Difference between revisions of "Configure VPN Server"

Information Requirements

Static Internet connection information for Idrive Base Station site

• IP Address in slash notation EX: 216.133.162.68/28 = IP Address 216.133.162.67 NetMask 255.255.255.240

• Default Gateway for connection EX: 216.133.162.65

• Network Address EX: 216.133.162.64

IP address block explained. the /28 limits the Block of addresses to 16 as follows:

216.133.162.64 - Network Address (1 address)

216.133.162.65 - Gateway Address (1 address)

216.133.162.66 - 216.133.162.79 14 useable addresses)

http://www.zytrax.com/tech/protocols/ip-classes.html#calculator

<br\><br\>

Initial Configuration Setup

Set up RB2011LS-IN Router for initial configuration

Document the MAC addresses range from the bottom of the unit. IE 00:0C:42:AE:F2:7C - 00:0C:42:AE:F2:86 (10 addresses). These will be used to connect to the device and be logged in AdminCenter.

Connect to power

Connect cat 5 cable from Port ETH6 to the NIC for Idrive wireless

• Change settings for wireless NIC to:

-192.168.88.10

-255.255.255.0

<br\><br\>

Connect using Winbox

Download and install Winbox Configuration tool for RouterOS.

Run Winbox.exe or double click the icon on the desktop

• Enter the Default "Connect To" IP Address: 192.168.88.1

• Login: admin

• password: blank

• Click "Connect"

Upon initial log in the "RouterOS Default Configuration" pop-up window will appear. Choose "OK". We are not concerned about the default settings because they will be overwritten with the idrive default configuration file.

<br\><br\><br\><br\>

Upgrade OS and Firmware

Obtain the latest versions (V6.x) from the MicroTik [|download] site

Click on the correct link for the hardware architecture (mipsbe for RB2011)

Click on "All Packages" and click Save

Extract all of the files from zip package

Copy the files from your computer to the Router Board by dragging and dropping all of the files into the files list in the WinBox window

Restart the router and log back into the router and confirm that WinBox shows the new version of RouterOS and Firmware

Log back into the router and confirm the WinBox shows the new version of RouterOS and Firmware

<br\><br\>

Setup using Restore configuration file (Recommended)

Load Idrive Standard configuration

For simplicity and consistency it is better to set the routers configuration using the RouterOS backup/restore function. This "restores" the standard idrive configuration from a .backup file. This will leave only a few custom settings that are specific to the customer location(s).

• Download the most current .backup file from Admin Center

• Unzip the file to the Desktop on your computer

• In WinBox select “Files” from the left menu to open the Files List window.

• Use the mouse to drag and drop the configuration file from the Desktop into the Files List (uploads the file to the Router)

• Highlight the config file and click on "Restore"

The router will reboot with the new configuration. You will need to use the new IP address and password

-The new IP address for Ports 6 - 10 will be 192.168.0.2

-Change the IP address on your NIC to 192.168.0.10

Reconnect to the Router with the "Connect to" address of 192.168.0.2, password idrive#

<br\><br\><br\><br\><br\><br\><br\><br\><br\>

Set Customer/Location Specific Settings

Static Internet IP Address

Click IP >Address to open the Address list form. Double Click on an address to edit. Both interface addresses are shown open here. You should only need to change the ether1 address.

Modify the internet connection address for the customer's location.

ether1 - This is the Static Ip Address for the Base Station

• Enter Static IP address (216.133.162.68/28 in this example)

• Enter Network Address (216.133.162.64 in this example)

• Interface "ether1"

bridge_local - This is the IP address that the base station will see. Ports 5,6,7,8,9,10 share this address.

• IP Address 192.168.0.2/16

• Network 192.168.0.0

• Interface bridge_local

<br\><br\>

Set Timezone for customer location

Set the timezone. The Date and time will be set by NTP (Network Time Protocol) when connected to the internet

<br\><br\>

Cable Connections

EHT1 & ETH2 - Internet

ETH3 - loopback cable to ETH4

ETH4 - loopback cable to ETH3

ETH5 - Idrive Base Station Wireless NIC (192.168.0.10)

ETH6 - ETH10 - Local extra APs (192.168.0.2)

<br\><br\>

Setup using manual method

create a static IP for your internet connection

see [Here]

<br\><br\>

Route IP for internet access

Add IP 0.0.0.0/0 in "Dst. Address:" box. In "Gateway" box add your gateway.

Select "Bridge" from the left menu and add new bridge.

From the same interface select "Ports" tab and add interfaces ether1 and ether2 to "bridge_internet"

Now repeat the step above and create a new bridge.

Make sure the "ARP" is disabled!

From the same interface click on "STP" tab, check "Protocol mode: rstp" and apply.

Select "Ports" tab from the "Bridge" interface and add new bridge port.

Select "ether3" and "bridge_tunnel" from the drop-down list.

Create a third bridge, "bridge_local" with "ARP" enabled and add MAC Address: 00:00:5E:80:01:01.

Select "STP" tab, check "Protocol mode: rstp" and apply.

Return to the IP->Address List interface and add "192.168.0.2/16" to "bridge_local".

Select "Profiles" tab from PPP interface add new profile.

From the "General" tab fill the new profile name and select "bridge_tunnel" from drop-down list.

Select "Protocols" tab and check "yes" from "Use Encryption".

From PPP interface select "Secrets" tab and create new secret.

Fill with the name and password and select the profile you have created above.

Select "SSTP Server" from PPP->Interface, check 1723 port, select "default-encryption" and uncheck "pap" and "chap" authentication.

If the VPN client is configured the connection will start automatically. If the VPN client is not configured, check Configure VPN Client.

To check active connection select PPP->Active Connection or Bridge->Ports.

Add the rest of interfaces to "bridge_local" in order to use the router in network.