Changes

Template:Netoworking rutxxx configuration example mikrotik sstp (view source)

Revision as of 12:54, 9 March 2020

1,606 bytes added ,  12:54, 9 March 2020
→‎Mikrotik (server) configuration
Line 12: Line 12:  
* At least one end device (PC, Laptop) to configure the routers
 
* At least one end device (PC, Laptop) to configure the routers
 
* WinBox application
 
* WinBox application
 +
 +
==Configuration scheme==
 +
 +
[[File:Networking_rutxxx_configuration_example_sstp_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]]
    
==Mikrotik (server) configuration==
 
==Mikrotik (server) configuration==
Line 35: Line 39:  
  sign client-template name=client-certificate ca=ca-certificate
 
  sign client-template name=client-certificate ca=ca-certificate
   −
You will need to export root certificate, to so use these commands:
+
You will need to export root certificate, to do so use these commands:
    
  /certificate
 
  /certificate
Line 41: Line 45:  
  export-certificate ca-certificate export-passphrase=""
 
  export-certificate ca-certificate export-passphrase=""
   −
Instead of editing the default encrypted profile, we can create a new one. Assumption is that your MikroTik will also be a DNS server. And while at it, you can create a bit more imaginative user/password:
+
Instead of editing the default encrypted profile, we can create a new one. Assumption is that your MikroTik will also be a DNS server. And while at it, create secure user/password:
    
  /ppp
 
  /ppp
Line 61: Line 65:  
  add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment="Allow SSTP"
 
  add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment="Allow SSTP"
   −
Now go to Files and export the certificate by simply dragging it to your desktop.
+
Now go to '''Files''' and export the certificate by simply dragging it to your desktop.
    
[[File:Networking rutxxx configuration example ovpn mikrotik 1 v2.jpg|border|class=tlt-border]]
 
[[File:Networking rutxxx configuration example ovpn mikrotik 1 v2.jpg|border|class=tlt-border]]
 +
 +
[[File:Networking_rutxxx_configuration_example_sstp_mikrotik_1_v1.png|border|class=tlt-border]]
 +
 +
==RUTxxx (client) configuration==
 +
 +
Access RUTxxx WebUI and go to '''Service > VPN > SSTP'''. There create a new configuration by writing configuration name and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''.
 +
 +
[[File:Networking_rutxxx_configuration_example_sstp_mikrotik_2_v1.png|border|class=tlt-border]]
 +
 +
Now apply the following configuration.
 +
 +
[[File:Networking_rutxxx_configuration_example_sstp_mikrotik_3_v1.png|border|class=tlt-border]]
 +
 +
# '''Enable''' Instance.
 +
# '''Write Server IP address''' (MikroTik public IP address).
 +
# Write '''Username''' (write the username which you created with this command: secret add name='''user''' profile=vpn-profile password=password).
 +
# Write '''Password''' (write the password which you created with this command:  secret add name=user profile=vpn-profile password='''password''').
 +
# Upload '''CA cert''' (the file which you exported from MikroTik).
 +
# Press '''Save'''.
 +
 +
==Testing configuration==
 +
 +
Go to '''Status > Routes''' and in the '''Active IP Routes''' table you should see this new route.
 +
 +
[[File:Networking_rutxxx_configuration_example_sstp_mikrotik_4_v1.png|border|class=tlt-border]]
 +
 +
Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command:
 +
 +
ping 192.168.8.250
 +
 +
[[File:Networking_rutxxx_configuration_example_sstp_mikrotik_5_v1.png|border|class=tlt-border]]
Justinasm
0

edits

Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/55970...56467"

Navigation menu