Good afternoon, tell me how to generate a lot of certificates for connecting to OpenVPN Server TUNEL.
When creating an instance of OpenVPN TUNEL, a certificate and a key are created, but one certificate cannot connect many clients.
Where and how to generate a lot of certifier for one copy of OpenVPN TUNEL
OpenVPN Server Tunnel is to connect two Servers per VPN.
For using Clients with several certificates please use OpenVPN RoadWarrior.
and if I have 100 mikrotik? then how to connect them correctly
Put all 100 Mikrotik in the same trashcan, it’s cheap rubbish!
-> NOT the right hardware for 100 sites!
If you have 100 sites, and you want to use ONE same connection among all sites?
Plan your network right!
Okay.
Then share your experience would you like to combine 40 small branches?
40? No more 100?
Easy enough: Set up 40 Site2Site VPNs…
Each needs to be “individual”, not sharing certs or shared secrets!
40 VPNs? About a days work. Better doing a list first, with IPs, Shared Secrets and whatever else is needed…
Then sit down in front of your favorite workstation or notebook, and configure one after the other.
Be sure to make breaks in between, otherwise errors cumulate…
I have a similiar task in front of me the next couple of weeks. Need to migrate the big firewall from PFsense to OPNsense. Even as a fork of the other, the config files are very similiar, yet too different…
There are about 50 RoadWarrior VPNs alone on that box, and all NEED to use different Certs…
And there are three failover/load balancing Internet Connections, to make things a little harder…
I have interconnected 10 sites - not using hub and spoke, but each site connected to every other directly… About 100 VPNs… All Sites had low bandwidth (upload), so no central hub…
A lot of work, not much margin for error, but doable, and my client is paying for a top job, so that’s what he gets!!!
My 2 cents
Andy
1 Like
Andy thank you for your answer.
OPNsense is a very powerful tool!
At OPNsense, I know how to combine many points, how to connect them correctly, and how to configure a firewall.
in OPNsense everything is clear, not everything, of course, there are questions about the backup channel, I wrote to you already, you did not answer me …
there the approach is different and more correct, I think, but I want to try to implement it on nethserver, but every time I get more and more frustrated
Hi
Be back with you in a moment, I need to do a support call…
MikroTik is a pretty flexible and inexpensive box that supports a lot of things, why rubbish?
Share your experience, is there something similar and what would you use in small branches
Hi
Support call done! 
I use these for most of my clients:
https://www.pcengines.ch/apu4d4.htm
About 120$, add casing, power brick and storage (now SSD, before SD).
This gives me a very quiet, fully powered OPNsense.
I have about 30 at diverse clients in operation.
This modell, and the earlier one with dual core / quad core CPU and three NIC Interfaces.
I even have one with built in WLan…
With an SSD, I can easily run a full Squid Proxy (Using a PI-Hole) for DNS, whereas the OPNsense itself is the real, full DNS for my clients, along with the NethServer (Running as 2nd DNS).
I do recall our earlier exchange, about 4 weeks ago… I am employed at a full time day’s job, and I’m also self employed (50%). Then I also help out here in this forum, whenever I find time…
You mentionned Backup with OPNsense:
See this:
https://forum.opnsense.org/index.php?topic=15349.0
or this:
This will jump to a post by DanB, also active here as Ambassador…
(Works with NethServer!).
I don’t want to give Google even encrypted OPNsense Configs! Prefer my stuff on my servers / storage!
My 2 cents
Andy