Difference between revisions of "Configure VPN Server"

From Idrive
Jump to navigation Jump to search
(Blanked the page)
 
(82 intermediate revisions by the same user not shown)
Line 1: Line 1:
==Mark Notes==
 
  
To Do: set time and timezone
 
set secure password / change user name?
 
 
<br\><br\>
 
 
==Initial Configuration==
 
 
===Set up RB2011LS-IN Router for initial configuration===
 
 
Connect to power
 
 
Connect cat 5 cable from Port ETH6 to the NIC for Idrive wireless (192.168.0.10)
 
 
<br\><br\>
 
 
===Connect using Winbox===
 
 
[[File:Mikrotik1.png|500px|thumb]]
 
 
Download and install Winbox [http://download2.mikrotik.com/winbox.exe Configuration tool for RouterOS].
 
 
Run Winbox.exe or double click the icon on the desktop
 
 
[[File:winbox_icon.jpg|100px]]
 
 
Wait 5-10 sec until the IP and MAC address will appear. (Default IP Address is 192.168.88.1)
 
 
Document the MAC address for entry into AdminCenter
 
 
Click on "Connect"
 
 
Log in is as admin / password is blank
 
 
 
 
<br\><br\><br\><br\>
 
 
===Initial Log in===
 
 
 
 
A pop-up window will appear and choose "Remove Configuration" otherwise the router will create a default configuration.
 
 
 
[[File:Mikrotik2.png|500px|center]]
 
 
==Setup using Restore configuration file (Recommended)==
 
 
It is much easier to set the routers configuration using the backup/restore RouterOS function. This imports the standard idrive configuration from a .backup file. The only settings that will  have to be changed after restore will be the internet connections settings.
 
 
Import the configuration using the current Idrive config file (
 
 
Set the specific internet settings for this customer and location
 
 
 
<br\><br\>
 
 
==Setup using manual method==
 
 
 
 
 
First step is to create a static IP for your internet connection.
 
 
 
[[File:Mikrotik3.png|500px|center]]
 
 
 
Select "Addresses" from "IP" and click the plus sign.
 
 
 
[[File:Mikrotik4.png|500px|center]]
 
 
 
We used IP 10.3.0.80 which is a local IP from the main router IP Pool and
 
we have forwarded the 1723 port.
 
 
 
[[File:Mikrotik5.png|500px|center]]
 
 
 
Route IP for internet access.
 
 
 
[[File:Mikrotik6.png|500px|center]]
 
 
 
Add IP 0.0.0.0/0 in "Dst. Address:" box. In "Gateway" box add your gateway.
 
 
 
[[File:Mikrotik7.png|500px|center]]
 
 
 
Select "Bridge" from the left menu and add new bridge.
 
 
 
[[File:Mikrotik8.png|500px|center]]
 
 
 
From the same interface select "Ports" tab and add interfaces ether1 and ether2 to "bridge_internet"
 
 
 
[[File:Mikrotik9.png|500px|center]]
 
 
 
[[File:Mikrotik10.png|500px|center]]
 
 
 
Now repeat the step above and create a new bridge.
 
 
Make sure the "ARP" is disabled!
 
 
 
[[File:Mikrotik11.png|500px|center]]
 
 
 
From the same interface click on "STP" tab, check "Protocol mode: rstp" and apply.
 
 
 
[[File:Mikrotik12.png|500px|center]]
 
 
 
Select "Ports" tab from the "Bridge" interface and add new bridge port.
 
 
Select "ether3" and "bridge_tunnel" from the drop-down list.
 
 
 
[[File:Mikrotik13.png|500px|center]]
 
 
 
Create a third bridge, "bridge_local" with "ARP" enabled and add MAC Address: 00:00:5E:80:01:01.
 
 
Select "STP" tab, check "Protocol mode: rstp" and apply.
 
 
 
[[File:Mikrotik14.png|500px|center]]
 
 
 
[[File:Mikrotik15.png|500px|center]]
 
 
 
Return to the IP->Address List interface and add "192.168.0.2/16" to "bridge_local".
 
 
 
[[File:Mikrotik16.png|500px|center]]
 
 
 
Select "Profiles" tab from PPP interface add new profile.
 
 
From the "General" tab fill the new profile name and select "bridge_tunnel" from drop-down list.
 
 
Select "Protocols" tab and check "yes" from "Use Encryption".
 
 
 
[[File:Mikrotik17.png|500px|center]]
 
 
[[File:Mikrotik18.png|500px|center]]
 
 
 
From PPP interface select "Secrets" tab and create new secret.
 
 
Fill with the name and password and select the profile you have created above.
 
 
 
[[File:Mikrotik19.png|500px|center]]
 
 
 
Select "SSTP Server" from PPP->Interface, check 1723 port, select "default-encryption" and uncheck "pap" and "chap" authentication.
 
 
 
[[File:Mikrotik20.png|500px|center]]
 
 
 
If the VPN client is configured the connection will start automatically. If the VPN client is not configured, check [[Configure VPN Client]].
 
 
To check active connection select PPP->Active Connection or Bridge->Ports.
 
 
 
[[File:Mikrotik22.png|500px|center]]
 
 
 
Add the rest of interfaces to "bridge_local" in order to use the router in network.
 
 
 
[[File:Mikrotik21.png|500px|center]]
 

Latest revision as of 18:16, 7 November 2014

Retrieved from "https://admincenter.idriveglobal.com/wiki/index.php?title=Configure_VPN_Server&oldid=3646"