Configure VPN Server

From Idrive
Jump to navigation Jump to search

Mark Notes

To Do: set time and timezone set secure password / change user name?

<br\><br\>

Initial Configuration Setup

Set up RB2011LS-IN Router for initial configuration

Document the MAC addresses range from the bottom of the unit. IE 00:0C:42:AE:F2:7C - 00:0C:42:AE:F2:86 (10 addresses). These will be used to connect to the device and be logged in AdminCenter.

Connect to power

Connect cat 5 cable from Port ETH6 to the NIC for Idrive wireless

  • Change settings for wireless NIC to:
-192.168.88.10
-255.255.255.0

<br\><br\>

Connect using Winbox

Rb2011 initial login.jpg

Download and install Winbox Configuration tool for RouterOS.

Run Winbox.exe or double click the icon on the desktop

Winbox icon.jpg

  • Enter the Default "Connect To" IP Address: 192.168.88.1
  • Login: admin
  • password: blank
  • Click "Connect"

Upon initial log in the "RouterOS Default Configuration" pop-up window will appear. Choose "Remove Configuration" otherwise the router will create a default configuration. I lose contact with the router when I do this and can only connect again after resetting the router

Rb2011 initial login screen.jpg

<br\><br\><br\><br\>

Setup using Restore configuration file (Recommended)

Load Idrive Standard configuration

Rb2011 restore config.jpg

For simplicity and consistency it is better to set the routers configuration using the RouterOS backup/restore function. This "restores" the standard idrive configuration from a .backup file. This will leave only a few custom settings that are specific to the customer location(s).


  • Unzip the file to the Desktop on your computer
  • In WinBox select “Files” from the left menu to open the Files List window.
  • Use the mouse to drag and drop the configuration file from the Desktop into the Files List (uploads the file to the Router)
  • Highlight the config file and click on "Restore"

The router will reboot with the new configuration. You will need to use the new IP address and password

-The new IP address for Ports 6 - 10 will be 192.168.0.2
-Change the IP address on your NIC to 192.168.0.10

Reconnect to the Router with the "Connect to" address of 192.168.0.2, password idrive#


<br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\><br\>

Set Customer/Location Specific Settings

Static Internet IP Address

Click IP >Address to open the Address list form. Click on "+" to open the new address form.

Rb2011 ip add pulldown.jpg

Rb2011 ip add list.jpg

Fill in the fields for the Customers internet connection for the VPN

  • Enter Static IP address (10.10.17.10/24 in this example)
  • Enter Network for (10.10.17.0 in this example)
  • Interface "ether1"


After this only thing that needs to be changed is the IP addresses of the Base Station equipment (RB2011LS-IN), port “ether1”, for internet connection,

using Winbox under “IP” section > “Addressed” and gateway under “IP” section > “Routes” (0.0.0.0/0 to x.x.x.x).


<br\><br\><br\><br\><br\><br\><br\><br\>

Static Routes

File:Rb2011 static route setting.jpg
600px
  • In WinBox select “IP” from the left menu and from the pull-down menu select "Routing" to open the Route List window.
  • Double click on the line that has the Interface "ether1" to edit the Address properties

Rb2011 ether1 address.jpg

<br\><br\><br\><br\><br\><br\>

Timezone

<br\><br\>

What Else?

<br\><br\>

Setup using manual method

create a static IP for your internet connection

Click IP >Address to open the Address list form. Click on "+" to open the new address form.

Rb2011 ip add pulldown.jpg

Rb2011 ip add list.jpg


Enter the IP address of The Static IP address for the customers Internet connection


Mikrotik5.png

<br\><br\>


Route IP for internet access

Mikrotik6.png


Add IP 0.0.0.0/0 in "Dst. Address:" box. In "Gateway" box add your gateway.


Mikrotik7.png


Select "Bridge" from the left menu and add new bridge.


Mikrotik8.png


From the same interface select "Ports" tab and add interfaces ether1 and ether2 to "bridge_internet"


Mikrotik9.png


Mikrotik10.png


Now repeat the step above and create a new bridge.

Make sure the "ARP" is disabled!


Mikrotik11.png


From the same interface click on "STP" tab, check "Protocol mode: rstp" and apply.


Mikrotik12.png


Select "Ports" tab from the "Bridge" interface and add new bridge port.

Select "ether3" and "bridge_tunnel" from the drop-down list.


Mikrotik13.png


Create a third bridge, "bridge_local" with "ARP" enabled and add MAC Address: 00:00:5E:80:01:01.

Select "STP" tab, check "Protocol mode: rstp" and apply.


Mikrotik14.png


Mikrotik15.png


Return to the IP->Address List interface and add "192.168.0.2/16" to "bridge_local".


Mikrotik16.png


Select "Profiles" tab from PPP interface add new profile.

From the "General" tab fill the new profile name and select "bridge_tunnel" from drop-down list.

Select "Protocols" tab and check "yes" from "Use Encryption".


Mikrotik17.png
Mikrotik18.png


From PPP interface select "Secrets" tab and create new secret.

Fill with the name and password and select the profile you have created above.


Mikrotik19.png


Select "SSTP Server" from PPP->Interface, check 1723 port, select "default-encryption" and uncheck "pap" and "chap" authentication.


Mikrotik20.png


If the VPN client is configured the connection will start automatically. If the VPN client is not configured, check Configure VPN Client.

To check active connection select PPP->Active Connection or Bridge->Ports.


Mikrotik22.png


Add the rest of interfaces to "bridge_local" in order to use the router in network.


Mikrotik21.png
Retrieved from "https://admincenter.idriveglobal.com/wiki/index.php?title=Configure_VPN_Server&oldid=2833"