VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Good day Guyswelcome again again on Mikrotik Indonesia channel Youtube Channel that can deliver guidelines and tricksabout Mikrotik this time I will continuetutorial sequence on VPN on former videothat provided by my friends 1st video clip there was a VPN introduction then There is certainly PPTP then for the nextI will reveal about SSTP or Safe Socket Tunneling Protocol right before go on into the video clip clarification do not forget so that you can Subscribe then simply click the bell button so you getthe hottest video clip updates from us there are lots of means or strategies to create a VPN networkor Virtual Private Network while in the prior videoalready explained about PPTP or Issue to Issue Tunneling Protocol in this tutorialI will try out to create a simulation how we can use SSTP or Safe Socket Tunneling Protocol what is actually the real difference?conceptually similar to PPTP i will likely be clarify for 2 mechanisms two examples of implementation that should be tried to do the very first is Web site to Web site VPN this process is commonly usedto join concerning 2 web-sites which can be impossible to employ Actual physical connections for example already distinct islands or diverse international locations if during the former online video working with PPTP now we make use of the SSTP technique besides that we can also use SSTPfor the cell shopper but for SSTP not as adaptable as PPTP because for now not all working techniques offer SSTP Client aspect Straight away I will make a simulation which has a topology similar to this if you listen or Earlier have not viewed the PPTP movie tutorial you should look for this channel as the topology that I use now is identical The form is the same the difference is only the kind or tunneling approach that should be used namely SSTP the first step for both of these websites has to be related do not have to make use of precisely the same ISP mainly because in each region it should be diverse Unique ISPs, General public IPs are differentnot a problem simply because if you employ this SSTP methodcan however be linked though server and client use unique Public IPs the phrase is different segments then for each Workplace Just about every also incorporates a LAN community the goal is involving these LANs as a way to communicate if the belief is web site A and web page B or Office environment A and Workplace B thisthe location has various islands or unique nations around the world we won't use physical connections any longer or later we can use optical fiber at a very costly Expense or get quite a while hence This VPN system is a single solutionfast and maybe low-cost if both equally web pages are connected to the online market place in the picture, there are two routers Router1 is really a simulation at The pinnacle officeor Business A You will discover much more A different router in front of me performing as Place of work B or as being a department Place of work the procedure we have to do first is because We've to connect to the online world we need to do The fundamental configuration if you continue to question tips on how to do simple configuration you are able to master within the videostart the basic Mikrotik configuration on this channel make sure you locate the video clip the way is how can equally web sites of every Place of work be connected to the online world simply because in earning a VPN connectionwe use the net network being a virtual interface now i configure it for internet connection about the Office B router or right here functions for a branch Workplace here you may begin to see the RB951Ui-2HnD Routerwhich is made use of as being a simulation from the department Business router You may use any sort of Mikrotik router because of the best way to configure the Mikrotik Routereverything is nearly exactly the same for example I exploit two connections You will find a WAN You will find a LAN far too then within the network I occur to later for WAN connections employing DHCP Consumer so below I need to established the DHCP shopper incidentally the internet connection employs ether1 below has got an IP address much too then for LAN relationship I take advantage of ether2 things like this are still Component of simple configuration this one is for WAN IPand the bottom for LAN IP or local network to really make it a lot easier for me to configure I will add on LAN with DHCP Server we could enter into the IP menu then DHCP Server in this article to configure itMy notebook connects to Ether2 I established attain IPso using the DHCP Server so my laptop getsAutomatic IP Deal with and now my laptop computer is gettingIP Address 192.
168.
30.
254 just after this part is completed do not forget the configurationfor NAT firewalls or scrub NAT masquerade for Out.
The interface brings about ether1 In case you are nonetheless baffled and doubtful for fundamental configurations such as this you should learnin The fundamental configuration video on this channel simply because We have now talked about in more detailon the video if this configuration is total this time I shown the configuration in a single Place of work due to configuration in Office environment Aalso the same configuration usually do not forget to give the title of the routeron the technique-id menu by way of example I named this router is Business office B so later on there'll be Business office Aand also Workplace B the next action we configure for that SSTP Server we configure the router in Business A I occurred to own ready a router which uses IP Tackle 192.
168.
128.
05 which functions as Office environment A for VPN configuration on Mikrotik products everything is about the PPP menu so we can easily enter the PPP menuon the highest left around the Interface tab we are able to research there are various buttons there is a PPTP Server, there is a SSTP Server, L2TP Serverand also OpenVPN Server for PPTP discussed while in the previous online video then this time We are going to discussabout SSTP Server to configure it is actually listed here after we configure it we click the SSTP Server button the Display screen is not A great deal diverse from when configuring PPTP Server we Look at this Help then our profile selects default encryption OK With this SSTP Server configurationlater we're specified a decision to select a Certification a person change which might be seen concerning PPTP and SSTP on SSTP we will use SSL Certificate for Encryption possibilities if PPTP takes advantage of TCP port 1723 and you'll find possibilities at some ISPsblock the port alternatively we will use SSTP which employs the default port 443 This port 443 is the same as the 1 employed for the https Internet site so it's very unlikelyto be blocked by an ISP for instance PPTP can not be executed we could test A further choice, SSTP by utilizing a certification or not using a certificate In case the gadget works by using the identical Mikrotik We are going to try out the one particular with out certification let us try first withnot utilize a certificate we Look at to empower SSTP Servicethen simply click OK for the following methods to produce a VPN we need to make authentication And so the Company aspect should make Insider secrets here there is an account for sucrets we are able to insert or use this existing a single for building secrets similar to PPTPor A different form of VPN for that experiment this time I chose the assistance specifically to SSTP we could also opt for PPTP when developing a PPTP server or can also choose any to ensure that afterwards it can be used for every type of VPN don't forget also to determineLocal and Distant Deal with That is some IP deal with which can be mounted when the SSTP servicecan be connected As an example, for a neighborhood addressI give IP address ten.
2.
2.
one then with the remote addressusing IP address ten.
2.
2.
2 for this section help it become a practice to usePrivate IP address which can not have already been set up beforeon the router so that it'll be easierto handle the IP handle for creating consumers can alter such as, it demands in excess of 1 userwe can perform it by incorporating strategies like The underside like this Or perhaps only use one userdepending on particular person requires for SSTP Server configuration just as simple as This really is plenty of and remember to activate the profile within the secretto opt for default encryption the takes advantage of for encryptingduring info transactions Therefore if there are actually issues”Protected or not using a VPN?” the information really should be Safe and sound since the information is encrypted due to the fact we pick the default-encryption profile This can be the configuration for that SSTP server router or Business office A then we swap to client configuration or Workplace B Business office B We are going to specify as SSTP Customer I've now remotely router for Office environment B will not skip the router steps for configuration are Pretty much exactly the same to start with we enter the PPP menu we Examine 1st to connect with the server can pingto the public IP handle or not the best way to enter the terminal menuthen do ping Ping 192.
168.
128.
one zero five for the experiment this timeI simulate this 192.
168.
128.
one hundred and five can be a General public IP for an Office environment A Server then we enter now viewed reply signifies we are able to connect to the server's IP address then we make the SSTP customer we enter the PPP menu while in the Interface tab then we increase the SSTP Customer suppose I give a name with sstp-center then with the tab dial out for that Connect To parameterwe fill in the general public IP that is on the server this time we use 192.
168.
128.
a hundred and five then An important could be the Person parameter the server configurations were being currently madewith person name1 then my password is “check” for a while as a consequence of usnot use a certification we could disable this parameter Validate Server Tackle From Certificate we can use this parameter In case the certificate the shopper and server currently exists then we click on OK It ought to be this SSTP link continues to be established or perhaps the username and password are properly filled then the R flag will appearin entrance of the interface if it has been formed like this concerning web page A and website B just as if you already have a direct link utilizing VPN Though physically indirectly connected This SSTP interface will also have an IP tackle specified on the server aspect we can easily attempt to examine the IP-Handle menu afterwards a new IP will seem about the sstp-center interface This IP tackle is presented quickly from Strategies options on the server so we need not configure the IP addressManually following the IP tackle on the interface has appeared to connect in between LANs on the two web sites or is often connected then we have to include static routing first we enter the IP menu then enter the Routes menu as well as IP handle in Office environment A is 172.
16.
1.
0 so this time I am able to increase to route-checklist I insert it by pressing the + signal Etcetera.
We enter the IP tackle 172.
sixteen.
one.
0/24 Gateway parameters can use IP addresses by way of example we fill in IP ten.
two.
two.
one This is actually the IP handle on the VPN interface mainly because this VPN we will far too or included in the PPTP class then we could fill from the Gatewaywith the SSTP interface specially only relates to VPN if Actual physical interfaces can't by way of example we utilized itGateway IP Handle ten.
two.
two.
one then the Route will show up with US flags remember to produce the return path routing This really is routing from Business office B to Place of work A LAN from Business A to LAN Office environment Bstatic routing will have to even be produced we must enter the router in Business office A we have entered the Workplace A router will also instantly look latera new interface about the PPP menu based on the title of your username then the IP tackle will even appearon the SSTP interface so we can just ensure it is within the IP-Routes menu we incorporate new with Dst.
The tackle will be the IP of the Office environment LAN B 192.
168.
30.
0/24 We fill from the gateway 10.
2.
two.
2 then we click Alright Routing is previously built we could try to examine from your Business office A router we open up New Terminal then we try to ping 192.
168.
thirty.
1 we try to ping once more to my laptopwith IP 192.
168.
30.
245 look can now we might also Ping from Office environment B incidentally my notebook is really a clientfrom LAN Place of work B so that my situation is while in the Business office LAN B if I open up a completely new Terminal with a Notebook by way of example I Ping to 172.
16.
1.
one look can previously meaning among LAN in Office environment A and Office environment Balready able to speak we will use this type of communication to obtain the server at The top Place of work Or possibly There's a CCTV system, File Sharingetc making sure that these LANs can share resources Sharing connections for servers, for instance, at a branch Business, there are no these kinds of facilities we will use characteristics such as this This configuration is similar to PPTP inside the former online video the main difference is barely while in the tunneling system now We'll try Let's say we use certificates if we did an experiment earlierwithout implementing certificates step one we can check in Place of work Awhich functions as being a Server we could Verify to the PPP menu Energetic Connections tab Will probably be found applying AES256 encoding In the event the former PPTP strategy encodes it uses MPPE default if now the SSTP process works by using AES256 encoding later we are able to change this encoding or we are able to alter this encryption by utilizing SSL Certificates as We've seen beforeabout SSL Certificates we could make Self Signed SSL Certificatesand we can make it free of charge How to? how we may make it on Linuxwith OpenSSL Microtic gadgets are provided a Device for us in order to make SSL certificates what way? how can we enter the Procedure menu then we enter in the sub menu Certificates so this menu is accustomed to makeSSL certificates them selves through the use of Mikrotik if in fact we do not have Linux to develop with Open up SSL on this Certificates menu we can increase there are very important parameters like Nameand Frequent Name but we may also fill in every one of the parameterswe make CA 1st we make CA-Templateand I enter the Place ID and we can enter information entirely For example, I fill within the Business Citraweb For instance, I fill within the Unit Specialized Assist to the Popular Name parameter we must fill during the IP handle of our Router 192.
168.
128.
a hundred and five then simply click Apply Besides building CA certificates, we must produce a Server then Client as an example we create Server-Templates the parameters down below we fill similar to just before I fill inside the Prevalent Nameserver we allow it to be once more for clientele and we could make multiple if We have now multiple client one example is, I will generate Customer-Template I fill within the Nation ID I fill in the Point out of Yogyakarta then fill in more depth and full then I fill from the Complex Help Unitand I enter the Popular Title Shopper after there are actually three certificates madethere are CA, Server and Client then we must do Self Check in we enter New Terminal due to the fact on Mikrotik there is not any GUI menu we could use the CLI to accomplish Self Signedthe certificates how we do with the command”certificates signal” then we type the identify with the certificatefor instance, I attempt the CA first the command is similar to this then I provide the identify myCAcertificates if the process has finished, an outline will appear in the certificates menu with flag below we are able to begin to see the KLAT flagK-personal key, L-ctrl, A-authority, T-trushted then we will do the Self Register processfor Server and Shopper we enter while in the Terminal I try to server very first we Visit the identify ca that We now have manufactured before then we provide the name, for example, is the server It should be observed that typing the command Here's Case Delicate for instance, before I made myCA applying lowercase letters and below You can find an outline in the mistake since just before I produced it with all capital letters plus the command listed here does not find the location file so With this next phase I can change making use of uppercase letters and now the flag description appearson menu certificates the final is for that Client we variety Command “certificates sign” then we enter ca = myCA And that i give identify = consumer so In spite of everything the Check in course of action is doneand the KA flag info appears but for Shopper and server certificates there is no Trusted facts how to create these certificates trustworthy? we could make arrangementsthrough the Command Line Interface we type “dependable certification set consumer = y” we do a similar for certificates serverby typing “trusted certificate established server = y” so that later the flag description will surface over the Certificates menu that has a T flag which means Dependable if It can be arrived here then we are able to utilize it for SSTP certificate needs since I created these certificates over the Server router so it may also be saved around the router server following we signed signed certificatedand present trustworthy info we can easily export these certificatesfor us to import into the consumer the way we use the CLI Along with the command”certificate export = certificate” starting point I export myCA firstand I gave a passphrase Yet another a single I should exportfor the customer certification we are able to export the outcome to the Files menuand you'll find two file styles, particularly * .
crt and * critical we can obtain these four documents which later we are able to import in the client router I have saved it to my Laptop or computer desktopthere are quite a few files seen listed here, there are * .
vital and * crt then we enter the Business B routeror into the Client router on this router client we uploadfor the certification file that We now have designed just how is we upload the file into the Information menu I select all filesfor those who have the * crt and * .
important extensions Just about every has 2 information myCA has 2 filesand the client also has * .
crt and * .
critical following that we click open up now found getting into here if It can be previously https://vpngoup.com from the Information menuthen we enter the Certificates menu conditions to the router client don't have any certificateswe can do import we could do import certificatesfirst feasible for myCA to start with then we import do not forget to import * .
essential also for myCA filesso that it may be reliable import much more certification information with the client then we also import the key file for that customer to make sure that each varieties of data files can enter listed here following