Line 12: |
Line 12: |
| * At least one end device (PC, Laptop) to configure the routers | | * At least one end device (PC, Laptop) to configure the routers |
| * WinBox application | | * WinBox application |
| + | |
| + | ==Configuration scheme== |
| + | |
| + | [[File:Networking_rutxxx_configuration_example_sstp_mikrotik_topology_v1.png|border|class=tlt-border|1100x1100px]] |
| | | |
| ==Mikrotik (server) configuration== | | ==Mikrotik (server) configuration== |
Line 35: |
Line 39: |
| sign client-template name=client-certificate ca=ca-certificate | | sign client-template name=client-certificate ca=ca-certificate |
| | | |
− | You will need to export root certificate, to so use these commands: | + | You will need to export root certificate, to do so use these commands: |
| | | |
| /certificate | | /certificate |
Line 41: |
Line 45: |
| export-certificate ca-certificate export-passphrase="" | | export-certificate ca-certificate export-passphrase="" |
| | | |
− | Instead of editing the default encrypted profile, we can create a new one. Assumption is that your MikroTik will also be a DNS server. And while at it, you can create a bit more imaginative user/password: | + | Instead of editing the default encrypted profile, we can create a new one. Assumption is that your MikroTik will also be a DNS server. And while at it, create secure user/password: |
| | | |
| /ppp | | /ppp |
Line 61: |
Line 65: |
| add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment="Allow SSTP" | | add chain=input protocol=tcp dst-port=443 action=accept place-before=0 comment="Allow SSTP" |
| | | |
− | Now go to Files and export the certificate by simply dragging it to your desktop. | + | Now go to '''Files''' and export the certificate by simply dragging it to your desktop. |
| | | |
| [[File:Networking rutxxx configuration example ovpn mikrotik 1 v2.jpg|border|class=tlt-border]] | | [[File:Networking rutxxx configuration example ovpn mikrotik 1 v2.jpg|border|class=tlt-border]] |
| + | |
| + | [[File:Networking_rutxxx_configuration_example_sstp_mikrotik_1_v1.png|border|class=tlt-border]] |
| + | |
| + | ==RUTxxx (client) configuration== |
| + | |
| + | Access RUTxxx WebUI and go to '''Service > VPN > SSTP'''. There create a new configuration by writing configuration name and pressing '''Add''' button. It should appear after a few seconds. Then press '''Edit'''. |
| + | |
| + | [[File:Networking_rutxxx_configuration_example_sstp_mikrotik_2_v1.png|border|class=tlt-border]] |
| + | |
| + | Now apply the following configuration. |
| + | |
| + | [[File:Networking_rutxxx_configuration_example_sstp_mikrotik_3_v1.png|border|class=tlt-border]] |
| + | |
| + | # '''Enable''' Instance. |
| + | # '''Write Server IP address''' (MikroTik public IP address). |
| + | # Write '''Username''' (write the username which you created with this command: secret add name='''user''' profile=vpn-profile password=password). |
| + | # Write '''Password''' (write the password which you created with this command: secret add name=user profile=vpn-profile password='''password'''). |
| + | # Upload '''CA cert''' (the file which you exported from MikroTik). |
| + | # Press '''Save'''. |
| + | |
| + | ==Testing configuration== |
| + | |
| + | Go to '''Status > Routes''' and in the '''Active IP Routes''' table you should see this new route. |
| + | |
| + | [[File:Networking_rutxxx_configuration_example_sstp_mikrotik_4_v1.png|border|class=tlt-border]] |
| + | |
| + | Try to ping the remote VPN endpoint via '''CLI''' or '''SSH''' using this command: |
| + | |
| + | ping 192.168.8.250 |
| + | |
| + | [[File:Networking_rutxxx_configuration_example_sstp_mikrotik_5_v1.png|border|class=tlt-border]] |