ufw), при использовании openVPN…<br />Симптомы, медленное подключение, задержки при обращении к DNS серверам.</p><p>***</p><p>Для начала разрешим SSH:</p><p><span style="background-color: #b6d7a8;">$ ufw allow ssh</span></p><p>Разрешим UDP:</p><p><span style="background-color: #b6d7a8;">$ ufw allow 1194/udp</span></p><p>Правим правила перенаправления:</p><p><span style="background-color: #b6d7a8;">$ nano /etc/default/ufw</span></p><p><span style="background-color: #9fc5e8;">DEFAULT_FORWARD_POLICY=»ACCEPT»</span></p><p>Правим правила трансляции IP:</p><p><span style="background-color: #b6d7a8;">$ nano /etc/ufw/before.rules</span></p><p># rules.before<br />#<br /># Rules that should be run before the ufw command line added rules. Custom<br /># rules should be added to one of these chains:<br /># ufw-before-input<br /># ufw-before-output<br /># ufw-before-forward<br />#</p><p># START OPENVPN RULES<br /># NAT table rules<br /><span style="background-color: #cfe2f3;">*nat</span><br /><span style="background-color: #cfe2f3;">:POSTROUTING ACCEPT [0:0] </span><br /><span style="background-color: #cfe2f3;"># Allow traffic from OpenVPN client to eth0</span><br /><span style="background-color: #cfe2f3;">-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE</span><br /><span style="background-color: #cfe2f3;">COMMIT</span><br /># END OPENVPN RULES</p><p>Проверка статуса Firewall (ufw):</p><p><span style="background-color: #b6d7a8;">$ ufw status</span></p><p></div><p>Автор: AugustuS Karro<br /> Дата публикации: 2015-07-06T09:34:00.000+07:00</p></div><footer class="entry-meta"> Опубликованно в разделе <a href="https://readmag.ru/category/linux" rel="category tag">Linux</a> прикрепленные теги <a href="https://readmag.ru/tag/crimea-karro" rel="tag">Crimea-Karro</a>, <a href="https://readmag.ru/tag/debian" rel="tag">Debian</a>, <a href="https://readmag.ru/tag/it-service" rel="tag">IT-Service</a>, <a href="https://readmag.ru/tag/linux" rel="tag">Linux</a>, <a href="https://readmag.ru/tag/openvpn" rel="tag">openvpn</a>, <a href="https://readmag.ru/tag/system" rel="tag">System</a>, <a href="https://readmag.ru/tag/ubuntu" rel="tag">Ubuntu</a> Дата публикации <a href="https://readmag.ru/linux/openvpn-set-firewall-ufw-ubuntu-gnu-linux.html" title="2:34 дп" rel="bookmark"><time class="entry-date" datetime="2015-07-06T02:34:00+04:00">6 июля, 2015</time></a><span class="by-author"> автор: <span class="author vcard"><a class="url fn n" href="https://readmag.ru/author/admin" title="Посмотреть все записи автора admin" rel="author">admin</a></span></span>.</footer></article><nav id="nav-below" class="navigation" role="navigation"><h3 class="assistive-text">Навигация по записям</h3><div class='wp-pagenavi' role='navigation'> <span class='pages'>Страница 4 из 4</span><a class="previouspostslink" rel="prev" aria-label="Предыдущая страница" href="https://readmag.ru/tag/openvpn/page/3">«</a><a class="page smaller" title="Страница 1" href="https://readmag.ru/tag/openvpn">1</a><a class="page smaller" title="Страница 2" href="https://readmag.ru/tag/openvpn/page/2">2</a><a class="page smaller" title="Страница 3" href="https://readmag.ru/tag/openvpn/page/3">3</a><span aria-current='page' class='current'>4</span></div></nav></div></section><div id="secondary" class="widget-area" role="complementary"><aside id="search-2" class="widget widget_search"><h3 class="widget-title">Поиск по сайту</h3><form role="search" method="get" id="searchform" class="searchform" action="https://readmag.ru/"><div> <label class="screen-reader-text" for="s">Найти:</label> <input type="text" value="" name="s" id="s" /> <input type="submit" id="searchsubmit" value="Поиск" /></div></form></aside><aside id="block-31" class="widget widget_block"><ul><li>Здесь собраны не только инструкции по установке и настройке программного обеспечения, но и полезные советы по решению самых распространенных проблем, с которыми могут столкнуться даже опытные пользователи. Основная цель нашего сайта - публикация обучающего материала IT-тематики как для опытных пользователей так и для "чайников". Мы очень стараемся подать качественный и супер-полезный контент для всех пользователей, независимо от уровня владения ПК: советы, инструкции, статьи.</li><li></li></ul></aside><aside id="rss-4" class="widget widget_rss"><h3 class="widget-title"><a class="rsswidget rss-widget-feed" href="https://readmag.ru/tag/linux/feed"><img data-lazyloaded="1" src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNCIgaGVpZ2h0PSIxNCIgdmlld0JveD0iMCAwIDE0IDE0Ij48cmVjdCB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzdHlsZT0iZmlsbDojY2ZkNGRiO2ZpbGwtb3BhY2l0eTogMC4xOyIvPjwvc3ZnPg==" class="rss-widget-icon" style="border:0" width="14" height="14" data-src="https://readmag.ru/wp-includes/images/rss.png" alt="RSS" loading="lazy" /></a> <a class="rsswidget rss-widget-title" href="https://readmag.ru/">Linux — подборка статей</a></h3><ul><li><a class='rsswidget' href='https://readmag.ru/linux/kak-najti-spisok-populyarnyh-ip-adresov-obrashhayushhihsya-k-apache-ili-nginx.html'>Как найти список популярных IP-адресов, обращающихся к Apache или Nginx</a></li><li><a class='rsswidget' href='https://readmag.ru/books/izuchaem-kali-linux-proverka-zashhity-testirovanie-na-proniknovenie-etichnyj-haking-2025-rik-messe.html'>Изучаем Kali Linux. Проверка защиты, тестирование на проникновение, этичный хакинг [2025] Рик Мессье</a></li><li><a class='rsswidget' href='https://readmag.ru/linux/kak-bekapit-iz-linux-na-yandeks-disk.html'>Как бэкапить из Linux на Яндекс.Диск</a></li><li><a class='rsswidget' href='https://readmag.ru/linux/vytaskivaem-hesh-parolej-iz-active-directory.html'>Вытаскиваем хэш паролей из Active Directory</a></li><li><a class='rsswidget' href='https://readmag.ru/post/chto-takoe-linux-vps-hosting.html'>Что такое Linux VPS хостинг?</a></li></ul></aside><aside id="text-3" class="widget widget_text"><h3 class="widget-title">FirstVDS — Недорогой Сервер для вашего сайта</h3><div class="textwidget"><script type="litespeed/javascript">(function(d,w){var n=d.getElementsByTagName("script")[0],s=d.createElement("script"),f=function(){n.parentNode.insertBefore(s,n)};s.type="text/javascript";s.async=!0;s.src="https://morp.firstvds.ru/v2019/get-wrapper?divID=fvds-partner-banner&clientID=67560&width=300&height=250";if(w.opera=="[object Opera]"){d.addEventListener("DOMContentLiteSpeedLoaded",f,!1)}else{f()}})(document,window)</script> <div id='fvds-partner-banner' style='width: 250px; height: 250px;'></div></div></aside><aside id="rss-6" class="widget widget_rss"><h3 class="widget-title"><a class="rsswidget rss-widget-feed" href="https://readmag.ru/tag/windows/feed"><img data-lazyloaded="1" src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNCIgaGVpZ2h0PSIxNCIgdmlld0JveD0iMCAwIDE0IDE0Ij48cmVjdCB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIiBzdHlsZT0iZmlsbDojY2ZkNGRiO2ZpbGwtb3BhY2l0eTogMC4xOyIvPjwvc3ZnPg==" class="rss-widget-icon" style="border:0" width="14" height="14" data-src="https://readmag.ru/wp-includes/images/rss.png" alt="RSS" loading="lazy" /></a> <a class="rsswidget rss-widget-title" href="https://readmag.ru/">Windows — подборка статей</a></h3><ul><li><a class='rsswidget' href='https://readmag.ru/windows/kak-ispravit-oshibku-ssd-rezhim-tolko-dlya-chteniya-v-windows-11.html'>Как исправить ошибку SSD — режим только для чтения в Windows 11</a></li><li><a class='rsswidget' href='https://readmag.ru/windows/6-osnovnyh-ispravlenij-oshibki-ustanovki-windows-my-ne-smogli-sozdat-novyj-razdel.html'>6 основных исправлений ошибки установки Windows «Мы не смогли создать новый раздел»</a></li><li><a class='rsswidget' href='https://readmag.ru/windows/kak-udalit-otdelnye-tochki-vosstanovleniya-v-windows-10.html'>Как удалить отдельные точки восстановления в Windows 10</a></li><li><a class='rsswidget' href='https://readmag.ru/windows/kak-poluchit-oczenku-proizvoditelnosti-kompyutera-v-windows-11.html'>Как получить оценку производительности компьютера в Windows 11</a></li><li><a class='rsswidget' href='https://readmag.ru/linux/vytaskivaem-hesh-parolej-iz-active-directory.html'>Вытаскиваем хэш паролей из Active Directory</a></li></ul></aside><aside id="block-6" class="widget widget_block">Bybit – ведущая биржа криптовалют, которой доверяют более 50 млн пользователей по всему миру.     <a href="https://www.bybit.com/invite?ref=MOLZAAV" rel="noindex" target="_blank"><img data-lazyloaded="1" src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzNzIiIGhlaWdodD0iMzcxIiB2aWV3Qm94PSIwIDAgMzcyIDM3MSI+PHJlY3Qgd2lkdGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgc3R5bGU9ImZpbGw6I2NmZDRkYjtmaWxsLW9wYWNpdHk6IDAuMTsiLz48L3N2Zz4=" width="372" height="371" decoding="async" data-src="https://readmag.ru/wp-content/uploads/2025/07/bybit-promo.jpg"></a></aside><aside id="archives-3" class="widget widget_archive"><h3 class="widget-title">Архив</h3> <label class="screen-reader-text" for="archives-dropdown-3">Архив</label> <select id="archives-dropdown-3" name="archive-dropdown"><option value="">Выберите месяц</option><option value='https://readmag.ru/2025/12'> Декабрь 2025  (7)</option><option value='https://readmag.ru/2025/11'> Ноябрь 2025  (50)</option><option value='https://readmag.ru/2025/10'> Октябрь 2025  (66)</option><option value='https://readmag.ru/2025/09'> Сентябрь 2025  (119)</option><option value='https://readmag.ru/2025/08'> Август 2025  (37)</option><option value='https://readmag.ru/2025/07'> Июль 2025  (44)</option><option value='https://readmag.ru/2025/06'> Июнь 2025  (55)</option><option value='https://readmag.ru/2025/05'> Май 2025  (37)</option><option value='https://readmag.ru/2025/04'> Апрель 2025  (2)</option><option value='https://readmag.ru/2025/02'> Февраль 2025  (10)</option><option value='https://readmag.ru/2025/01'> Январь 2025  (24)</option><option value='https://readmag.ru/2024/12'> Декабрь 2024  (10)</option><option value='https://readmag.ru/2024/11'> Ноябрь 2024  (11)</option><option value='https://readmag.ru/2024/10'> Октябрь 2024  (15)</option><option value='https://readmag.ru/2024/09'> Сентябрь 2024  (30)</option><option value='https://readmag.ru/2024/08'> Август 2024  (38)</option><option value='https://readmag.ru/2024/07'> Июль 2024  (36)</option><option value='https://readmag.ru/2024/06'> Июнь 2024  (5)</option><option value='https://readmag.ru/2024/05'> Май 2024  (32)</option><option value='https://readmag.ru/2024/04'> Апрель 2024  (228)</option><option value='https://readmag.ru/2024/03'> Март 2024  (354)</option><option value='https://readmag.ru/2024/02'> Февраль 2024  (370)</option><option value='https://readmag.ru/2024/01'> Январь 2024  (219)</option><option value='https://readmag.ru/2023/12'> Декабрь 2023  (124)</option><option value='https://readmag.ru/2023/11'> Ноябрь 2023  (135)</option><option value='https://readmag.ru/2023/10'> Октябрь 2023  (115)</option><option value='https://readmag.ru/2023/09'> Сентябрь 2023  (123)</option><option value='https://readmag.ru/2023/08'> Август 2023  (85)</option><option value='https://readmag.ru/2023/07'> Июль 2023  (66)</option><option value='https://readmag.ru/2023/06'> Июнь 2023  (71)</option><option value='https://readmag.ru/2023/05'> Май 2023  (90)</option><option value='https://readmag.ru/2023/04'> Апрель 2023  (116)</option><option value='https://readmag.ru/2023/03'> Март 2023  (64)</option><option value='https://readmag.ru/2023/02'> Февраль 2023  (75)</option><option value='https://readmag.ru/2023/01'> Январь 2023  (101)</option><option value='https://readmag.ru/2022/12'> Декабрь 2022  (66)</option><option value='https://readmag.ru/2022/11'> Ноябрь 2022  (59)</option><option value='https://readmag.ru/2022/10'> Октябрь 2022  (74)</option><option value='https://readmag.ru/2022/09'> Сентябрь 2022  (74)</option><option value='https://readmag.ru/2022/08'> Август 2022  (59)</option><option value='https://readmag.ru/2022/07'> Июль 2022  (58)</option><option value='https://readmag.ru/2022/06'> Июнь 2022  (70)</option><option value='https://readmag.ru/2022/05'> Май 2022  (94)</option><option value='https://readmag.ru/2022/04'> Апрель 2022  (81)</option><option value='https://readmag.ru/2022/03'> Март 2022  (38)</option><option value='https://readmag.ru/2022/02'> Февраль 2022  (38)</option><option value='https://readmag.ru/2022/01'> Январь 2022  (71)</option><option value='https://readmag.ru/2021/12'> Декабрь 2021  (70)</option><option value='https://readmag.ru/2021/11'> Ноябрь 2021  (65)</option><option value='https://readmag.ru/2021/10'> Октябрь 2021  (43)</option><option value='https://readmag.ru/2021/09'> Сентябрь 2021  (58)</option><option value='https://readmag.ru/2021/08'> Август 2021  (99)</option><option value='https://readmag.ru/2021/07'> Июль 2021  (52)</option><option value='https://readmag.ru/2021/06'> Июнь 2021  (39)</option><option value='https://readmag.ru/2021/05'> Май 2021  (47)</option><option value='https://readmag.ru/2021/04'> Апрель 2021  (62)</option><option value='https://readmag.ru/2021/03'> Март 2021  (126)</option><option value='https://readmag.ru/2021/02'> Февраль 2021  (53)</option><option value='https://readmag.ru/2021/01'> Январь 2021  (71)</option><option value='https://readmag.ru/2020/12'> Декабрь 2020  (123)</option><option value='https://readmag.ru/2020/11'> Ноябрь 2020  (98)</option><option value='https://readmag.ru/2020/10'> Октябрь 2020  (66)</option><option value='https://readmag.ru/2020/09'> Сентябрь 2020  (53)</option><option value='https://readmag.ru/2020/08'> Август 2020  (55)</option><option value='https://readmag.ru/2020/07'> Июль 2020  (101)</option><option value='https://readmag.ru/2020/06'> Июнь 2020  (99)</option><option value='https://readmag.ru/2020/05'> Май 2020  (123)</option><option value='https://readmag.ru/2020/04'> Апрель 2020  (66)</option><option value='https://readmag.ru/2020/03'> Март 2020  (56)</option><option value='https://readmag.ru/2020/02'> Февраль 2020  (62)</option><option value='https://readmag.ru/2020/01'> Январь 2020  (43)</option><option value='https://readmag.ru/2019/12'> Декабрь 2019  (57)</option><option value='https://readmag.ru/2019/11'> Ноябрь 2019  (65)</option><option value='https://readmag.ru/2019/10'> Октябрь 2019  (88)</option><option value='https://readmag.ru/2019/09'> Сентябрь 2019  (84)</option><option value='https://readmag.ru/2019/08'> Август 2019  (72)</option><option value='https://readmag.ru/2019/07'> Июль 2019  (168)</option><option value='https://readmag.ru/2019/06'> Июнь 2019  (92)</option><option value='https://readmag.ru/2019/05'> Май 2019  (141)</option><option value='https://readmag.ru/2019/04'> Апрель 2019  (112)</option><option value='https://readmag.ru/2019/03'> Март 2019  (147)</option><option value='https://readmag.ru/2019/02'> Февраль 2019  (81)</option><option value='https://readmag.ru/2019/01'> Январь 2019  (97)</option><option value='https://readmag.ru/2018/12'> Декабрь 2018  (78)</option><option value='https://readmag.ru/2018/11'> Ноябрь 2018  (68)</option><option value='https://readmag.ru/2018/10'> Октябрь 2018  (94)</option><option value='https://readmag.ru/2018/09'> Сентябрь 2018  (60)</option><option value='https://readmag.ru/2018/08'> Август 2018  (33)</option><option value='https://readmag.ru/2018/07'> Июль 2018  (59)</option><option value='https://readmag.ru/2018/06'> Июнь 2018  (42)</option><option value='https://readmag.ru/2018/05'> Май 2018  (76)</option><option value='https://readmag.ru/2018/04'> Апрель 2018  (408)</option><option value='https://readmag.ru/2018/03'> Март 2018  (456)</option><option value='https://readmag.ru/2018/02'> Февраль 2018  (1558)</option><option value='https://readmag.ru/2018/01'> Январь 2018  (416)</option><option value='https://readmag.ru/2017/12'> Декабрь 2017  (163)</option><option value='https://readmag.ru/2017/11'> Ноябрь 2017  (181)</option><option value='https://readmag.ru/2017/10'> Октябрь 2017  (87)</option><option value='https://readmag.ru/2017/09'> Сентябрь 2017  (71)</option><option value='https://readmag.ru/2017/08'> Август 2017  (94)</option><option value='https://readmag.ru/2017/07'> Июль 2017  (101)</option><option value='https://readmag.ru/2017/06'> Июнь 2017  (67)</option><option value='https://readmag.ru/2017/05'> Май 2017  (73)</option><option value='https://readmag.ru/2017/04'> Апрель 2017  (119)</option><option value='https://readmag.ru/2017/03'> Март 2017  (122)</option><option value='https://readmag.ru/2017/02'> Февраль 2017  (104)</option><option value='https://readmag.ru/2017/01'> Январь 2017  (120)</option><option value='https://readmag.ru/2016/12'> Декабрь 2016  (142)</option><option value='https://readmag.ru/2016/11'> Ноябрь 2016  (116)</option><option value='https://readmag.ru/2016/10'> Октябрь 2016  (118)</option><option value='https://readmag.ru/2016/09'> Сентябрь 2016  (139)</option><option value='https://readmag.ru/2016/08'> Август 2016  (70)</option><option value='https://readmag.ru/2016/07'> Июль 2016  (86)</option><option value='https://readmag.ru/2016/06'> Июнь 2016  (44)</option><option value='https://readmag.ru/2016/05'> Май 2016  (59)</option><option value='https://readmag.ru/2016/04'> Апрель 2016  (55)</option><option value='https://readmag.ru/2016/03'> Март 2016  (72)</option><option value='https://readmag.ru/2016/02'> Февраль 2016  (134)</option><option value='https://readmag.ru/2016/01'> Январь 2016  (104)</option><option value='https://readmag.ru/2015/12'> Декабрь 2015  (60)</option><option value='https://readmag.ru/2015/11'> Ноябрь 2015  (74)</option><option value='https://readmag.ru/2015/10'> Октябрь 2015  (93)</option><option value='https://readmag.ru/2015/09'> Сентябрь 2015  (90)</option><option value='https://readmag.ru/2015/08'> Август 2015  (90)</option><option value='https://readmag.ru/2015/07'> Июль 2015  (94)</option><option value='https://readmag.ru/2015/06'> Июнь 2015  (96)</option><option value='https://readmag.ru/2015/05'> Май 2015  (59)</option><option value='https://readmag.ru/2015/04'> Апрель 2015  (60)</option><option value='https://readmag.ru/2015/03'> Март 2015  (89)</option><option value='https://readmag.ru/2015/02'> Февраль 2015  (47)</option><option value='https://readmag.ru/2015/01'> Январь 2015  (79)</option><option value='https://readmag.ru/2014/12'> Декабрь 2014  (56)</option><option value='https://readmag.ru/2014/11'> Ноябрь 2014  (100)</option><option value='https://readmag.ru/2014/10'> Октябрь 2014  (85)</option><option value='https://readmag.ru/2014/09'> Сентябрь 2014  (51)</option><option value='https://readmag.ru/2014/08'> Август 2014  (70)</option><option value='https://readmag.ru/2014/07'> Июль 2014  (69)</option><option value='https://readmag.ru/2014/06'> Июнь 2014  (92)</option><option value='https://readmag.ru/2014/05'> Май 2014  (54)</option><option value='https://readmag.ru/2014/04'> Апрель 2014  (59)</option><option value='https://readmag.ru/2014/03'> Март 2014  (66)</option><option value='https://readmag.ru/2014/02'> Февраль 2014  (51)</option><option value='https://readmag.ru/2014/01'> Январь 2014  (89)</option><option value='https://readmag.ru/2013/12'> Декабрь 2013  (79)</option><option value='https://readmag.ru/2013/11'> Ноябрь 2013  (54)</option><option value='https://readmag.ru/2013/10'> Октябрь 2013  (39)</option><option value='https://readmag.ru/2013/09'> Сентябрь 2013  (46)</option><option value='https://readmag.ru/2013/08'> Август 2013  (44)</option><option value='https://readmag.ru/2013/07'> Июль 2013  (64)</option><option value='https://readmag.ru/2013/06'> Июнь 2013  (60)</option><option value='https://readmag.ru/2013/05'> Май 2013  (77)</option><option value='https://readmag.ru/2013/04'> Апрель 2013  (278)</option><option value='https://readmag.ru/2013/03'> Март 2013  (253)</option><option value='https://readmag.ru/2013/02'> Февраль 2013  (73)</option><option value='https://readmag.ru/2013/01'> Январь 2013  (88)</option><option value='https://readmag.ru/2012/12'> Декабрь 2012  (68)</option><option value='https://readmag.ru/2012/11'> Ноябрь 2012  (86)</option><option value='https://readmag.ru/2012/10'> Октябрь 2012  (72)</option><option value='https://readmag.ru/2012/09'> Сентябрь 2012  (69)</option><option value='https://readmag.ru/2012/08'> Август 2012  (115)</option><option value='https://readmag.ru/2012/07'> Июль 2012  (62)</option><option value='https://readmag.ru/2012/06'> Июнь 2012  (58)</option><option value='https://readmag.ru/2012/05'> Май 2012  (51)</option><option value='https://readmag.ru/2012/04'> Апрель 2012  (71)</option><option value='https://readmag.ru/2012/03'> Март 2012  (102)</option><option value='https://readmag.ru/2012/02'> Февраль 2012  (84)</option><option value='https://readmag.ru/2012/01'> Январь 2012  (76)</option><option value='https://readmag.ru/2011/12'> Декабрь 2011  (105)</option><option value='https://readmag.ru/2011/11'> Ноябрь 2011  (88)</option><option value='https://readmag.ru/2011/10'> Октябрь 2011  (93)</option><option value='https://readmag.ru/2011/09'> Сентябрь 2011  (56)</option><option value='https://readmag.ru/2011/08'> Август 2011  (91)</option><option value='https://readmag.ru/2011/07'> Июль 2011  (47)</option><option value='https://readmag.ru/2011/06'> Июнь 2011  (32)</option><option value='https://readmag.ru/2011/05'> Май 2011  (28)</option><option value='https://readmag.ru/2011/04'> Апрель 2011  (50)</option><option value='https://readmag.ru/2011/03'> Март 2011  (76)</option><option value='https://readmag.ru/2011/02'> Февраль 2011  (93)</option><option value='https://readmag.ru/2011/01'> Январь 2011  (215)</option><option value='https://readmag.ru/2010/12'> Декабрь 2010  (214)</option><option value='https://readmag.ru/2010/11'> Ноябрь 2010  (87)</option><option value='https://readmag.ru/2010/10'> Октябрь 2010  (88)</option><option value='https://readmag.ru/2010/09'> Сентябрь 2010  (142)</option><option value='https://readmag.ru/2010/08'> Август 2010  (117)</option><option value='https://readmag.ru/2010/07'> Июль 2010  (113)</option><option value='https://readmag.ru/2010/06'> Июнь 2010  (164)</option><option value='https://readmag.ru/2010/05'> Май 2010  (144)</option><option value='https://readmag.ru/2010/04'> Апрель 2010  (202)</option><option value='https://readmag.ru/2010/03'> Март 2010  (161)</option><option value='https://readmag.ru/2010/02'> Февраль 2010  (119)</option><option value='https://readmag.ru/2010/01'> Январь 2010  (99)</option><option value='https://readmag.ru/2009/12'> Декабрь 2009  (136)</option><option value='https://readmag.ru/2009/11'> Ноябрь 2009  (140)</option><option value='https://readmag.ru/2009/10'> Октябрь 2009  (141)</option><option value='https://readmag.ru/2009/09'> Сентябрь 2009  (135)</option><option value='https://readmag.ru/2009/08'> Август 2009  (109)</option><option value='https://readmag.ru/2009/07'> Июль 2009  (100)</option><option value='https://readmag.ru/2009/06'> Июнь 2009  (19)</option><option value='https://readmag.ru/2009/05'> Май 2009  (10)</option><option value='https://readmag.ru/2009/04'> Апрель 2009  (14)</option><option value='https://readmag.ru/2009/03'> Март 2009  (22)</option><option value='https://readmag.ru/2009/02'> Февраль 2009  (16)</option><option value='https://readmag.ru/2009/01'> Январь 2009  (30)</option><option value='https://readmag.ru/2008/12'> Декабрь 2008  (45)</option><option value='https://readmag.ru/2008/11'> Ноябрь 2008  (27)</option><option value='https://readmag.ru/2008/10'> Октябрь 2008  (18)</option><option value='https://readmag.ru/2008/09'> Сентябрь 2008  (16)</option><option value='https://readmag.ru/2008/08'> Август 2008  (18)</option><option value='https://readmag.ru/2008/07'> Июль 2008  (27)</option><option value='https://readmag.ru/2008/06'> Июнь 2008  (35)</option><option value='https://readmag.ru/2008/05'> Май 2008  (39)</option><option value='https://readmag.ru/2006/12'> Декабрь 2006  (7)</option><option value='https://readmag.ru/2006/11'> Ноябрь 2006  (10)</option><option value='https://readmag.ru/2006/10'> Октябрь 2006  (10)</option><option value='https://readmag.ru/2006/09'> Сентябрь 2006  (11)</option><option value='https://readmag.ru/2006/08'> Август 2006  (13)</option><option value='https://readmag.ru/2006/07'> Июль 2006  (8)</option><option value='https://readmag.ru/2006/03'> Март 2006  (1)</option><option value='https://readmag.ru/2006/01'> Январь 2006  (5)</option></select> <script type="litespeed/javascript">(function(){var dropdown=document.getElementById("archives-dropdown-3");function onSelectChange(){if(dropdown.options[dropdown.selectedIndex].value!==''){document.location.href=this.options[this.selectedIndex].value}} dropdown.onchange=onSelectChange})()</script> </aside><aside id="search-3" class="widget widget_search"><h3 class="widget-title">Поиск по сайту</h3><form role="search" method="get" id="searchform" class="searchform" action="https://readmag.ru/"><div> <label class="screen-reader-text" for="s">Найти:</label> <input type="text" value="" name="s" id="s" /> <input type="submit" id="searchsubmit" value="Поиск" /></div></form></aside><aside id="block-21" class="widget widget_block widget_text"><p></p></aside></div></div><footer id="colophon" role="contentinfo"><div class="site-info"> <a href="https://readmag.ru" class="imprint" title="Читай Магазин"> Сделанно на WordPress </a></div></footer></div> <script data-no-optimize="1">!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t||self).LazyLoad=e()}(this,function(){"use strict";function e(){return(e=Object.assign||function(t){for(var e=1;e<arguments.length;e++){var n,a=arguments[e];for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(t[n]=a[n])}return t}).apply(this,arguments)}function i(t){return e({},it,t)}function o(t,e){var n,a="LazyLoad::Initialized",i=new t(e);try{n=new CustomEvent(a,{detail:{instance:i}})}catch(t){(n=document.createEvent("CustomEvent")).initCustomEvent(a,!1,!1,{instance:i})}window.dispatchEvent(n)}function l(t,e){return t.getAttribute(gt+e)}function c(t){return l(t,bt)}function s(t,e){return function(t,e,n){e=gt+e;null!==n?t.setAttribute(e,n):t.removeAttribute(e)}(t,bt,e)}function r(t){return s(t,null),0}function u(t){return null===c(t)}function d(t){return c(t)===vt}function f(t,e,n,a){t&&(void 0===a?void 0===n?t(e):t(e,n):t(e,n,a))}function _(t,e){nt?t.classList.add(e):t.className+=(t.className?" ":"")+e}function v(t,e){nt?t.classList.remove(e):t.className=t.className.replace(new RegExp("(^|\\s+)"+e+"(\\s+|$)")," ").replace(/^\s+/,"").replace(/\s+$/,"")}function g(t){return t.llTempImage}function b(t,e){!e||(e=e._observer)&&e.unobserve(t)}function p(t,e){t&&(t.loadingCount+=e)}function h(t,e){t&&(t.toLoadCount=e)}function n(t){for(var e,n=[],a=0;e=t.children[a];a+=1)"SOURCE"===e.tagName&&n.push(e);return n}function m(t,e){(t=t.parentNode)&&"PICTURE"===t.tagName&&n(t).forEach(e)}function a(t,e){n(t).forEach(e)}function E(t){return!!t[st]}function I(t){return t[st]}function y(t){return delete t[st]}function A(e,t){var n;E(e)||(n={},t.forEach(function(t){n[t]=e.getAttribute(t)}),e[st]=n)}function k(a,t){var i;E(a)&&(i=I(a),t.forEach(function(t){var e,n;e=a,(t=i[n=t])?e.setAttribute(n,t):e.removeAttribute(n)}))}function L(t,e,n){_(t,e.class_loading),s(t,ut),n&&(p(n,1),f(e.callback_loading,t,n))}function w(t,e,n){n&&t.setAttribute(e,n)}function x(t,e){w(t,ct,l(t,e.data_sizes)),w(t,rt,l(t,e.data_srcset)),w(t,ot,l(t,e.data_src))}function O(t,e,n){var a=l(t,e.data_bg_multi),i=l(t,e.data_bg_multi_hidpi);(a=at&&i?i:a)&&(t.style.backgroundImage=a,n=n,_(t=t,(e=e).class_applied),s(t,ft),n&&(e.unobserve_completed&&b(t,e),f(e.callback_applied,t,n)))}function N(t,e){!e||0<e.loadingCount||0<e.toLoadCount||f(t.callback_finish,e)}function C(t,e,n){t.addEventListener(e,n),t.llEvLisnrs[e]=n}function M(t){return!!t.llEvLisnrs}function z(t){if(M(t)){var e,n,a=t.llEvLisnrs;for(e in a){var i=a[e];n=e,i=i,t.removeEventListener(n,i)}delete t.llEvLisnrs}}function R(t,e,n){var a;delete t.llTempImage,p(n,-1),(a=n)&&--a.toLoadCount,v(t,e.class_loading),e.unobserve_completed&&b(t,n)}function T(o,r,c){var l=g(o)||o;M(l)||function(t,e,n){M(t)||(t.llEvLisnrs={});var a="VIDEO"===t.tagName?"loadeddata":"load";C(t,a,e),C(t,"error",n)}(l,function(t){var e,n,a,i;n=r,a=c,i=d(e=o),R(e,n,a),_(e,n.class_loaded),s(e,dt),f(n.callback_loaded,e,a),i||N(n,a),z(l)},function(t){var e,n,a,i;n=r,a=c,i=d(e=o),R(e,n,a),_(e,n.class_error),s(e,_t),f(n.callback_error,e,a),i||N(n,a),z(l)})}function G(t,e,n){var a,i,o,r,c;t.llTempImage=document.createElement("IMG"),T(t,e,n),E(c=t)||(c[st]={backgroundImage:c.style.backgroundImage}),o=n,r=l(a=t,(i=e).data_bg),c=l(a,i.data_bg_hidpi),(r=at&&c?c:r)&&(a.style.backgroundImage='url("'.concat(r,'")'),g(a).setAttribute(ot,r),L(a,i,o)),O(t,e,n)}function D(t,e,n){var a;T(t,e,n),a=e,e=n,(t=It[(n=t).tagName])&&(t(n,a),L(n,a,e))}function V(t,e,n){var a;a=t,(-1<yt.indexOf(a.tagName)?D:G)(t,e,n)}function F(t,e,n){var a;t.setAttribute("loading","lazy"),T(t,e,n),a=e,(e=It[(n=t).tagName])&&e(n,a),s(t,vt)}function j(t){t.removeAttribute(ot),t.removeAttribute(rt),t.removeAttribute(ct)}function P(t){m(t,function(t){k(t,Et)}),k(t,Et)}function S(t){var e;(e=At[t.tagName])?e(t):E(e=t)&&(t=I(e),e.style.backgroundImage=t.backgroundImage)}function U(t,e){var n;S(t),n=e,u(e=t)||d(e)||(v(e,n.class_entered),v(e,n.class_exited),v(e,n.class_applied),v(e,n.class_loading),v(e,n.class_loaded),v(e,n.class_error)),r(t),y(t)}function $(t,e,n,a){var i;n.cancel_on_exit&&(c(t)!==ut||"IMG"===t.tagName&&(z(t),m(i=t,function(t){j(t)}),j(i),P(t),v(t,n.class_loading),p(a,-1),r(t),f(n.callback_cancel,t,e,a)))}function q(t,e,n,a){var i,o,r=(o=t,0<=pt.indexOf(c(o)));s(t,"entered"),_(t,n.class_entered),v(t,n.class_exited),i=t,o=a,n.unobserve_entered&&b(i,o),f(n.callback_enter,t,e,a),r||V(t,n,a)}function H(t){return t.use_native&&"loading"in HTMLImageElement.prototype}function B(t,i,o){t.forEach(function(t){return(a=t).isIntersecting||0<a.intersectionRatio?q(t.target,t,i,o):(e=t.target,n=t,a=i,t=o,void(u(e)||(_(e,a.class_exited),$(e,n,a,t),f(a.callback_exit,e,n,t))));var e,n,a})}function J(e,n){var t;et&&!H(e)&&(n._observer=new IntersectionObserver(function(t){B(t,e,n)},{root:(t=e).container===document?null:t.container,rootMargin:t.thresholds||t.threshold+"px"}))}function K(t){return Array.prototype.slice.call(t)}function Q(t){return t.container.querySelectorAll(t.elements_selector)}function W(t){return c(t)===_t}function X(t,e){return e=t||Q(e),K(e).filter(u)}function Y(e,t){var n;(n=Q(e),K(n).filter(W)).forEach(function(t){v(t,e.class_error),r(t)}),t.update()}function t(t,e){var n,a,t=i(t);this._settings=t,this.loadingCount=0,J(t,this),n=t,a=this,Z&&window.addEventListener("online",function(){Y(n,a)}),this.update(e)}var Z="undefined"!=typeof window,tt=Z&&!("onscroll"in window)||"undefined"!=typeof navigator&&/(gle|ing|ro)bot|crawl|spider/i.test(navigator.userAgent),et=Z&&"IntersectionObserver"in window,nt=Z&&"classList"in document.createElement("p"),at=Z&&1<window.devicePixelRatio,it={elements_selector:".lazy",container:tt||Z?document:null,threshold:300,thresholds:null,data_src:"src",data_srcset:"srcset",data_sizes:"sizes",data_bg:"bg",data_bg_hidpi:"bg-hidpi",data_bg_multi:"bg-multi",data_bg_multi_hidpi:"bg-multi-hidpi",data_poster:"poster",class_applied:"applied",class_loading:"litespeed-loading",class_loaded:"litespeed-loaded",class_error:"error",class_entered:"entered",class_exited:"exited",unobserve_completed:!0,unobserve_entered:!1,cancel_on_exit:!0,callback_enter:null,callback_exit:null,callback_applied:null,callback_loading:null,callback_loaded:null,callback_error:null,callback_finish:null,callback_cancel:null,use_native:!1},ot="src",rt="srcset",ct="sizes",lt="poster",st="llOriginalAttrs",ut="loading",dt="loaded",ft="applied",_t="error",vt="native",gt="data-",bt="ll-status",pt=[ut,dt,ft,_t],ht=[ot],mt=[ot,lt],Et=[ot,rt,ct],It={IMG:function(t,e){m(t,function(t){A(t,Et),x(t,e)}),A(t,Et),x(t,e)},IFRAME:function(t,e){A(t,ht),w(t,ot,l(t,e.data_src))},VIDEO:function(t,e){a(t,function(t){A(t,ht),w(t,ot,l(t,e.data_src))}),A(t,mt),w(t,lt,l(t,e.data_poster)),w(t,ot,l(t,e.data_src)),t.load()}},yt=["IMG","IFRAME","VIDEO"],At={IMG:P,IFRAME:function(t){k(t,ht)},VIDEO:function(t){a(t,function(t){k(t,ht)}),k(t,mt),t.load()}},kt=["IMG","IFRAME","VIDEO"];return t.prototype={update:function(t){var e,n,a,i=this._settings,o=X(t,i);{if(h(this,o.length),!tt&&et)return H(i)?(e=i,n=this,o.forEach(function(t){-1!==kt.indexOf(t.tagName)&&F(t,e,n)}),void h(n,0)):(t=this._observer,i=o,t.disconnect(),a=t,void i.forEach(function(t){a.observe(t)}));this.loadAll(o)}},destroy:function(){this._observer&&this._observer.disconnect(),Q(this._settings).forEach(function(t){y(t)}),delete this._observer,delete this._settings,delete this.loadingCount,delete this.toLoadCount},loadAll:function(t){var e=this,n=this._settings;X(t,n).forEach(function(t){b(t,e),V(t,n,e)})},restoreAll:function(){var e=this._settings;Q(e).forEach(function(t){U(t,e)})}},t.load=function(t,e){e=i(e);V(t,e)},t.resetStatus=function(t){r(t)},Z&&function(t,e){if(e)if(e.length)for(var n,a=0;n=e[a];a+=1)o(t,n);else o(t,e)}(t,window.lazyLoadOptions),t});!function(e,t){"use strict";function a(){t.body.classList.add("litespeed_lazyloaded")}function n(){console.log("[LiteSpeed] Start Lazy Load Images"),d=new LazyLoad({elements_selector:"[data-lazyloaded]",callback_finish:a}),o=function(){d.update()},e.MutationObserver&&new MutationObserver(o).observe(t.documentElement,{childList:!0,subtree:!0,attributes:!0})}var d,o;e.addEventListener?e.addEventListener("load",n,!1):e.attachEvent("onload",n)}(window,document);</script><script data-optimized="1" type="litespeed/javascript" data-src="https://readmag.ru/wp-content/litespeed/js/4500e12d47122e2e7251a4a42085ff7c.js?ver=b5696"></script><script>const litespeed_ui_events=["mouseover","click","keydown","wheel","touchmove","touchstart"];var urlCreator=window.URL||window.webkitURL;function litespeed_load_delayed_js_force(){console.log("[LiteSpeed] Start Load JS Delayed"),litespeed_ui_events.forEach(e=>{window.removeEventListener(e,litespeed_load_delayed_js_force,{passive:!0})}),document.querySelectorAll("iframe[data-litespeed-src]").forEach(e=>{e.setAttribute("src",e.getAttribute("data-litespeed-src"))}),"loading"==document.readyState?window.addEventListener("DOMContentLoaded",litespeed_load_delayed_js):litespeed_load_delayed_js()}litespeed_ui_events.forEach(e=>{window.addEventListener(e,litespeed_load_delayed_js_force,{passive:!0})});async function litespeed_load_delayed_js(){let t=[];for(var d in document.querySelectorAll('script[type="litespeed/javascript"]').forEach(e=>{t.push(e)}),t)await new Promise(e=>litespeed_load_one(t[d],e));document.dispatchEvent(new Event("DOMContentLiteSpeedLoaded")),window.dispatchEvent(new Event("DOMContentLiteSpeedLoaded"))}function litespeed_load_one(t,e){console.log("[LiteSpeed] Load ",t);var d=document.createElement("script");d.addEventListener("load",e),d.addEventListener("error",e),t.getAttributeNames().forEach(e=>{"type"!=e&&d.setAttribute("data-src"==e?"src":e,t.getAttribute(e))});let a=!(d.type="text/javascript");!d.src&&t.textContent&&(d.src=litespeed_inline2src(t.textContent),a=!0),t.after(d),t.remove(),a&&e()}function litespeed_inline2src(t){try{var d=urlCreator.createObjectURL(new Blob([t.replace(/^(?:)?$/gm,"$1")],{type:"text/javascript"}))}catch(e){d="data:text/javascript;base64,"+btoa(t.replace(/^(?:)?$/gm,"$1"))}return d}</script></body></html>

ReadMag.ru

рецепты по настройке программного обеспечения