SlideShare a Scribd company logo

vpn router Mikrotik

T
todangkhoa

This workshop covers how to set up SSTP and OVPN encryption on a MikroTik router to allow remote access to a local network. It involves configuring the router's clock and SNTP settings, creating CA and server certificates, exporting the CA public key for clients, setting up IP pools, PPP profiles and secrets, enabling SSTP and OVPN servers, and configuring Windows clients for SSTP and OVPN connections. The goal is to securely allow remote access to the local network using encryption.

Devices & Hardware
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
vpn router Mikrotik
vpn router Mikrotik
Welcome to this Workshop! First, some basic concepts about encryption …..
• As you know, to unlock or even lock anything like a door you need a key. • This applies to computer networks, too. • There are two encryption methods in computer networks.  Symmetric Encryption  Asymmetric Encryption
One of the most common Asymmetric Encryption methods is using computer certificates. In this method, we need to provide a certificate from a well-known Certificate Authority (CA) and import it to our "Local Computer Personal Certificate Store”. After importing, we can use it to encrypt and sign our data. *Note: you should have your CA, public key certificate in your “Trusted Certificate Authority” list.
How certificates work and help us to encrypt our data in “HTTPS-(SSL)” communications…
vpn router Mikrotik
Let`s go to implementing SSTP & OVPN on our MikroTik RouterBoard as a Server and Microsoft Windows as a Client ……
Imagine that our Network Topology is:
• First, basic configurations are set, including IP address, MikroTik identity (Name), admin password, …. • Then, as a first step of implementation, we should configure SNTP and MikroTik Clock, because validity time is very important in issuing and using a certificate. (See next slide)
Configuring MikroTik Clock & SNTP Settings
• Now as a second step, we need to create a CA Certificate and issue a certificate for our SSTP and OVPN Server and finally sign it with our CA Certificate. • After that we should export CA Public Key to import it to our client’s “Trusted Root Certification Authorities” List. (See next slides)
Providing CA & Server Certificates
Signing Certificates
Exporting CA Public Key
Importing CA Public Key to Client Local Certificate Store (Trusted Root Certification Authorities List)
• Now as a third step, we should create an IP Pool, a PPP Profile and PPP Secret which should be used with Server Certificate in Configurations after enabling SSTP and OVPN. • Finally, in Server Configurations, we should enable “ARP Proxy” on our MikroTik Router “Local Network” Interface. • It’s required to remotely access Local Network. (See next slides)
Providing Same “IP Pool” for SSTP & OVPN Clients
Creating “PPP Profile” for SSTP & OVPN Connections
Creating “PPP Secret” for SSTP & OVPN Connections
Enabling & Configuring SSTP Server
Enabling & Configuring OVPN Server
Enabling “ARP Proxy” on Local Interface
• After all server configurations are completed, we should configure the client side. • To configure a Microsoft Windows operating system as a SSTP Client, a VPN connection should first be created and “VPN type” should be changed to “SSTP”. • To configure a Microsoft Windows operating system as an “OVPN Client”, some OVPN client applications such as “OPEN VPN GUI” should be installed and then provide a Config File that includes client configurations and finally use it to connect to your OVPN server. *Tip: (You can use Sample Configuration file that is located in "sample-config" folder and modify it according to your server configurations. (See next slides)
Configuring SSTP Client on Microsoft Windows
Connecting to the MikroTik SSTP Server
Connecting to the MikroTik OVPN Server
vpn router Mikrotik
Thank You! Powered by: Pooria Taabbodi ptaabodi@hotmail.com

More Related Content

PPTX
Demystifying Software Defined Networking (SDN)
Matt Bynum
 
PDF
Python for the Network Nerd
Matt Bynum
 
PPT
Calico and juju
Anirban Sen Chowdhary
 
PPTX
Sqlviking
Jonn Callahan
 
PPTX
Linux routing and firewall for beginners
n|u - The Open Security Community
 
PDF
y3dips hacking priv8 network
idsecconf
 
PDF
MQTT - REST Bridge using the Smart Object API
Michael Koster
 
PPTX
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Neeraj Kumar
 
Demystifying Software Defined Networking (SDN)
Matt Bynum
 
Python for the Network Nerd
Matt Bynum
 
Calico and juju
Anirban Sen Chowdhary
 
Sqlviking
Jonn Callahan
 
Linux routing and firewall for beginners
n|u - The Open Security Community
 
y3dips hacking priv8 network
idsecconf
 
MQTT - REST Bridge using the Smart Object API
Michael Koster
 
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Neeraj Kumar
 

What's hot (17)

PPTX
Puppet for Networking - Junos
Puppet
 
PPTX
Vital Aspects of SSL Support in MySQL
Lesa Cote
 
PPTX
Managing enterprise client deployment with p2
Thomas Kratz
 
PPTX
How to: node js & micro-services
Michael Haberman
 
PPTX
Software for the Internet of Things
Alexandru Radovici
 
PPTX
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
Dzmitry Durasau
 
PPTX
WebAccess\NMS v3.0
Guider Lee
 
PDF
Realtime Web Apps: WebSockets & WebRTC
VivochaLabs
 
PPTX
Lets Encrypt!
Joerg Henning
 
PPTX
Bastion Host : Amazon Web Services
Akhilesh Joshi
 
PPTX
Virtual Private Networks
primeteacher32
 
PDF
Getting started on IoT with AWS and NodeMCU for less than 5€
Stylight
 
PDF
GÉANT TURN pilot
Mihály Mészáros
 
PDF
FIWARE Tech Summit - Building Your Own IoT Agent
FIWARE
 
PDF
Building Open Source IoT Cloud
dejanb
 
PPTX
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
PPTX
Upcoming Products, Services and Features - Workshop by Praveen Umanath
ResellerClub
 
Puppet for Networking - Junos
Puppet
 
Vital Aspects of SSL Support in MySQL
Lesa Cote
 
Managing enterprise client deployment with p2
Thomas Kratz
 
How to: node js & micro-services
Michael Haberman
 
Software for the Internet of Things
Alexandru Radovici
 
BAUG Meetup #1 2022: Публикация ресурсов в Интернет в Microsoft Azure. Обзор ...
Dzmitry Durasau
 
WebAccess\NMS v3.0
Guider Lee
 
Realtime Web Apps: WebSockets & WebRTC
VivochaLabs
 
Lets Encrypt!
Joerg Henning
 
Bastion Host : Amazon Web Services
Akhilesh Joshi
 
Virtual Private Networks
primeteacher32
 
Getting started on IoT with AWS and NodeMCU for less than 5€
Stylight
 
GÉANT TURN pilot
Mihály Mészáros
 
FIWARE Tech Summit - Building Your Own IoT Agent
FIWARE
 
Building Open Source IoT Cloud
dejanb
 
Introduction to SSL and How to Exploit & Secure
Brian Ritchie
 
Upcoming Products, Services and Features - Workshop by Praveen Umanath
ResellerClub
 
Ad

Similar to vpn router Mikrotik (20)

PDF
Shameful secrets of proprietary network protocols
Slawomir Jasek
 
PPTX
point to point tunneling protocol(PPTP).pptx
adnanbics79
 
PPT
Chapter 8 overview
ali raza
 
PPTX
Nginx-deploy on linux server with 80 and 442
RekeshPatel
 
PPTX
Fiware cloud developers week brussels
Fernando Lopez Aguilar
 
PDF
Cisco iso based CA (certificate authority)
Netwax Lab
 
PPTX
A.java
JahnaviBhagat
 
PPTX
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
PROIDEA
 
PPTX
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Jakub Kałużny
 
PPT
Chapter 3 overview
ali raza
 
PPTX
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
Waqas Ahmed Nawaz
 
PPTX
Chapter 4--converted.pptx
WijdenBenothmen1
 
PDF
Dell PowerEdge Zero Touch Provisioning
Dell World
 
PPTX
Identity service keystone ppt
university of Gujrat, pakistan
 
PPTX
6421 b Module-09
Bibekananada Jena
 
PDF
Ch8 - Implementing Virtual Private Networks
OhmRon
 
PPT
Ciscorouterasavpnserver 100218045815-phpapp01
slavenvvv
 
PPTX
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
PDF
Vpn
Jose Rivera
 
PPTX
Introduction to Networking Commands & Software
MuhammadRizaHilmi
 
Shameful secrets of proprietary network protocols
Slawomir Jasek
 
point to point tunneling protocol(PPTP).pptx
adnanbics79
 
Chapter 8 overview
ali raza
 
Nginx-deploy on linux server with 80 and 442
RekeshPatel
 
Fiware cloud developers week brussels
Fernando Lopez Aguilar
 
Cisco iso based CA (certificate authority)
Netwax Lab
 
A.java
JahnaviBhagat
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
PROIDEA
 
Shameful Secrets of Proprietary Network Protocols - OWASP AppSec EU 2014
Jakub Kałużny
 
Chapter 3 overview
ali raza
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 10
Waqas Ahmed Nawaz
 
Chapter 4--converted.pptx
WijdenBenothmen1
 
Dell PowerEdge Zero Touch Provisioning
Dell World
 
Identity service keystone ppt
university of Gujrat, pakistan
 
6421 b Module-09
Bibekananada Jena
 
Ch8 - Implementing Virtual Private Networks
OhmRon
 
Ciscorouterasavpnserver 100218045815-phpapp01
slavenvvv
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
Vpn
Jose Rivera
 
Introduction to Networking Commands & Software
MuhammadRizaHilmi
 
Ad

Recently uploaded (20)

PPT
FABRICATION OF MOS FET BJT DEVICES IN NANOMETER
Nikhil Raj
 
PDF
Dynamic Checkweighers and Automatic Weighing Machine Solutions
dadisick66688
 
PPTX
Wireless and Mobile Backhaul Market.pptx
ashishjadhav559203
 
PPTX
Presentation 1.pptxnshshdhhdhdhdhdhhdhdhdhd
ArpitMalhotra16
 
PPTX
unit1d-communitypharmacy-240815170017-d032dce8.pptx
malidipak2021
 
PPTX
A Clear View_ Interpreting Scope Numbers and Features
Eurooptic Ltd
 
PDF
Tcl Scripting for EDA.pdf
Ahmed Abdelazeem
 
PPTX
Prograce_Present.....ggation_Simple.pptx
KVENKATESH47
 
PPTX
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
PDF
-DIGITAL-INDIA.pdf one of the most prominent
vishu244x
 
PPTX
Lecture-3-Computer-programming for BS InfoTech
UzumakiNamikaze
 
PPTX
5. MEASURE OF INTERIOR AND EXTERIOR- MATATAG CURRICULUM.pptx
MelanieEstebanVentur1
 
DOCX
fsdffdghjjgfxfdghjvhjvgfdfcbchghgghgcbjghf
SoundaryaSonu9
 
PDF
ICT grade for 8. MATATAG curriculum .P2.pdf
RSLCelea
 
PDF
Dozuki_Solution-hardware minimalization.
kurtaku1
 
PPTX
PLC ANALOGUE DONE BY KISMEC KULIM TD 5 .0
MahadzirMatRabi1
 
PPTX
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
PPTX
1.pptxsadafqefeqfeqfeffeqfqeqfeqefqfeqfqeffqe
EarlVonneRoque
 
PPTX
02fdgfhfhfhghghhhhhhhhhhhhhhhhhhhhh.pptx
eeshakhanzadi43
 
PPTX
New professional education PROF-ED-7_103359.pptx
JAYZHELARTIZA
 
FABRICATION OF MOS FET BJT DEVICES IN NANOMETER
Nikhil Raj
 
Dynamic Checkweighers and Automatic Weighing Machine Solutions
dadisick66688
 
Wireless and Mobile Backhaul Market.pptx
ashishjadhav559203
 
Presentation 1.pptxnshshdhhdhdhdhdhhdhdhdhd
ArpitMalhotra16
 
unit1d-communitypharmacy-240815170017-d032dce8.pptx
malidipak2021
 
A Clear View_ Interpreting Scope Numbers and Features
Eurooptic Ltd
 
Tcl Scripting for EDA.pdf
Ahmed Abdelazeem
 
Prograce_Present.....ggation_Simple.pptx
KVENKATESH47
 
Presentacion compuuuuuuuuuuuuuuuuuuuuuuu
EstefaniaVillegas11
 
-DIGITAL-INDIA.pdf one of the most prominent
vishu244x
 
Lecture-3-Computer-programming for BS InfoTech
UzumakiNamikaze
 
5. MEASURE OF INTERIOR AND EXTERIOR- MATATAG CURRICULUM.pptx
MelanieEstebanVentur1
 
fsdffdghjjgfxfdghjvhjvgfdfcbchghgghgcbjghf
SoundaryaSonu9
 
ICT grade for 8. MATATAG curriculum .P2.pdf
RSLCelea
 
Dozuki_Solution-hardware minimalization.
kurtaku1
 
PLC ANALOGUE DONE BY KISMEC KULIM TD 5 .0
MahadzirMatRabi1
 
Embeded System for Artificial intelligence 2.pptx
ifnadeksisa
 
1.pptxsadafqefeqfeqfeffeqfqeqfeqefqfeqfqeffqe
EarlVonneRoque
 
02fdgfhfhfhghghhhhhhhhhhhhhhhhhhhhh.pptx
eeshakhanzadi43
 
New professional education PROF-ED-7_103359.pptx
JAYZHELARTIZA
 

vpn router Mikrotik

  • 3. Welcome to this Workshop! First, some basic concepts about encryption …..
  • 4. • As you know, to unlock or even lock anything like a door you need a key. • This applies to computer networks, too. • There are two encryption methods in computer networks.  Symmetric Encryption  Asymmetric Encryption
  • 5. One of the most common Asymmetric Encryption methods is using computer certificates. In this method, we need to provide a certificate from a well-known Certificate Authority (CA) and import it to our "Local Computer Personal Certificate Store”. After importing, we can use it to encrypt and sign our data. *Note: you should have your CA, public key certificate in your “Trusted Certificate Authority” list.
  • 6. How certificates work and help us to encrypt our data in “HTTPS-(SSL)” communications…
  • 8. Let`s go to implementing SSTP & OVPN on our MikroTik RouterBoard as a Server and Microsoft Windows as a Client ……
  • 9. Imagine that our Network Topology is:
  • 10. • First, basic configurations are set, including IP address, MikroTik identity (Name), admin password, …. • Then, as a first step of implementation, we should configure SNTP and MikroTik Clock, because validity time is very important in issuing and using a certificate. (See next slide)
  • 11. Configuring MikroTik Clock & SNTP Settings
  • 12. • Now as a second step, we need to create a CA Certificate and issue a certificate for our SSTP and OVPN Server and finally sign it with our CA Certificate. • After that we should export CA Public Key to import it to our client’s “Trusted Root Certification Authorities” List. (See next slides)
  • 13. Providing CA & Server Certificates
  • 16. Importing CA Public Key to Client Local Certificate Store (Trusted Root Certification Authorities List)
  • 17. • Now as a third step, we should create an IP Pool, a PPP Profile and PPP Secret which should be used with Server Certificate in Configurations after enabling SSTP and OVPN. • Finally, in Server Configurations, we should enable “ARP Proxy” on our MikroTik Router “Local Network” Interface. • It’s required to remotely access Local Network. (See next slides)
  • 18. Providing Same “IP Pool” for SSTP & OVPN Clients
  • 19. Creating “PPP Profile” for SSTP & OVPN Connections
  • 20. Creating “PPP Secret” for SSTP & OVPN Connections
  • 21. Enabling & Configuring SSTP Server
  • 22. Enabling & Configuring OVPN Server
  • 23. Enabling “ARP Proxy” on Local Interface
  • 24. • After all server configurations are completed, we should configure the client side. • To configure a Microsoft Windows operating system as a SSTP Client, a VPN connection should first be created and “VPN type” should be changed to “SSTP”. • To configure a Microsoft Windows operating system as an “OVPN Client”, some OVPN client applications such as “OPEN VPN GUI” should be installed and then provide a Config File that includes client configurations and finally use it to connect to your OVPN server. *Tip: (You can use Sample Configuration file that is located in "sample-config" folder and modify it according to your server configurations. (See next slides)
  • 25. Configuring SSTP Client on Microsoft Windows
  • 26. Connecting to the MikroTik SSTP Server
  • 27. Connecting to the MikroTik OVPN Server
  • 29. Thank You! Powered by: Pooria Taabbodi ptaabodi@hotmail.com