SlideShare a Scribd company logo

Mikrotik router documentation ( Prepare by Mr. Chetra PO )

C
Chetra PO

This document provides instructions for configuring various network services on a Mikrotik router including: 1. Assigning IP addresses via command line and configuring DHCP and DNS server. 2. Allowing client devices to access the internet by configuring routing and NAT. 3. Blocking specific websites by adding filter rules to drop traffic to the site. 4. Setting up a hotspot to provide guest wireless access and limiting bandwidth for different user profiles on the hotspot. It includes screenshots and step-by-step explanations for carrying out common Mikrotik router configuration tasks such as IP address assignment, enabling internet access, blocking websites, and setting up a bandwidth-limited hotspot.

Technology
1 of 73
Downloaded 19 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
P a g e 1 | 73
P a g e 2 | 73 Table of Contents 1. How to assign IP address with command line..............................................................................3 2. Configure DHCP and DNS Server......................................................................................................3  Let’s Client test DHCP ...........................................................................................................................7 3. Allow clients access Internet ............................................................................................................11  Let’s Client Test access internet......................................................................................................13  Configure NAT........................................................................................................................................14  Let’s Client Test access internet again..........................................................................................16 4. Block Website or Domain...................................................................................................................17  Let’s Client Test.....................................................................................................................................20 5. Configure Hotspot.................................................................................................................................21  Limit user bandwidth based on user profile of Hotspot ..........................................................25  Let’s Client Test Speed AWS-IT.......................................................................................................28  Let’s Client Test Speed AWS-HR.....................................................................................................29  Bypassing.................................................................................................................................................30  IP Binding ............................................................................................................................................30  Walled Garden....................................................................................................................................32 6. Setup and Configure User Manager with Hotspot.....................................................................34 7. Configure VPN Server..........................................................................................................................40  Enable VPN Server (PPTP Server)...................................................................................................40  Create Pool of VPN ...............................................................................................................................41  Create VPN Profile ................................................................................................................................42  Create User of VPN to authentication............................................................................................42 8. Configure VPN Client ...........................................................................................................................43 9. Configure VPN Site-to-Site................................................................................................................48  On Router Site-1...................................................................................................................................48  Change Hostname and interface on Router (Site-1) ...........................................................48  Create Peer .........................................................................................................................................51  Change Proposal................................................................................................................................52  Create Policies....................................................................................................................................53  Create Firewall NAT bypass...........................................................................................................54  On Router Site-2...................................................................................................................................55  Change Hostname and interface on Router (Site-2) ...........................................................55  Create Peer .........................................................................................................................................57  Change Proposals .............................................................................................................................59  Create Policies....................................................................................................................................59  Create Firewall NAT bypass...........................................................................................................60  Let’s Testing VPN Site-to-Site..........................................................................................................61  On Router Site-1...............................................................................................................................61  On Router Site-2...............................................................................................................................64 10. Configure Proxy (Cache)....................................................................................................................66  Enable Web Proxy.................................................................................................................................66  Transparent Proxy ................................................................................................................................68  Block websites, extensions and redirect website......................................................................70
P a g e 3 | 73 1.How to assign IP address with command line On Mikrotik Router OS you can assign IP address by command line and interface. This this how to assign IP address with command line, please follow it. 2.Configure DHCP and DNS Server The first of all, you should configure DNS. Please follow this pictures below.
P a g e 4 | 73 After you configure DNS already, please configure DHCP to let client get IP address automatically from Mikrotik Router. Please follow in this pictures!
P a g e 5 | 73 In this point you just click on DHCP Setup. After then, you just choose which interface that you want provide IP address to client and then, click next and next.
P a g e 6 | 73 In this point you can select pool of IP give out that you want. For example, 99 IP address, so should 192.168.5.2-192.168.5.100
P a g e 7 | 73 Let’s Client test DHCP You can type this command ncpa.cpl and then double click on Local Area Connection
P a g e 8 | 73 In this point just click Properties Please click on Internet Protocol Version 4 (TCP/IPv4) and then click Properties
P a g e 9 | 73 Click on Obtain an IP address automatically and Obtain DNS server address automatically, after then click OK. Please release your IP address by use command > ipconfig/release and then use command > ipconfig/renew to get IP address, after then test ping to WAN and LAN
P a g e 10 | 73
P a g e 11 | 73 3.Allow clients access Internet To allow clients can access Internet, you make sure that you configured Rote and NAT, so please follow this picture. This point mean that Mikrotik Router cannot access to internet, so please do route.
P a g e 12 | 73 On Gateway, please put IP Gateway of WAN. And then click Apply > OK
P a g e 13 | 73 Let’s Mikrotik Router ping to internet like > ping 8.8.8.8 Let’s Client Test access internet In this case client cannot access to Internet because, you not yet configure NAT, so please configure NAT.
P a g e 14 | 73 Configure NAT To configure NAT, please follow this pictures. Go to IP > Firewall Click on NAT and then add it by use (+)
P a g e 15 | 73 In General, Chain: srcnat and Out. Interface: ether1 (interface that connect with WAN) In Action, Action:masquerade and then click Apply and OK Note: masquerade is a method that used to translate IP Private to IP Public (Internet). It means that, your IP Private cannot communication with Internet. If you want IP Private can communication with Internet, you just configure NAT and choose the Action masquerade.
P a g e 16 | 73 Let’s Client Test access internet again
P a g e 17 | 73 4.Block Website or Domain In this point you can block all website that you want, but I will block only facebook. Click IP > Firewall
P a g e 18 | 73 Click on Filter Rules and then click + to add website to block it. In General, Chain: Forward
P a g e 19 | 73 In Advanced, on the Content : facebook.com (put website that you want to block) In Action, Action: drop and then click Apply and OK
P a g e 20 | 73 Let’s Client Test Client cannot access website facebook.com because we block it at the moment.
P a g e 21 | 73 5.Configure Hotspot To configure hotspot, please follow on this pictures. Go to IP > Hotspot In this point you just click Hotspot Setup
P a g e 22 | 73 Choose interface that you want to share your hotspot (interface LAN). And then click Next. You just click Next. Select pool for Hotspot addresses and then click Next.
P a g e 23 | 73
P a g e 24 | 73 It is default of user in Mikrotik Router. This point is successfully and then click OK. Note: when you click OK it will disconnect to Router, so you must login hotspot first and then you can connect to Router as normal.
P a g e 25 | 73 When you access to internet, it will alert authentication from hotspot. Limit user bandwidth based on user profile of Hotspot
P a g e 26 | 73 You can create user profile name that you want and then, on Rate Limit: 1024k/4096k (upload/download), after then, click Apply and OK This point you need to create user to login your hotspot service. Click Users > +
P a g e 27 | 73 In General, Name: AWS-IT (name that you want) and assign password on this user. After then on Profile: Technical Department (User Profile that you create) and click Apply > OK Now I will create one more User Profile name HR Department and Rate Limit: 1024k/2048k click Apply > OK
P a g e 28 | 73 Create one more User for HR Department Profile. Follow it. Let’s Client Test Speed AWS-IT This is user AWS-IT in Technical Department.
P a g e 29 | 73 Speed that AWS-IT have 1024k/4096k Let’s Client Test Speed AWS-HR This is user AWS-HR in HR Department
P a g e 30 | 73 Speed that AWS-HR have 1024k/2048k Bypassing  IP Binding IP Binding is an option that we used to specific user that can access internet without authentication from web page (Hotspot) based on IP address and mac address of user. This is an IP address of user, it can access internet by authentication from Hotspot
P a g e 31 | 73 Before we configure IP Binding, This IP address of user have authentication of Hotspot Service. This a Physical Address or Mac address of user, just type > ipconfig/all to see it.
P a g e 32 | 73 This is the point that show you about how to configure it. Please follow it. The first, into IP > Hotspot > IP Bindings > + and then put mac address and IP address of user, on the Type point, you just choose bypassed and then click Apply > OK Did you see, this IP address of user can access internet without authentication from Hotspot service.  Walled Garden Walled Garden is an option that we used to access internet by specific website without authentication from Hotspot service based on IP address of user. Please remember that, if you had configure IP Bindings, you should disable it first, and then you can configure Walled Garden. Note: If different user or IP address no need to disable IP Binding. But in this picture I choose the same user or IP address to test it.
P a g e 33 | 73 The first, Please disable IP Bindings. Click on Walled Garden > + and then put IP address of User that you want it to access specific website, after then put the website that you want user access it. Click Apply > OK.
P a g e 34 | 73 6.Setup and Configure User Manager with Hotspot
P a g e 35 | 73
P a g e 36 | 73 Take IP address of WAN in router to access User Manager like picture show.
P a g e 37 | 73 Create Profiles to Limit time and Speed upload and download
P a g e 38 | 73
P a g e 39 | 73 Let’s test access to internet.
P a g e 40 | 73 Test Speed that you limit. 7.Configure VPN Server Enable VPN Server (PPTP Server) To configure VPN Server Point to Point, the first, just enable PPTP Server. PPP > Interface > PPTP Server and then click Enable
P a g e 41 | 73 Create Pool of VPN To create pool just go to IP > Pool. Why we need creat pool of VPN? Because we don’t want other side know our IP address of our LAN, so when we use this pool, network out side that want to connect our VPN will get the IP address that we create in Pool of VPN. Click + and then assign name of pool and assign address of pool.
P a g e 42 | 73 Create VPN Profile Go to PPP > Profile assign name of profile and put Local address and choose Remote address, don’t forget put DNS Server. Create User of VPN to authentication Go to PPP > Secrets and then assign name and password on the Profile point just choose Profile of VPN that you created.
P a g e 43 | 73 8.Configure VPN Client We need to configure VPN Client to let client can remote to VPN Server. In Control Panel > Network and Internet > Network and Sharing Center and then follow in this picture
P a g e 44 | 73
P a g e 45 | 73 This the name of VPN that you create.
P a g e 46 | 73 When it finished, it will show you like this.
P a g e 47 | 73 When you connect VPN done, you can see the IP address of VPN Pool that you assign on Pool. Double click on VPN Connection and then click Details…
P a g e 48 | 73 This is the IP Pool of VPN. 9.Configure VPN Site-to-Site To configure VPN Site-to-Site, the first, make sure that both of site can access to internet. On Router Site-1  Change Hostname and interface on Router (Site-1)
P a g e 49 | 73
P a g e 50 | 73 Assign IP address on each interface
P a g e 51 | 73 For this point make sure you were configured NAT by masquerade and Route. And then let’s client access internet.  Create Peer Before you create peer, you should create rule of IPsec first. Please follow this picture. Why we need create peer? Because we want to get information from other site (Site-2) to communication to each other. Please follow this picture!!!
P a g e 52 | 73 On the Address please put IP of WAN in Site-2  Change Proposal On the Proposals menu, you just double click like picture show and then, change proposals follow your encryption.
P a g e 53 | 73  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.5.0/24 is the Network IP of LAN in Router Site-1 Dst. Addrsss: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2
P a g e 54 | 73  Create Firewall NAT bypass We need to create firewall nat bypass to let both of sites can communication. Please follow this picture.
P a g e 55 | 73 For this point you must put Nat bypass rule the top of other rule in firewall Nat. On Router Site-2  Change Hostname and interface on Router (Site-2)
P a g e 56 | 73 Assign IP on each interface
P a g e 57 | 73 Make sure that you were configured NAT by masquerade and Route already.  Create Peer
P a g e 58 | 73
P a g e 59 | 73  Change Proposals  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 Dst. Addrsss: 192.168.5.0/24 is the Network IP of LAN in Router Site-1
P a g e 60 | 73 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2  Create Firewall NAT bypass
P a g e 61 | 73 Let’s Testing VPN Site-to-Site  On Router Site-1 The first please Test ping to IP address of Site-2
P a g e 62 | 73 After you test ping to each other already, please test with file share. Please follow this pictures
P a g e 63 | 73
P a g e 64 | 73 On client of Site-2, please test access file share from Site-1  On Router Site-2
P a g e 65 | 73
P a g e 66 | 73 10. Configure Proxy (Cache) Enable Web Proxy
P a g e 67 | 73 Client cannot access Internet without Proxy, so please configure proxy of client follow this pictures IP address that put is IP address of LAN.
P a g e 68 | 73 After assign it already, please test access Internet. Transparent Proxy To make transparent proxy, you should create firewall nat (dstnat). Follow this pictures
P a g e 69 | 73 On Action menu, please choose redirect and to port 8080 Let’s client test without assign IP of Proxy. Please follow in this pictures
P a g e 70 | 73 Let’s client access to internet. Block websites, extensions and redirect website This point I will block youtube.com
P a g e 71 | 73 In this point I will block extensions (.mp3) Test access to youtube.com website
P a g e 72 | 73 Test download mp3, please follow in this pictures This point I will block sabay.com and redirect to awspl.com website. Please follow this picture
P a g e 73 | 73 Test access sabay.com and it will redirect to awspl.com This are some references Setting up a Mikrotik Hotspot with UserManager (Step-By-Step) ~ Binary Heartbeat Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode | Syed Jahanzaib Personal Blog to Share Knowledge ! Mikrotik IPSEC Site-to-Site – TNSolutions http://routeros.butchevans.com/routeros-6.27/all_packages_mipsbe/ Limit number connection based on user profile, Mikrotik Hotspot - OA Ultimate

More Related Content

PPT
WWII in the Pacific
Mr.J
 
PPTX
Muhammad's Teachings
ssclasstorremar
 
PPT
HS Network Manager: The award winning Accounting&Billing solution
HS NETWORK MANAGER
 
PPT
Hot Spot Network Manager
HS NETWORK MANAGER
 
DOC
My Journal
Sanaullah Kawsar
 
PPTX
Configuring Dhcp Server, Scopes & Superscopes
jocelyn_tanner
 
PDF
Installing and configuring a dhcp on windows server 2016 step by step
Ahmed Abdelwahed
 
PPTX
System installation in CCTV
hepzijustin
 
WWII in the Pacific
Mr.J
 
Muhammad's Teachings
ssclasstorremar
 
HS Network Manager: The award winning Accounting&Billing solution
HS NETWORK MANAGER
 
Hot Spot Network Manager
HS NETWORK MANAGER
 
My Journal
Sanaullah Kawsar
 
Configuring Dhcp Server, Scopes & Superscopes
jocelyn_tanner
 
Installing and configuring a dhcp on windows server 2016 step by step
Ahmed Abdelwahed
 
System installation in CCTV
hepzijustin
 

Similar to Mikrotik router documentation ( Prepare by Mr. Chetra PO ) (20)

PDF
Router configuracion acuse 512
Neftali Morillo
 
PDF
How to publish your NAS on the Internet?
Thecus Technology Corp.,
 
PPTX
Dhcp server and windows 2012
HEM Sothon
 
PPTX
Dhcp, dns and proxy server (1)
Sahira Khan
 
DOC
Nat Server Configuration Steps
Pasala Jayaraju
 
PDF
7106506104 tl wa701-nd(eu)_2.0_qig
Cesar Estela Zarate
 
DOCX
Mikrotik pcq
Putra Jambak
 
PDF
7106503678 td w8961-nd_qig
Akibo Davies
 
PDF
Tutorial mikrotik step by step
Dewa Ketut Setiawan
 
PDF
Configuring sonic wall__port_forwarding
Helmer Villarreal
 
PDF
L2 tp i-psec vpn on windows server 2016 step by step
Ahmed Abdelwahed
 
PDF
DHCP windows server 2012
Ahmed abdulmani
 
DOCX
T hin client configuration
ALICO HI-TECH INSTITUTES
 
PDF
Manual wireless router cnet cwr 854
fgonzalez2005
 
PPT
Wintel ppt for dhcp
duraimurugan89
 
PDF
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Jiunn-Jer Sun
 
DOC
Wireless lab4902
mark scott
 
PDF
Aruba instant iap setup rev3
Aruba, a Hewlett Packard Enterprise company
 
DOCX
Installing the dhcp server role
muneerepckd
 
PDF
Netgear router setup
PPCChamp - Digital Marketing & Consulting Company
 
Router configuracion acuse 512
Neftali Morillo
 
How to publish your NAS on the Internet?
Thecus Technology Corp.,
 
Dhcp server and windows 2012
HEM Sothon
 
Dhcp, dns and proxy server (1)
Sahira Khan
 
Nat Server Configuration Steps
Pasala Jayaraju
 
7106506104 tl wa701-nd(eu)_2.0_qig
Cesar Estela Zarate
 
Mikrotik pcq
Putra Jambak
 
7106503678 td w8961-nd_qig
Akibo Davies
 
Tutorial mikrotik step by step
Dewa Ketut Setiawan
 
Configuring sonic wall__port_forwarding
Helmer Villarreal
 
L2 tp i-psec vpn on windows server 2016 step by step
Ahmed Abdelwahed
 
DHCP windows server 2012
Ahmed abdulmani
 
T hin client configuration
ALICO HI-TECH INSTITUTES
 
Manual wireless router cnet cwr 854
fgonzalez2005
 
Wintel ppt for dhcp
duraimurugan89
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Jiunn-Jer Sun
 
Wireless lab4902
mark scott
 
Aruba instant iap setup rev3
Aruba, a Hewlett Packard Enterprise company
 
Installing the dhcp server role
muneerepckd
 
Netgear router setup
PPCChamp - Digital Marketing & Consulting Company
 
Ad

Recently uploaded (20)

PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PDF
August Patch Tuesday
Ivanti
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
SOPHOS-XG Firewall Administrator PPT.pptx
AgnesMunisi
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
project resource management chapter-09.pdf
ssuser00e6e21
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
A Presentation on Touch Screen Technology
memembruh336
 
August Patch Tuesday
Ivanti
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Ad

Mikrotik router documentation ( Prepare by Mr. Chetra PO )

  • 1. P a g e 1 | 73
  • 2. P a g e 2 | 73 Table of Contents 1. How to assign IP address with command line..............................................................................3 2. Configure DHCP and DNS Server......................................................................................................3  Let’s Client test DHCP ...........................................................................................................................7 3. Allow clients access Internet ............................................................................................................11  Let’s Client Test access internet......................................................................................................13  Configure NAT........................................................................................................................................14  Let’s Client Test access internet again..........................................................................................16 4. Block Website or Domain...................................................................................................................17  Let’s Client Test.....................................................................................................................................20 5. Configure Hotspot.................................................................................................................................21  Limit user bandwidth based on user profile of Hotspot ..........................................................25  Let’s Client Test Speed AWS-IT.......................................................................................................28  Let’s Client Test Speed AWS-HR.....................................................................................................29  Bypassing.................................................................................................................................................30  IP Binding ............................................................................................................................................30  Walled Garden....................................................................................................................................32 6. Setup and Configure User Manager with Hotspot.....................................................................34 7. Configure VPN Server..........................................................................................................................40  Enable VPN Server (PPTP Server)...................................................................................................40  Create Pool of VPN ...............................................................................................................................41  Create VPN Profile ................................................................................................................................42  Create User of VPN to authentication............................................................................................42 8. Configure VPN Client ...........................................................................................................................43 9. Configure VPN Site-to-Site................................................................................................................48  On Router Site-1...................................................................................................................................48  Change Hostname and interface on Router (Site-1) ...........................................................48  Create Peer .........................................................................................................................................51  Change Proposal................................................................................................................................52  Create Policies....................................................................................................................................53  Create Firewall NAT bypass...........................................................................................................54  On Router Site-2...................................................................................................................................55  Change Hostname and interface on Router (Site-2) ...........................................................55  Create Peer .........................................................................................................................................57  Change Proposals .............................................................................................................................59  Create Policies....................................................................................................................................59  Create Firewall NAT bypass...........................................................................................................60  Let’s Testing VPN Site-to-Site..........................................................................................................61  On Router Site-1...............................................................................................................................61  On Router Site-2...............................................................................................................................64 10. Configure Proxy (Cache)....................................................................................................................66  Enable Web Proxy.................................................................................................................................66  Transparent Proxy ................................................................................................................................68  Block websites, extensions and redirect website......................................................................70
  • 3. P a g e 3 | 73 1.How to assign IP address with command line On Mikrotik Router OS you can assign IP address by command line and interface. This this how to assign IP address with command line, please follow it. 2.Configure DHCP and DNS Server The first of all, you should configure DNS. Please follow this pictures below.
  • 4. P a g e 4 | 73 After you configure DNS already, please configure DHCP to let client get IP address automatically from Mikrotik Router. Please follow in this pictures!
  • 5. P a g e 5 | 73 In this point you just click on DHCP Setup. After then, you just choose which interface that you want provide IP address to client and then, click next and next.
  • 6. P a g e 6 | 73 In this point you can select pool of IP give out that you want. For example, 99 IP address, so should 192.168.5.2-192.168.5.100
  • 7. P a g e 7 | 73 Let’s Client test DHCP You can type this command ncpa.cpl and then double click on Local Area Connection
  • 8. P a g e 8 | 73 In this point just click Properties Please click on Internet Protocol Version 4 (TCP/IPv4) and then click Properties
  • 9. P a g e 9 | 73 Click on Obtain an IP address automatically and Obtain DNS server address automatically, after then click OK. Please release your IP address by use command > ipconfig/release and then use command > ipconfig/renew to get IP address, after then test ping to WAN and LAN
  • 10. P a g e 10 | 73
  • 11. P a g e 11 | 73 3.Allow clients access Internet To allow clients can access Internet, you make sure that you configured Rote and NAT, so please follow this picture. This point mean that Mikrotik Router cannot access to internet, so please do route.
  • 12. P a g e 12 | 73 On Gateway, please put IP Gateway of WAN. And then click Apply > OK
  • 13. P a g e 13 | 73 Let’s Mikrotik Router ping to internet like > ping 8.8.8.8 Let’s Client Test access internet In this case client cannot access to Internet because, you not yet configure NAT, so please configure NAT.
  • 14. P a g e 14 | 73 Configure NAT To configure NAT, please follow this pictures. Go to IP > Firewall Click on NAT and then add it by use (+)
  • 15. P a g e 15 | 73 In General, Chain: srcnat and Out. Interface: ether1 (interface that connect with WAN) In Action, Action:masquerade and then click Apply and OK Note: masquerade is a method that used to translate IP Private to IP Public (Internet). It means that, your IP Private cannot communication with Internet. If you want IP Private can communication with Internet, you just configure NAT and choose the Action masquerade.
  • 16. P a g e 16 | 73 Let’s Client Test access internet again
  • 17. P a g e 17 | 73 4.Block Website or Domain In this point you can block all website that you want, but I will block only facebook. Click IP > Firewall
  • 18. P a g e 18 | 73 Click on Filter Rules and then click + to add website to block it. In General, Chain: Forward
  • 19. P a g e 19 | 73 In Advanced, on the Content : facebook.com (put website that you want to block) In Action, Action: drop and then click Apply and OK
  • 20. P a g e 20 | 73 Let’s Client Test Client cannot access website facebook.com because we block it at the moment.
  • 21. P a g e 21 | 73 5.Configure Hotspot To configure hotspot, please follow on this pictures. Go to IP > Hotspot In this point you just click Hotspot Setup
  • 22. P a g e 22 | 73 Choose interface that you want to share your hotspot (interface LAN). And then click Next. You just click Next. Select pool for Hotspot addresses and then click Next.
  • 23. P a g e 23 | 73
  • 24. P a g e 24 | 73 It is default of user in Mikrotik Router. This point is successfully and then click OK. Note: when you click OK it will disconnect to Router, so you must login hotspot first and then you can connect to Router as normal.
  • 25. P a g e 25 | 73 When you access to internet, it will alert authentication from hotspot. Limit user bandwidth based on user profile of Hotspot
  • 26. P a g e 26 | 73 You can create user profile name that you want and then, on Rate Limit: 1024k/4096k (upload/download), after then, click Apply and OK This point you need to create user to login your hotspot service. Click Users > +
  • 27. P a g e 27 | 73 In General, Name: AWS-IT (name that you want) and assign password on this user. After then on Profile: Technical Department (User Profile that you create) and click Apply > OK Now I will create one more User Profile name HR Department and Rate Limit: 1024k/2048k click Apply > OK
  • 28. P a g e 28 | 73 Create one more User for HR Department Profile. Follow it. Let’s Client Test Speed AWS-IT This is user AWS-IT in Technical Department.
  • 29. P a g e 29 | 73 Speed that AWS-IT have 1024k/4096k Let’s Client Test Speed AWS-HR This is user AWS-HR in HR Department
  • 30. P a g e 30 | 73 Speed that AWS-HR have 1024k/2048k Bypassing  IP Binding IP Binding is an option that we used to specific user that can access internet without authentication from web page (Hotspot) based on IP address and mac address of user. This is an IP address of user, it can access internet by authentication from Hotspot
  • 31. P a g e 31 | 73 Before we configure IP Binding, This IP address of user have authentication of Hotspot Service. This a Physical Address or Mac address of user, just type > ipconfig/all to see it.
  • 32. P a g e 32 | 73 This is the point that show you about how to configure it. Please follow it. The first, into IP > Hotspot > IP Bindings > + and then put mac address and IP address of user, on the Type point, you just choose bypassed and then click Apply > OK Did you see, this IP address of user can access internet without authentication from Hotspot service.  Walled Garden Walled Garden is an option that we used to access internet by specific website without authentication from Hotspot service based on IP address of user. Please remember that, if you had configure IP Bindings, you should disable it first, and then you can configure Walled Garden. Note: If different user or IP address no need to disable IP Binding. But in this picture I choose the same user or IP address to test it.
  • 33. P a g e 33 | 73 The first, Please disable IP Bindings. Click on Walled Garden > + and then put IP address of User that you want it to access specific website, after then put the website that you want user access it. Click Apply > OK.
  • 34. P a g e 34 | 73 6.Setup and Configure User Manager with Hotspot
  • 35. P a g e 35 | 73
  • 36. P a g e 36 | 73 Take IP address of WAN in router to access User Manager like picture show.
  • 37. P a g e 37 | 73 Create Profiles to Limit time and Speed upload and download
  • 38. P a g e 38 | 73
  • 39. P a g e 39 | 73 Let’s test access to internet.
  • 40. P a g e 40 | 73 Test Speed that you limit. 7.Configure VPN Server Enable VPN Server (PPTP Server) To configure VPN Server Point to Point, the first, just enable PPTP Server. PPP > Interface > PPTP Server and then click Enable
  • 41. P a g e 41 | 73 Create Pool of VPN To create pool just go to IP > Pool. Why we need creat pool of VPN? Because we don’t want other side know our IP address of our LAN, so when we use this pool, network out side that want to connect our VPN will get the IP address that we create in Pool of VPN. Click + and then assign name of pool and assign address of pool.
  • 42. P a g e 42 | 73 Create VPN Profile Go to PPP > Profile assign name of profile and put Local address and choose Remote address, don’t forget put DNS Server. Create User of VPN to authentication Go to PPP > Secrets and then assign name and password on the Profile point just choose Profile of VPN that you created.
  • 43. P a g e 43 | 73 8.Configure VPN Client We need to configure VPN Client to let client can remote to VPN Server. In Control Panel > Network and Internet > Network and Sharing Center and then follow in this picture
  • 44. P a g e 44 | 73
  • 45. P a g e 45 | 73 This the name of VPN that you create.
  • 46. P a g e 46 | 73 When it finished, it will show you like this.
  • 47. P a g e 47 | 73 When you connect VPN done, you can see the IP address of VPN Pool that you assign on Pool. Double click on VPN Connection and then click Details…
  • 48. P a g e 48 | 73 This is the IP Pool of VPN. 9.Configure VPN Site-to-Site To configure VPN Site-to-Site, the first, make sure that both of site can access to internet. On Router Site-1  Change Hostname and interface on Router (Site-1)
  • 49. P a g e 49 | 73
  • 50. P a g e 50 | 73 Assign IP address on each interface
  • 51. P a g e 51 | 73 For this point make sure you were configured NAT by masquerade and Route. And then let’s client access internet.  Create Peer Before you create peer, you should create rule of IPsec first. Please follow this picture. Why we need create peer? Because we want to get information from other site (Site-2) to communication to each other. Please follow this picture!!!
  • 52. P a g e 52 | 73 On the Address please put IP of WAN in Site-2  Change Proposal On the Proposals menu, you just double click like picture show and then, change proposals follow your encryption.
  • 53. P a g e 53 | 73  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.5.0/24 is the Network IP of LAN in Router Site-1 Dst. Addrsss: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2
  • 54. P a g e 54 | 73  Create Firewall NAT bypass We need to create firewall nat bypass to let both of sites can communication. Please follow this picture.
  • 55. P a g e 55 | 73 For this point you must put Nat bypass rule the top of other rule in firewall Nat. On Router Site-2  Change Hostname and interface on Router (Site-2)
  • 56. P a g e 56 | 73 Assign IP on each interface
  • 57. P a g e 57 | 73 Make sure that you were configured NAT by masquerade and Route already.  Create Peer
  • 58. P a g e 58 | 73
  • 59. P a g e 59 | 73  Change Proposals  Create Policies After we create Peer and change Proposals already, please create policies to put some information of each Router to know each other. So in General menu, you just follow in this picture. NOTE: Src. Address: 192.168.6.0/24 is the Network IP of LAN in Router Site-2 Dst. Addrsss: 192.168.5.0/24 is the Network IP of LAN in Router Site-1
  • 60. P a g e 60 | 73 On the Action menu, just follow in this picture. IP 192.168.1.109 is the IP of WAN in Router Site-1 and IP 192.168.1.110 is the IP of WAN in Router Site-2  Create Firewall NAT bypass
  • 61. P a g e 61 | 73 Let’s Testing VPN Site-to-Site  On Router Site-1 The first please Test ping to IP address of Site-2
  • 62. P a g e 62 | 73 After you test ping to each other already, please test with file share. Please follow this pictures
  • 63. P a g e 63 | 73
  • 64. P a g e 64 | 73 On client of Site-2, please test access file share from Site-1  On Router Site-2
  • 65. P a g e 65 | 73
  • 66. P a g e 66 | 73 10. Configure Proxy (Cache) Enable Web Proxy
  • 67. P a g e 67 | 73 Client cannot access Internet without Proxy, so please configure proxy of client follow this pictures IP address that put is IP address of LAN.
  • 68. P a g e 68 | 73 After assign it already, please test access Internet. Transparent Proxy To make transparent proxy, you should create firewall nat (dstnat). Follow this pictures
  • 69. P a g e 69 | 73 On Action menu, please choose redirect and to port 8080 Let’s client test without assign IP of Proxy. Please follow in this pictures
  • 70. P a g e 70 | 73 Let’s client access to internet. Block websites, extensions and redirect website This point I will block youtube.com
  • 71. P a g e 71 | 73 In this point I will block extensions (.mp3) Test access to youtube.com website
  • 72. P a g e 72 | 73 Test download mp3, please follow in this pictures This point I will block sabay.com and redirect to awspl.com website. Please follow this picture
  • 73. P a g e 73 | 73 Test access sabay.com and it will redirect to awspl.com This are some references Setting up a Mikrotik Hotspot with UserManager (Step-By-Step) ~ Binary Heartbeat Howto to enable Mikrotik RouterOS Web Proxy in Transparent Mode | Syed Jahanzaib Personal Blog to Share Knowledge ! Mikrotik IPSEC Site-to-Site – TNSolutions http://routeros.butchevans.com/routeros-6.27/all_packages_mipsbe/ Limit number connection based on user profile, Mikrotik Hotspot - OA Ultimate