Difference between revisions of "Configure VPN Server"

From Idrive
Jump to navigation Jump to search
(Blanked the page)
 
(47 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Mark Notes==
 
  
To Do: set time and timezone
 
set secure password / change user name?
 
 
<br\><br\>
 
 
==Initial Configuration Setup==
 
 
===Set up RB2011LS-IN Router for initial configuration===
 
 
Document the MAC addresses range from the bottom of the unit. IE 00:0C:42:AE:F2:7C - 00:0C:42:AE:F2:86 (10 addresses). These will be used to connect to the device and be logged in AdminCenter.
 
 
Connect to power
 
 
Connect cat 5 cable from Port ETH6 to the NIC for Idrive wireless
 
 
*Change settings for wireless NIC to:
 
 
::-192.168.88.10
 
 
::-255.255.255.0
 
 
<br\><br\>
 
 
===Connect using Winbox===
 
 
[[File:rb2011__initial_login.jpg|300px|thumb]]
 
 
Download and install Winbox [http://download2.mikrotik.com/winbox.exe Configuration tool for RouterOS].
 
 
Run Winbox.exe or double click the icon on the desktop
 
 
[[File:winbox_icon.jpg|100px]]
 
 
*Enter the Default "Connect To" IP Address: 192.168.88.1
 
 
*Login: admin
 
 
*password: blank
 
 
*Click "Connect"
 
 
<span style="color: red">Upon initial log in the "RouterOS Default Configuration" pop-up window will appear. Choose "Remove Configuration" otherwise the router will create a default configuration. '''I lose contact with the router when I do this and can only connect again after resetting the router'''
 
 
[[File:rb2011_initial_login_screen.jpg|500px|]]
 
 
<br\><br\><br\><br\>
 
 
==Setup using Restore configuration file (Recommended)==
 
 
===Load Idrive Standard configuration===
 
 
[[File:rb2011_restore_config.jpg|600px|thumb]]
 
 
For simplicity and consistency it is better to set the routers configuration using the RouterOS backup/restore function. This "restores" the standard idrive configuration from a .backup file. This will leave only a few custom settings that are specific to the customer location(s).
 
 
 
*Download the most current .backup file from [https://admincenter.idrive.pro/wiki/index.php?title=Idrive_Downloads Admin Center]
 
 
*Unzip the file to the Desktop on your computer
 
 
*In WinBox select “Files” from the left menu to open the Files List window.
 
 
*Use the mouse to drag and drop the configuration file from the Desktop into the Files List (uploads the file to the Router)
 
 
*Highlight the config file and click on "Restore"
 
 
The router will reboot with the new configuration. You will need to use the new IP address and password
 
 
::-The new IP address for Ports 6 - 10 will be 192.168.0.2
 
 
::-Change the IP address on your NIC to 192.168.0.10
 
 
Reconnect to the Router with the "Connect to" address of 192.168.0.2, password '''idrive#'''
 
 
 
<br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\>
 
 
===Set Customer/Location Specific Settings===
 
 
====Static Internet IP Address====
 
 
Click IP >Address to open the Address list form. Click on "+" to open the new address form.
 
 
[[File:rb2011_ip_add_pulldown.jpg|200px|left]][[File:rb2011_ip_add_list.jpg|250px]]
 
 
Fill in the fields for the Customers internet connection for the VPN
 
 
*Enter '''Static IP address''' (10.10.17.10/24 in this example)
 
 
*Enter Network for (10.10.17.0 in this example)
 
 
*Interface "ether1"
 
 
 
After this only thing that needs to be changed is the IP addresses of the Base Station equipment (RB2011LS-IN), port “ether1”, for internet connection,
 
 
using Winbox  under “IP” section > “Addressed” and gateway under  “IP” section > “Routes” (0.0.0.0/0 to x.x.x.x).
 
 
 
 
<br\><br\><br\><br\><br\><br\><br\><br\>
 
 
====Static Routes====
 
 
[[File:rb2011_static_route_setting.jpg|600px|thumb]]
 
 
*In WinBox select “IP” from the left menu and from the pull-down menu select "Routing" to open the Route List window.
 
 
*Double click on the line that has the Interface "ether1" to edit the Address properties
 
 
[[File:rb2011_ether1_address.jpg|200px|]]
 
 
<br\><br\><br\><br\><br\><br\>
 
 
====Timezone====
 
 
<br\><br\>
 
 
====What Else?====
 
 
<br\><br\>
 
 
==Setup using manual method==
 
 
 
 
===create a static IP for your internet connection===
 
 
see [[https://admincenter.idrive.pro/wiki/index.php?title=Configure_VPN_Server#Static_Internet_IP_Address Here]]
 
 
<br\><br\>
 
 
===Route IP for internet access===
 
 
 
[[File:Mikrotik6.png|500px|center]]
 
 
 
Add IP 0.0.0.0/0 in "Dst. Address:" box. In "Gateway" box add your gateway.
 
 
 
[[File:Mikrotik7.png|500px|center]]
 
 
 
Select "Bridge" from the left menu and add new bridge.
 
 
 
[[File:Mikrotik8.png|500px|center]]
 
 
 
From the same interface select "Ports" tab and add interfaces ether1 and ether2 to "bridge_internet"
 
 
 
[[File:Mikrotik9.png|500px|center]]
 
 
 
[[File:Mikrotik10.png|500px|center]]
 
 
 
Now repeat the step above and create a new bridge.
 
 
Make sure the "ARP" is disabled!
 
 
 
[[File:Mikrotik11.png|500px|center]]
 
 
 
From the same interface click on "STP" tab, check "Protocol mode: rstp" and apply.
 
 
 
[[File:Mikrotik12.png|500px|center]]
 
 
 
Select "Ports" tab from the "Bridge" interface and add new bridge port.
 
 
Select "ether3" and "bridge_tunnel" from the drop-down list.
 
 
 
[[File:Mikrotik13.png|500px|center]]
 
 
 
Create a third bridge, "bridge_local" with "ARP" enabled and add MAC Address: 00:00:5E:80:01:01.
 
 
Select "STP" tab, check "Protocol mode: rstp" and apply.
 
 
 
[[File:Mikrotik14.png|500px|center]]
 
 
 
[[File:Mikrotik15.png|500px|center]]
 
 
 
Return to the IP->Address List interface and add "192.168.0.2/16" to "bridge_local".
 
 
 
[[File:Mikrotik16.png|500px|center]]
 
 
 
Select "Profiles" tab from PPP interface add new profile.
 
 
From the "General" tab fill the new profile name and select "bridge_tunnel" from drop-down list.
 
 
Select "Protocols" tab and check "yes" from "Use Encryption".
 
 
 
[[File:Mikrotik17.png|500px|center]]
 
 
[[File:Mikrotik18.png|500px|center]]
 
 
 
From PPP interface select "Secrets" tab and create new secret.
 
 
Fill with the name and password and select the profile you have created above.
 
 
 
[[File:Mikrotik19.png|500px|center]]
 
 
 
Select "SSTP Server" from PPP->Interface, check 1723 port, select "default-encryption" and uncheck "pap" and "chap" authentication.
 
 
 
[[File:Mikrotik20.png|500px|center]]
 
 
 
If the VPN client is configured the connection will start automatically. If the VPN client is not configured, check [[Configure VPN Client]].
 
 
To check active connection select PPP->Active Connection or Bridge->Ports.
 
 
 
[[File:Mikrotik22.png|500px|center]]
 
 
 
Add the rest of interfaces to "bridge_local" in order to use the router in network.
 
 
 
[[File:Mikrotik21.png|500px|center]]
 

Latest revision as of 18:16, 7 November 2014

Retrieved from "https://admincenter.idriveglobal.com/wiki/index.php?title=Configure_VPN_Server&oldid=3646"