Documente Academic
Documente Profesional
Documente Cultură
MikroTik RB750GL
This document has created by the testing result at PSN Lab. It does not guarantee the actual
performance, and PSN shall not be responsible for any problem and troubles.
PSN is not to control or grasp a hardware/firmware updates which should be offered by manufacturer.
1
Network composition for remote VPN
Model : MikroTik routerboard RB750GL Model : Nexus SX
Version : 6.38.3 Version : 7.1.1
PBX : NS-1000 Model : iPhone 7
Version : 004.42024 Version : 10.2.1
HQ Remote Network
Router provide an IP Mobile carrier or WiFi
MikroTik address for VPN client
MPR:192.168.0.101 10.10.10.1-10.10.10.50 VPN(L2TP/IPsec)
RB750GL Android
DSP1:192.168.0.102 V7.1.1
DSP2:192.168.0.103
WAN:10.0.0.1/29 Internet
NS-1000
LAN:192.168.0.254
iPhone
V10.2.1
2
MikroTik RB750GL
Basic configuration
3
Accessing the Web-Based GUI Interface.
4
Accessing the Web-Based GUI Interface.
Log into the RB750 using a web browser.
1) Launch a web browser on your PCs and enter the URL assigned to your RB750.
e.g.) LAN address 192.168.88.1 <Default> http://192.168.88.1
2) Automatic Login : Show the Quick Set screen
1
2
5
Configuring WAN and LAN Interface Settings.
WAN and LAN Interface settings (e.g. Static IP case)
1) Mode : Router (default) 5) Gateway : 10.0.0.2
2) Address Acquisition : Static 6) DNS Server : 8.8.8.8
3) IP address : 10.0.0.1 (WAN public IP address) 7) DNS Server : 8.8.4.4
4) Netmask : 255.255.255.248 (Choose)
After finished these settings, scroll down the screen.
2
3
4
5
6
7
6
Configuring DHCP Settings.
1) IP Address : 192.168.0.254 6) NAT : Check (Default)
2) Netmask: 255.255.255.0(/24) 7) Password : e.g. pana0101
3) Bridge All LAN Ports : Check (Port2-5 work Bridge) 8) Confirm Password : pana0101
4) DHCP Server : Check (Default) 9) Click : Apply Configuration
5) DHCP Server Range : e.g. 192.168.0.1-192.168.0.50
IP address of your PC should be change to same network segment with a Router or renew the IP
address by DHCP
1
2
3
4
5
6
8
9
7
Accessing the Web-Based GUI Interface.
After basic configuration you can log in to new IP address with new password.
1) IP Address : 192.168.0.254
2) Login: admin
3) Password : pana0101
2
3
8
MikroTik RB750GL
L2TP Server configuration
9
IP pool for VPN clients
Make an IP pool for VPN clients.
Add a NAT rule
1) Choose : IP
2) Choose : Pool
3) Choose : Pools
4) Click : Add New
10
IP pool for VPN clients
Add a VPN pool1
1) Name : VPN pool1
2) Address : 10.10.10.1-10.10.10.20
3) Click : Apply
4) Click : OK
4 3
11
Setting up L2TP/IPSec on the Mikrotik
Profiles
1) Choose : Profiles
2) Click : Add New
1
6
7
12
Setting up L2TP/IPSec on the Mikrotik
Profiles
8) Change TCP MSS : Yes 11 10
13
Setting up L2TP/IPSec on the Mikrotik
L2TP enable
1) Choose : PPP
2) Choose : interface
3) Click : L2TP Server
8 7
4) Enabled : check
5) Default Profile: VPN profile1
6) Authentication : only need mschap2 4
7) Click : Apply
8) Click : OK
14
Setting up L2TP/IPSec on the Mikrotik
Secrets
1) Choose : Secrets
2) Click : Add New
9 8
3) Enable : Check 3
4) Name : user1
4
5) Password : 123456
5
6) Service : L2tp 6
7) Profile : VPN profile1
8) Click : Apply
9) Click : OK 7
15
SETTING UP IPSEC
Thus we use L2TP tunnels and use IPSec to encrypt the data going
over the tunnel.
1) Choose : IPsec
2) Choose : Peers
3) Click : Add
16
SETTING UP IPSEC
1) Check : Enable
2) Address : 0.0.0.0/0 (Everyone can connect)
3) Port : 500
4) Auth. Method : pre shared key 1
5) Exchange Mode : main l2tp
6) Secret : 12345678 secret(password)
7) Send Initial Contact : Check 2
10
17
SETTING UP IPSEC
18 17
11) DPD Interval : 120
12) DPD Maximum Failures : 5
13) Proposal check : obey
14) Hash Algorithm : 3des 11
15) Encryption Algorithm : 3des
12
16) DH Group : modp 1024 13
17) Click : Apply
18) Click : OK
14
15
16
18
SETTING UP IPSEC
Proposals Setup
Create a new proposal
1) Choose : Proposals
2) Click : Add New
3) Use default proposal
19
SETTING UP IPSEC
Proposals Setup
20
FIREWALL SETTINGS for Outside ACCESS
For Outside access you need to have Firewall rules for UDP Ports 500, UDP Port 1701,
and UDP Port 4500
1) Choose : Firewall
2) Choose : Firewall Rules
3) Click : Add New
21
FIREWALL SETTINGS for Outside ACCESS
8 7
1) Check : Enable
2) Chain : input
3) Protocol : udp 1
4) Dst. Port : 500
5) In Interface : ether1
2
6) Connection State : new
7) Click : Apply
8) Click : OK
3
22
FIREWALL SETTINGS for Outside ACCESS
8 7
1) Check : Enable
2) Chain : input
3) Protocol : udp
1
4) Dst. Port : 1701
5) In Interface : ether1
6) Connection State : new 2
7) Click : Apply
8) Click : OK
23
FIREWALL SETTINGS for Outside ACCESS
8 7
1) Check : Enable
2) Chain : input
3) Protocol : udp
1
4) Dst. Port : 4500
5) In Interface : ether1
6) Connection State : new 2
7) Click : Apply
8) Click : OK
24
FIREWALL SETTINGS for Outside ACCESS
Now once this is done you may want to group these rules in order and then put
them high enough in your firewall filter chain so that they get processed before any
UDP Drop Firewall filter rules you have or else they wont get processed.
25
FIREWALL SETTINGS for Outside ACCESS
After moved up to top of the drop rule.
26
Appendix 1: Factory default settings.
Using: unplug device from power, press and hold the button right after applying
power and wait until the USER LED starts flashing. Now release the button to
clear configuration.
Note: If you wait until LED stops flashing, and only then release the button - this
will instead launch Netinstall mode, to reinstall RouterOS.
27
Appendix 2 : VPN client settings.
Type: L2TP
Description: Any
Server: RB750 WAN
IP Address
Account: user1
Refer P-15
Account: Secrets
password (123456)
28
Appendix 2 : VPN client settings.
29
Appendix 2 : VPN client settings.
Name : Any
Username : user1
Refer P-15
Password : 123456
30
31