Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • VPN Mikrotik Cliente - Servidor L2TP IPsec Extensiones Remotas IOS Android

    Încărcat de

    Jose Arturo
    106 vizualizări32 pagini
    MIKROTIX

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    MIKROTIX

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    106 vizualizări32 pagini

    VPN Mikrotik Cliente - Servidor L2TP IPsec Extensiones Remotas IOS Android

    Încărcat de

    Jose Arturo
    MIKROTIX

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 32

    Remote VPN configuration guide

    MikroTik RB750GL

    Panasonic System Networks Co.,Ltd


    Mar. 2nd. 2017
    -Table of contents-

    Network composition for remote VPN ------------------------------------------------------------------------ 2


    Basic configuration of RB750GL router ---------------------------------------------------------------------- 3
    Accessing the Web-Based GUI Interface ------------------------------------------------------------- 4
    Configuring WAN and LAN Interface Settings ------------------------------------------------------- 6
    MikroTik RB750GL L2TP Server configuration ------------------------------------------------------------ 9
    IP pool for VPN clients -------------------------------------------------------------------------------------10
    Setting up L2TP/IPSec on the Mikrotik -----------------------------------------------------------------12
    SETTING UP IPSEC ----------------------------------------------------------------------------------------16
    FIREWALL SETTINGS for Outside ACCESS --------------------------------------------------------21
    Appendix 1: Factory default settings ------------------------------------------------------------------------27
    Appendix 2: VPN client settings ------------------------------------------------------------------------------28

    This document has created by the testing result at PSN Lab. It does not guarantee the actual
    performance, and PSN shall not be responsible for any problem and troubles.
    PSN is not to control or grasp a hardware/firmware updates which should be offered by manufacturer.

    1
    Network composition for remote VPN
    Model : MikroTik routerboard RB750GL Model : Nexus SX
    Version : 6.38.3 Version : 7.1.1
    PBX : NS-1000 Model : iPhone 7
    Version : 004.42024 Version : 10.2.1

    HQ Remote Network
    Router provide an IP Mobile carrier or WiFi
    MikroTik address for VPN client
    MPR:192.168.0.101 10.10.10.1-10.10.10.50 VPN(L2TP/IPsec)
    RB750GL Android
    DSP1:192.168.0.102 V7.1.1
    DSP2:192.168.0.103
    WAN:10.0.0.1/29 Internet

    NS-1000
    LAN:192.168.0.254
    iPhone
    V10.2.1

    SIP extension call


    Internet access via router
    via VPN.

    2
    MikroTik RB750GL
    Basic configuration

    3
    Accessing the Web-Based GUI Interface.

    1) Internet connection cable connect to Ethernet port 1


    2) Your PC connect to Ethernet port 2

    ADSL Modem or Router


    For the Internet connection
    1 2

    Connect your PC for WEB


    programing

    4
    Accessing the Web-Based GUI Interface.
    Log into the RB750 using a web browser.
    1) Launch a web browser on your PCs and enter the URL assigned to your RB750.
    e.g.) LAN address 192.168.88.1 <Default> http://192.168.88.1
    2) Automatic Login : Show the Quick Set screen

    1
    2

    5
    Configuring WAN and LAN Interface Settings.
    WAN and LAN Interface settings (e.g. Static IP case)
    1) Mode : Router (default) 5) Gateway : 10.0.0.2
    2) Address Acquisition : Static 6) DNS Server : 8.8.8.8
    3) IP address : 10.0.0.1 (WAN public IP address) 7) DNS Server : 8.8.4.4
    4) Netmask : 255.255.255.248 (Choose)
    After finished these settings, scroll down the screen.

    2
    3
    4

    5
    6
    7

    6
    Configuring DHCP Settings.
    1) IP Address : 192.168.0.254 6) NAT : Check (Default)
    2) Netmask: 255.255.255.0(/24) 7) Password : e.g. pana0101
    3) Bridge All LAN Ports : Check (Port2-5 work Bridge) 8) Confirm Password : pana0101
    4) DHCP Server : Check (Default) 9) Click : Apply Configuration
    5) DHCP Server Range : e.g. 192.168.0.1-192.168.0.50
    IP address of your PC should be change to same network segment with a Router or renew the IP
    address by DHCP

    1
    2
    3
    4
    5
    6

    8
    9
    7
    Accessing the Web-Based GUI Interface.
    After basic configuration you can log in to new IP address with new password.
    1) IP Address : 192.168.0.254
    2) Login: admin
    3) Password : pana0101

    2
    3

    8
    MikroTik RB750GL
    L2TP Server configuration

    9
    IP pool for VPN clients
    Make an IP pool for VPN clients.
    Add a NAT rule
    1) Choose : IP
    2) Choose : Pool
    3) Choose : Pools
    4) Click : Add New

    10
    IP pool for VPN clients
    Add a VPN pool1
    1) Name : VPN pool1
    2) Address : 10.10.10.1-10.10.10.20
    3) Click : Apply
    4) Click : OK

    4 3

    You can confirm a VPN pool1 as below.

    11
    Setting up L2TP/IPSec on the Mikrotik
    Profiles
    1) Choose : Profiles
    2) Click : Add New
    1

    3) Name : VPN profile1


    4) Local Address : 192.168.0.254 (LAN IP address)
    5) Remote Address : VPN pool1
    6) DNS Server : 8.8.8.8 3

    7) DNS Server : 8.8.4.4 4


    5

    6
    7

    12
    Setting up L2TP/IPSec on the Mikrotik
    Profiles
    8) Change TCP MSS : Yes 11 10

    9) Each parameters check : default


    10) Click: Apply
    11) Click : OK

    13
    Setting up L2TP/IPSec on the Mikrotik
    L2TP enable
    1) Choose : PPP
    2) Choose : interface
    3) Click : L2TP Server

    8 7
    4) Enabled : check
    5) Default Profile: VPN profile1
    6) Authentication : only need mschap2 4
    7) Click : Apply
    8) Click : OK

    14
    Setting up L2TP/IPSec on the Mikrotik
    Secrets
    1) Choose : Secrets
    2) Click : Add New

    9 8

    3) Enable : Check 3
    4) Name : user1
    4
    5) Password : 123456
    5
    6) Service : L2tp 6
    7) Profile : VPN profile1
    8) Click : Apply
    9) Click : OK 7

    15
    SETTING UP IPSEC
    Thus we use L2TP tunnels and use IPSec to encrypt the data going
    over the tunnel.
    1) Choose : IPsec
    2) Choose : Peers
    3) Click : Add

    16
    SETTING UP IPSEC

    1) Check : Enable
    2) Address : 0.0.0.0/0 (Everyone can connect)
    3) Port : 500
    4) Auth. Method : pre shared key 1
    5) Exchange Mode : main l2tp
    6) Secret : 12345678 secret(password)
    7) Send Initial Contact : Check 2

    8) NAT Traversal : Check 3


    9) Generate Policy : port override
    10) Lifetime: 1d 00:00:00 (1 Day)
    4

    10

    17
    SETTING UP IPSEC
    18 17
    11) DPD Interval : 120
    12) DPD Maximum Failures : 5
    13) Proposal check : obey
    14) Hash Algorithm : 3des 11
    15) Encryption Algorithm : 3des
    12
    16) DH Group : modp 1024 13
    17) Click : Apply
    18) Click : OK

    14

    15

    16

    18
    SETTING UP IPSEC
    Proposals Setup
    Create a new proposal
    1) Choose : Proposals
    2) Click : Add New
    3) Use default proposal

    19
    SETTING UP IPSEC
    Proposals Setup

    1) Check : Enabled 5) Lifetime : 00:30:00 (Default)


    2) Name : e.g. default 6) PFS Group : none
    3) Auth. Algorithms : sha1 7) Click : Apply
    4) Encr. Algorithms : 3des , aes-256 cbc 8) Click : OK
    8 7

    20
    FIREWALL SETTINGS for Outside ACCESS
    For Outside access you need to have Firewall rules for UDP Ports 500, UDP Port 1701,
    and UDP Port 4500
    1) Choose : Firewall
    2) Choose : Firewall Rules
    3) Click : Add New

    21
    FIREWALL SETTINGS for Outside ACCESS
    8 7
    1) Check : Enable
    2) Chain : input
    3) Protocol : udp 1
    4) Dst. Port : 500
    5) In Interface : ether1
    2
    6) Connection State : new
    7) Click : Apply
    8) Click : OK
    3

    22
    FIREWALL SETTINGS for Outside ACCESS
    8 7

    1) Check : Enable
    2) Chain : input
    3) Protocol : udp
    1
    4) Dst. Port : 1701
    5) In Interface : ether1
    6) Connection State : new 2
    7) Click : Apply
    8) Click : OK

    23
    FIREWALL SETTINGS for Outside ACCESS
    8 7
    1) Check : Enable
    2) Chain : input
    3) Protocol : udp
    1
    4) Dst. Port : 4500
    5) In Interface : ether1
    6) Connection State : new 2
    7) Click : Apply
    8) Click : OK

    24
    FIREWALL SETTINGS for Outside ACCESS
    Now once this is done you may want to group these rules in order and then put
    them high enough in your firewall filter chain so that they get processed before any
    UDP Drop Firewall filter rules you have or else they wont get processed.

    25
    FIREWALL SETTINGS for Outside ACCESS
    After moved up to top of the drop rule.

    26
    Appendix 1: Factory default settings.

    Using: unplug device from power, press and hold the button right after applying
    power and wait until the USER LED starts flashing. Now release the button to
    clear configuration.

    Note: If you wait until LED stops flashing, and only then release the button - this
    will instead launch Netinstall mode, to reinstall RouterOS.

    27
    Appendix 2 : VPN client settings.

    iPhone 7 (Ver.10.2.1) L2TP VPN Client settings

    Type: L2TP

    Description: Any
    Server: RB750 WAN
    IP Address
    Account: user1
    Refer P-15

    Account: Secrets
    password (123456)

    Secret: Pre Shared


    Key (12345678)

    28
    Appendix 2 : VPN client settings.

    Nexus SX (Android Ver. 7.1.1) L2TP VPN Client settings 1/2

    29
    Appendix 2 : VPN client settings.

    Nexus SX (Android Ver. 7.1.1) L2TP VPN Client settings 2/2

    Name : Any

    Choose: L2TP/IPsec PSK

    10.0.0.1 Server: RB750 WAN IP


    Address

    Pre Shared Key :


    12345678

    Username : user1
    Refer P-15
    Password : 123456

    30
    31

    S-ar putea să vă placă și