Difference between revisions of "Configure VPN Server"

Mark Notes

To Do: set time and timezone set secure password / change user name?

<br\><br\>

Initial Configuration

Set up RB2011LS-IN Router for initial configuration

Connect to power

Connect cat 5 cable from Port ETH6 to the NIC for Idrive wireless (192.168.0.10)

<br\><br\>

Connect using Winbox

Download and install Winbox Configuration tool for RouterOS.

Run Winbox.exe or double click the icon on the desktop

click the “…” button, wait for equipment MAC address to be listed, click on it and Connect. (Default IP Address is 192.168.88.1)

Document the MAC address for entry into AdminCenter

Click on "Connect"

Log in is as admin / password is blank

<br\><br\><br\><br\>

Initial Log in

A pop-up window will appear and choose "Remove Configuration" otherwise the router will create a default configuration.

Setup using Restore configuration file (Recommended)

It is much easier to set the routers configuration using the backup/restore RouterOS function. This imports the standard idrive configuration from a .backup file. The only settings that will have to be changed after restore will be the internet connections settings.

Download the most current .backup file from Admin Center

Unzip the file to your Desktop on your computer

In WinBox select “Files” from the left menu to open the Files List window.

Use the mouse to drag the configuration file from the Desktop to the Files List (uploads the file to the Router)

Highlight the config file and click on "Restore"

Select “Files” section from left menu, drag the specific .backup file on the files list and click “Restore”. After this only thing that needs to be changed is the IP addresses of the Base Station equipment (RB2011LS-IN), port “ether1”, for internet connection, using Winbox under “IP” section > “Addressed” and gateway under “IP” section > “Routes” (0.0.0.0/0 to x.x.x.x).

Set the specific internet settings for this customer and location

<br\><br\>

Setup using manual method

First step is to create a static IP for your internet connection.

Select "Addresses" from "IP" and click the plus sign.

We used IP 10.3.0.80 which is a local IP from the main router IP Pool and we have forwarded the 1723 port.

Route IP for internet access.

Add IP 0.0.0.0/0 in "Dst. Address:" box. In "Gateway" box add your gateway.

Select "Bridge" from the left menu and add new bridge.

From the same interface select "Ports" tab and add interfaces ether1 and ether2 to "bridge_internet"

Now repeat the step above and create a new bridge.

Make sure the "ARP" is disabled!

From the same interface click on "STP" tab, check "Protocol mode: rstp" and apply.

Select "Ports" tab from the "Bridge" interface and add new bridge port.

Select "ether3" and "bridge_tunnel" from the drop-down list.

Create a third bridge, "bridge_local" with "ARP" enabled and add MAC Address: 00:00:5E:80:01:01.

Select "STP" tab, check "Protocol mode: rstp" and apply.

Return to the IP->Address List interface and add "192.168.0.2/16" to "bridge_local".

Select "Profiles" tab from PPP interface add new profile.

From the "General" tab fill the new profile name and select "bridge_tunnel" from drop-down list.

Select "Protocols" tab and check "yes" from "Use Encryption".

From PPP interface select "Secrets" tab and create new secret.

Fill with the name and password and select the profile you have created above.

Select "SSTP Server" from PPP->Interface, check 1723 port, select "default-encryption" and uncheck "pap" and "chap" authentication.

If the VPN client is configured the connection will start automatically. If the VPN client is not configured, check Configure VPN Client.

To check active connection select PPP->Active Connection or Bridge->Ports.

Add the rest of interfaces to "bridge_local" in order to use the router in network.