Site to Site VPN on ADSL with Prajak Thunyawiraphap (prajak@mikrotiktutorial.com)



Similar documents
The Use of Mikrotik Router Boards With Radius Server for ISPs.

PPTP Tunnel. Table of Contents. General Information. Summary

How To Configure L2TP VPN Connection for MAC OS X client

» David Bisschoff» Durban, South Africa» Work at Kinsey Computers» Discovered MikroTik in Kinsey Computers cc

VLAN in MikroTik. By Mohammed Khomeini Bin ABU MUM Indonesia, 2013

Building scalable and reliable WISP and city carrier networks based on RouterOS Ver.. 3

MPLS for ISPs PPPoE over VPLS. MPLS, VPLS, PPPoE

Load Balancing Using PCC & RouterOS

Digi Connect WAN Application Guide Using the Digi Connect WAN and Digi Connect VPN with a Wireless Router/Access Point

PPPoE. Table of Contents. General Information. Summary

MikroTik Certified Network Associate (MTCNA) Training outline

Creating a VPN with overlapping subnets

Building Effective Firewalls with MikroTik P R E S E N T E D B Y: R I C K F R E Y, N E T W O R K E N G I N E E R I P A R C H I T E C H S O P E R AT I

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Load Balancing Using PCC & RouterOS

SMC7901WBRA2-B1 Installation Guide

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

How To - Setup Cyberoam VPN Client to connect to a Cyberoam for the remote access using preshared key

How To Configure Apple ipad for Cyberoam L2TP

Magnum Network Software DX

Schedule. MikroTik RouterOS Training User Management. Instructor. Housekeeping. Topics Overview. Course Objective 8/1/2014

Quick Installation Guide For Mac users

Using IPsec VPN to provide communication between offices

BROADBAND INTERNET ROUTER USER S MANUAL. Version Page 1 of 13 -

How To Setup Cyberoam VPN Client to connect a Cyberoam for remote access using preshared key

Quick Installation Guide-For MAC users

Configuring DrayTek Equipment With A Sky Network.

I. What is VPN? II. Types of VPN connection. There are two types of VPN connection:

IP Flow Routing, Mangle and QoS

Bandwidth-based load-balancing with failover. The easy way. We need more bandwidth.

Godinich Consulting. VPN's Between Mikrotik and 3rd Party Devices

Cisco Which VPN Solution is Right for You?

Tech-Note Bridges Vs Routers Version /06/2009. Bridges Vs Routers

MikroTik Invisible Tools. By : Haydar Fadel 2014

Formación MTCUME. MikroTik Certified User Manager Engineer. Pre-requisitos: - Certificación MTCNA

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

1.0 DHCPD.CONF. option domain-name-servers ; option domain-name "smuth-mru.org.zm"; option broadcast-address

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Remote Access via VPN Configuration (May 2011)

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

DSL-G604T Install Guides

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

PPTP Server Access Through The

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

IP Office Technical Tip

How to access peers with different VPN through IPSec. Tunnel

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

Chapter 1 Connecting Your Router to the Internet

Multi-Homing Security Gateway

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

Load Balance with Masquerade Network on RouterOS. Prepared by: Janis Megis (Mikrotik) Valens Riyadi (Citraweb)

ZyXEL ZyWALL P1 firmware V3.64

Chapter 3 Security and Firewall Protection

DSL-2600U. User Manual V 1.0

Comtrend 1 Port Router Installation Guide CT-5072T

What information will you find in this document?

Configuring an IPsec VPN to provide ios devices with secure, remote access to the network

GregSowell.com. Mikrotik Security

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

P-660HN n Wireless ADSL2+ 4-port Gateway DEFAULT LOGIN DETAILS. Firmware Version 1.10 Edition 1, 9/2010. IP Address:

This chapter describes how to set up and manage VPN service in Mac OS X Server.

Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.

Comtrend 4 Port Router Installation Guide CT-5361T

Apliware firewall. TheGreenBow IPSec VPN Client. Configuration Guide.

WISP 101. The DO s and DON T s of becoming a Wireless ISP

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Configure IPSec VPN Tunnels With the Wizard

Business VoIP Solution Training 04/2009

Seu servidor deverá estar com a versão 3.24 ou superior do Mikrotik RouterOS e no mínimo 4 (quatro) placas de rede.

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Appendix IP CAMERA Network Connections

NETWORK SETUP GLOSSARY

University of Hawaii at Manoa Professor: Kazuo Sugihara

Network Services Internet VPN

Workflow Guide. Establish Site-to-Site VPN Connection using RSA Keys. For Customers with Sophos Firewall Document Date: November 2015

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Wireless Broadband Router. Manual

Load Balance Router R258V

For extra services running behind your router. What to do after IP change

The Billion 8800NL - All-In-One Bridge modem solution for the UK For use with a dedicated firewall

How To Configure some basic firewall and VPN scenarios

VPN. Date: 4/15/2004 By: Heena Patel

REMOTE ACCESS VPN NETWORK DIAGRAM

Internet Router. Enhance your Internet surfing experience with various connection types

Evaluation guide. Vyatta Quick Evaluation Guide

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

Internet Privacy Options

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Netopia TheGreenBow IPSec VPN Client. Configuration Guide.

Quick Installation Guide

M2M Series Routers. Port Forwarding / DMZ Setup

NAPT. (SV8100 version 3.0 or higher)

How To Set Up A Pploe On A Pc Orca On A Ipad Orca (Networking) On A Macbook Orca 2.5 (Netware) On An Ipad 2.2 (Netrocessor

VLAN Workshop. Presenter: Paul Eriksson. VLAN Workshop 2009 RoamingNet Sweden ( 1

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Chapter 8 Advanced Configuration

Network Setup Guide. 1 Glossary. 2 Operation. 1.1 Static IP. 1.2 Point-to-Point Protocol over Ethernet (PPPoE)

AlliedWare TM OS How To. Configure VPNs in a Corporate Network, with Optional Prioritisation of VoIP. Introduction. Contents

Transcription:

Site to Site VPN on ADSL with Prajak Thunyawiraphap (prajak@mikrotiktutorial.com) MUM Thailand in May 22, 2014

Introduce Ruamrudee International School Technology Committee / Network Admin 2,400 users : Computer 1,300 Units Live Inc. Public Company IT Director Broadcasting, High Availability system, Networking

Scenario

Scenario

http://wiki.mikrotik.com/wiki/manual:ip/ipsec

Basic Setup for HQ Router Prevent Confusion /system identity set name=hq Setup WAN PPPOE /interface pppoe client add user=hq password=hq add default route=yes disabled=no name=pppoe out1 profile=default usepeer dns=yes interface=ether1 Setup LAN IP /ip address add address=192.168.10.1/24 interface=ether2 network=192.168.10.0

Basic Setup for HQ Router (cont.) Setup DNS /ip dns set allow remote requests=yes Setup DHCP Service /ip pool add name=dhcp_pool1 ranges=192.168.10.100 192.168.10.199 /ip dhcp server add address pool=dhcp_pool1 disabled=no interface=ether2 lease time=1h name=dhcp1 /ip dhcp server network add address=192.168.10.0/24 dnsserver=192.168.10.1 gateway=192.168.10.1 Setup Masquerade (NAT) /ip firewall nat add action=masquerade chain=srcnat src address=192.168.10.0/24

Basic Setup for Branch Router Prevent Confusion /system identity set name=branch Setup WAN PPPOE /interface pppoe client add user=branch password=branch add defaultroute=yes disabled=no name=pppoe out1 profile=default use peer dns=yes interface=ether1 Setup LAN IP /ip address add address=192.168.20.1/24 interface=ether2 network=192.168.20.0

Basic Setup for Branch Router (cont.) Setup DHCP Service /ip pool add name=dhcp_pool1 ranges=192.168.20.100 192.168.20.199 /ip dhcp server add address pool=dhcp_pool1 disabled=no interface=ether2 lease time=1h name=dhcp1 /ip dhcp server network add address=192.168.20.0/24 dnsserver=192.168.20.1 gateway=192.168.20.1 Setup DNS /ip dns set allow remote requests=yes Setup Masquerade (NAT) /ip firewall nat add action=masquerade chain=srcnat src address=192.168.20.0/24

Setup L2TP Server on HQ Enable L2TP Server /interface l2tp server server set default profile=branch1 enabled=yes Create L2TP Profile /ppp profile add name=branch1 Create Login account for branch /ppp secret add local address=192.168.30.1 name=branch1 l2tp password=branch1 l2tp profile=branch1 remote address=192.168.30.2 routes=192.168.20.0/24 service=l2tp Make NAT Exception for VPN Traffic /ip firewall nat add chain=srcnat dst address=192.168.20.0/24 src address=192.168.10.0/24

L2TP Server Setup on HQ (cont.) Make Sure VPN Exception is on top of NAT rule Setup DynDNS Script on HQ Router http://wiki.mikrotik.com/wiki/dynamic_dns_update_script_for_dyndns (Scripts for RoS 4.x, 5.x, 6.x and Scheduler) Remark : in this example I set dynamic DNS name hq.mikrotiktutorial.com

L2TP Server Setup on HQ (explain) /ppp secret add local address=192.168.30.1 name=branch1 l2tp password=branch1 l2tp profile=branch1 remote address=192.168.30.2 routes=192.168.20.0/24 service=l2tp

L2TP Client Setup on Branch Create L2TP Client Connection /interface l2tp client add name=l2tp to hq user=branch1 l2tp password=branch1 l2tp add default route=no connect to=hq.mikrotiktutorial.com disabled=no name=l2tp to hq profile=default encryption Route back to HQ /ip firewall nat add chain=srcnat dst address=192.168.10.0/24 srcaddress=192.168.20.0/24 Don t forget to move this line on top of default NAT rule. /ip route add dst address=192.168.10.0/24 gateway=l2tp to hq

What s else? DNS TTL http://network tools.com/nslook/

Thank you http://www.mikrotiktutorial.com

# HQ # may/22/2014 05:58:13 by RouterOS 6.13 # /interface wireless security-profiles set [ find default=yes ] supplicant-identity=mikrotik /ip hotspot user profile set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \ mac-cookie-timeout=3d /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des /ip pool add name=dhcp_pool1 ranges=192.168.10.100-192.168.10.199 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=1h name=\ dhcp1 /port set 0 name=serial0 set 1 name=serial1 /ppp profile add name=branch1 /interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 \ default-route-distance=1 dial-on-demand=no disabled=no interface=ether1 \ keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 \ password=hq profile=default service-name="" use-peer-dns=yes user=hq /system logging action set 0 memory-lines=100 set 1 disk-lines-per-file=100 /interface l2tp-server server set default-profile=branch1 enabled=yes /ip address add address=192.168.10.1/24 interface=ether2 network=192.168.10.0 add address=192.168.200.100/24 disabled=yes interface=ether1 network=\ 192.168.200.0 /ip dhcp-server network add address=192.168.10.0/24 dns-server=192.168.10.1 gateway=192.168.10.1 /ip dns set allow-remote-requests=yes /ip firewall filter add action=drop chain=forward disabled=yes src-address=192.168.20.0/24 /ip firewall nat add chain=srcnat dst-address=192.168.20.0/24 src-address=192.168.10.0/24 add action=masquerade chain=srcnat src-address=192.168.10.0/24 /ip upnp set allow-disable-external-interface=no /ppp secret add local-address=192.168.30.1 name=branch1-l2tp password=branch1-l2tp profile=\ Branch1 remote-address=192.168.30.2 routes=192.168.20.0/24 service=l2tp /system identity set name=hq /system lcd set contrast=0 enabled=no port=parallel type=24x4 /system lcd page set time disabled=yes display-time=5s set resources disabled=yes display-time=5s set uptime disabled=yes display-time=5s set packets disabled=yes display-time=5s set bits disabled=yes display-time=5s set version disabled=yes display-time=5s set identity disabled=yes display-time=5s set pppoe-out1 disabled=yes display-time=5s set <l2tp-branch1-l2tp> disabled=yes display-time=5s set ether1 disabled=yes display-time=5s set ether2 disabled=yes display-time=5s

#Branch # may/22/2014 05:58:56 by RouterOS 6.13 # /interface wireless security-profiles set [ find default=yes ] supplicant-identity=mikrotik /ip hotspot user profile set [ find default=yes ] idle-timeout=none keepalive-timeout=2m mac-cookie-timeout=3d /ip ipsec proposal set [ find default=yes ] enc-algorithms=3des /ip pool add name=dhcp_pool1 ranges=192.168.20.100-192.168.20.199 /ip dhcp-server add address-pool=dhcp_pool1 disabled=no interface=ether2 lease-time=1h name=dhcp1 /port set 0 name=serial0 set 1 name=serial1 /interface l2tp-client add add-default-route=no allow=pap,chap,mschap1,mschap2 connect-to=hq.mikrotiktutorial.com dial-on-demand=no \ disabled=no keepalive-timeout=60 max-mru=1450 max-mtu=1450 mrru=1600 name=l2tp-to-hq password=branch1-l2tp \ profile=default-encryption user=branch1-l2tp /interface pppoe-client add ac-name="" add-default-route=yes allow=pap,chap,mschap1,mschap2 default-route-distance=1 dial-on-demand=no \ disabled=no interface=ether1 keepalive-timeout=60 max-mru=1480 max-mtu=1480 mrru=1600 name=pppoe-out1 \ password=branch1 profile=default service-name="" use-peer-dns=yes user=branch1 /system logging action set 0 memory-lines=100 set 1 disk-lines-per-file=100 /ip address add address=192.168.20.1/24 interface=ether2 network=192.168.20.0 /ip dhcp-server network add address=192.168.20.0/24 dns-server=192.168.20.1 gateway=192.168.20.1 /ip dns set allow-remote-requests=yes /ip firewall nat add chain=srcnat dst-address=192.168.10.0/24 src-address=192.168.20.0/24 add action=masquerade chain=srcnat src-address=192.168.20.0/24 /ip route add distance=1 dst-address=192.168.10.0/24 gateway=l2tp-to-hq /ip upnp set allow-disable-external-interface=no /system identity set name="branch 1" /system lcd set contrast=0 enabled=no port=parallel type=24x4 /system lcd page set time disabled=yes display-time=5s set resources disabled=yes display-time=5s set uptime disabled=yes display-time=5s set packets disabled=yes display-time=5s set bits disabled=yes display-time=5s set version disabled=yes display-time=5s set identity disabled=yes display-time=5s set pppoe-out1 disabled=yes display-time=5s set l2tp-to-hq disabled=yes display-time=5s set ether1 disabled=yes display-time=5s set ether2 disabled=yes display-time=5s

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information