VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hi Guyswelcome back again once again on Mikrotik Indonesia channel Youtube Channel that should supply ideas and tricksabout Mikrotik this time I will continuetutorial sequence on VPN on preceding videothat furnished by my friends 1st online video there was a VPN introduction then You can find PPTP then to the nextI will make clear about SSTP or Protected Socket Tunneling Protocol in advance of continue on to the movie rationalization don't forget for you to Subscribe then click the bell button so you getthe newest video clip updates from us there are lots of ways or solutions to make a VPN networkor Virtual Non-public Community within the earlier videoalready described about PPTP or Point to Place Tunneling Protocol In this particular tutorialI will test to create a simulation how we are able to use SSTP or Safe Socket Tunneling Protocol what is actually the main difference?conceptually comparable to PPTP i is going to be make clear for 2 mechanisms two samples of implementation that can be made an effort to do the 1st is Web-site to Web site VPN this method is often usedto connect in between two sites that's impossible to utilize Bodily connections such as already different islands or various nations if while in the previous movie applying PPTP now we utilize the SSTP system Moreover that we can also use SSTPfor the cellular client but for SSTP not as adaptable as PPTP due to the fact for now not all working systems deliver SSTP Customer feature Instantly I could make a simulation having a topology like this for those who concentrate or Earlier have not viewed the PPTP movie tutorial please search this channel since the topology which i use now is similar the shape is similar the main difference is only the kind or tunneling system that should be utilised particularly SSTP the first step for both of these sites needs to be linked do not have to work with precisely the same ISP for the reason that in Each individual location it should be distinctive Various ISPs, Community IPs will also be differentnot a dilemma simply because if you use this SSTP methodcan still be linked nevertheless server and shopper use various Community IPs the term differs segments then for every Business office Each and every also includes a LAN network the aim is involving these LANs as a way to communicate if the idea is internet site A and site B or Place of work A and office B thisthe spot has various islands or diverse countries we can't use Bodily connections anymore or afterwards we can easily use optical fiber at a really pricey Price tag or get quite a while as a result This VPN process is a person solutionfast and maybe low-cost if the two web pages are linked to the net in the image, There are 2 routers Router1 is often a simulation at the head officeor Business office A You'll find much more Yet another router in front of me performing as Business B or as a department Workplace the process we have to do 1st is mainly because Now we have to connect with the web we must do the basic configuration if you continue to question the best way to do fundamental configuration you'll be able to discover to the videostart the basic Mikrotik configuration on this channel please discover the online video the way is how can the two web sites of every Business office be connected to the world wide web mainly because in creating a VPN connectionwe use the net network to be a Digital interface now i configure it for Connection to the internet over the Business B router or below functions as a branch office listed here you'll be able to begin to see the RB951Ui-2HnD Routerwhich is utilized as a simulation of the department office router You can utilize any kind of Mikrotik router as a consequence of the best way to configure the Mikrotik Routereverything is sort of the same for example I use two connections There's a WAN There's a LAN also then on the community I transpire to afterwards for WAN connections making use of DHCP Client so below I really need to established the DHCP consumer By the way the internet connection uses ether1 right here has obtained an IP tackle too then for LAN relationship i use ether2 things such as this are still Component of standard configuration this just one is for WAN IPand The underside for LAN IP or community network to really make it less complicated for me to configure I will increase on LAN with DHCP Server we will enter to the IP menu then DHCP Server listed here to configure itMy laptop connects to Ether2 I established attain IPso utilizing the DHCP Server so my laptop getsAutomatic IP Address and now my laptop computer is gettingIP Tackle 192.
168.
30.
254 immediately after this area is concluded do not forget the configurationfor NAT firewalls or scrub NAT masquerade for Out.
The interface leads to ether1 If you're even now baffled and doubtful for essential configurations similar to this please learnin the basic configuration online video on this channel for the reason that Now we have reviewed in additional detailon the online video if this configuration is entire this time I demonstrated the configuration in one Place of work because of configuration in Business office Aalso a similar configuration never forget about to provide the title of the routeron the procedure-identification menu by way of example I named this router is Business B so later on there'll be Office Aand also Workplace B the subsequent move we configure for that SSTP Server we configure the router in Business office A I took place to own ready a router which uses IP Handle 192.
168.
128.
05 which functions as Business office A for VPN configuration on Mikrotik units almost everything is to the PPP menu so we could enter the PPP menuon the best still left over the Interface tab we can easily search there are many buttons There's a PPTP Server, You will find there's SSTP Server, L2TP Serverand also OpenVPN Server for PPTP talked over from the former online video then this time We are going to discussabout SSTP Server to configure it truly is here whenever we configure it we click on the SSTP Server button the Exhibit isn't much different from when configuring PPTP Server we Check out this Empower then our profile selects default encryption Alright On this SSTP Server configurationlater we are specified a option to pick a Certification one variation that can be found involving PPTP and SSTP on SSTP we will use SSL Certificate for Encryption options if PPTP uses TCP port 1723 and there are prospects at some ISPsblock the port alternatively we can use SSTP which works by using the default port 443 This port 443 is similar to the just one employed for the https Web-site so it's extremely unlikelyto be blocked by an ISP one example is PPTP can't be executed we will test An additional different, SSTP through the use of a certificate or not utilizing a certificate In the event the machine makes use of a similar Mikrotik we will try the just one with out certification let us check out 1st withnot use a certification we Check out to allow SSTP Servicethen click on OK for another ways to create a VPN we should make authentication Therefore the Support aspect must make Tricks right here There is certainly an account for sucrets we will include or use this current just one for creating strategies the same as PPTPor One more sort of VPN for that experiment this time I selected the company especially to SSTP we may select PPTP when making a PPTP server or can also select any to ensure later it can be employed for all types of VPN do not forget also to determineLocal and Remote Tackle This is often some IP tackle that can be installed once the SSTP servicecan be related One example is, for a neighborhood addressI give IP handle 10.
2.
2.
one then with the remote addressusing IP deal with ten.
2.
2.
2 for this section help it become a pattern to usePrivate IP address which can not have already been mounted beforeon the router so that it'll be easierto manage the IP deal with for producing people can adjust for instance, it demands much more than one userwe can perform it by introducing techniques like the bottom such as this Or even only use one userdepending on individual requirements for SSTP Server configuration just as simple as This can be enough and remember to activate the profile within the secretto pick out default encryption the makes use of for encryptingduring data transactions Therefore if you will find thoughts”Risk-free or not utilizing a VPN?” the data should be Harmless since the info is encrypted mainly because we select the default-encryption profile this is the configuration for that SSTP server router or Business office A then we change to shopper configuration or office B office B We'll specify as SSTP Client I've now remotely router for Workplace B do not pass up the router measures for configuration are almost precisely the same 1st we enter the PPP menu we Verify initial to connect with the server can pingto the public IP address or not the way to enter the terminal menuthen do ping Ping 192.
168.
128.
105 with the experiment this timeI simulate this 192.
168.
128.
105 is really a General public IP for an Office environment A Server then we enter already found reply means we can easily connect with the server's IP address then we make the SSTP customer we enter the PPP menu from the Interface tab then we incorporate the SSTP Shopper suppose I give a identify with sstp-Centre then with the tab dial out for the Hook up with parameterwe fill in the general public IP that is certainly on the server this time we use 192.
168.
128.
one hundred and five then The main will be the User parameter the server settings had been already madewith user name1 then my password is “test” for some time on account of usnot utilize a certification we are able to disable this parameter Validate Server Address From Certification we are able to use this parameter if the certificate the client and server presently exists then we simply click OK It should be this SSTP relationship is set up or even the username and password are correctly filled then the R flag will appearin entrance of this interface if it's been formed similar to this involving web-site A and web-site B like you already have a immediate connection applying VPN Even though physically circuitously connected This SSTP interface will even have an IP deal with specified to the server facet we are able to check out to examine the IP-Tackle menu later a different IP will seem within the sstp-Heart interface This IP handle is presented routinely from Tricks settings about the server so we don't need to configure the IP addressManually following the IP address on the interface has appeared to connect among LANs on both equally sites or is often related then we must include static routing very first we enter the IP menu then enter the Routes menu and also the IP address in Place of work A is 172.
16.
1.
0 so this time I'm able to include to route-checklist I include it by urgent the + indicator Etcetera.
We enter the IP deal with 172.
16.
1.
0/24 Gateway parameters can use IP addresses as an example we fill in IP 10.
two.
two.
1 Here is the IP deal with of your VPN interface due to the fact this VPN we are able to as well or included in the PPTP group then we can easily fill during the Gatewaywith the SSTP interface specially only applies to VPN if Bodily interfaces are not able to for instance we utilized itGateway IP Deal with ten.
2.
two.
one then the Route will seem with US flags remember for making the return route routing this is routing from office B to office A LAN from Business office A to LAN Office environment Bstatic routing ought to also be created we need to enter the router in Business office A Now we have entered the Place of work A router will likely routinely appear latera new interface around the PPP menu in accordance with the title on the username then the IP handle may even appearon the SSTP interface so we are able to just ensure it is during the IP-Routes menu we insert new with Dst.
The handle may be the IP in the Office environment LAN B 192.
168.
30.
0/24 We fill from the gateway 10.
2.
2.
2 then we click OK Routing is now made we can consider to examine in the Place of work A router we open New Terminal then we seek to ping 192.
168.
30.
one we try to ping once again to my laptopwith IP 192.
168.
30.
245 seem can presently we may Ping from Business B By the way my laptop computer is really a clientfrom LAN Business B making sure that my place is from the Office environment LAN B if I open a completely new Terminal on the Laptop such as I Ping to 172.
16.
one.
1 glimpse can presently which means in between LAN in office A and office Balready able to communicate we could use this sort of conversation to accessibility the server at the head office or maybe there is a CCTV gadget, File Sharingetc to ensure that these LANs can share assets Sharing connections for servers, by way of example, in a department Place of work, there isn't any these types of amenities we are able to use characteristics like this This configuration is analogous to PPTP while in the earlier video the real difference is only within the tunneling method now We are going to test Imagine if we use certificates if we did an experiment earlierwithout making use of certificates the initial step we can check in Office environment Awhich acts being a Server we can easily Look at within the PPP menu Lively Connections tab It's going to be found utilizing AES256 encoding if the former PPTP method encodes it makes use of MPPE default if now the SSTP approach utilizes AES256 encoding afterwards we will modify this encoding or we can improve this encryption by using SSL Certificates as We've witnessed beforeabout SSL Certificates we will make Self Signed SSL Certificatesand we will make it for free The way to? the best way we may make it on Linuxwith OpenSSL Microtic devices can also be delivered a Instrument for us to be able to make SSL certificates what way? how can we enter the Method menu then we enter in to the sub menu Certificates so this menu is utilized to makeSSL certificates by themselves through the use of Mikrotik if in truth we do not have Linux to develop with Open SSL on this Certificates menu we can add there are very important parameters like Nameand Typical Title but we can also fill in all the parameterswe make CA initial we make CA-Templateand I enter the Country ID and we are able to enter knowledge completely Such as, I fill in the organization Citraweb As an example, I fill within the Unit Specialized Assistance with the Common Identify parameter we must fill from the IP handle of our Router 192.
168.
128.
one zero five then simply click Utilize As well as earning CA certificates, we have to produce a Server then Client one example is we make Server-Templates the parameters under we fill the same as right before I fill while in the Common Nameserver we enable it to be all over again for clients and we may make more than one if We've got more than one customer for instance, I will make Client-Template I fill while in the Region ID I fill in the State of Yogyakarta then fill in more depth and comprehensive then I fill while in the Technical Assist Unitand I enter the Widespread Name Client immediately after you will discover 3 certificates madethere are CA, Server and Consumer then we really have to do Self Sign up we enter New Terminal simply because on Mikrotik there isn't a GUI menu we are able to utilize the CLI to complete Self Signedthe certificates just how we do Together with the command”certificates signal” then we variety the name from the certificatefor illustration, I check out the CA initial the command is such as this then I provide the title myCAcertificates if the procedure has completed, a description will surface inside the certificates menu with flag in this article we can easily see the KLAT flagK-private critical, L-ctrl, A-authority, T-trushted then we will do the Self Check in processfor Server and Customer we enter in the Terminal I make an effort to server initial we go to the title ca https://vpngoup.com that We've got created ahead of then we provide the title, such as, is the server It ought to be mentioned that typing the command here is Case Delicate for example, in advance of I built myCA using lowercase letters and listed here You can find an outline of the mistake mainly because just before I manufactured it with all capital letters and the command in this article won't find the location file so With this second phase I am able to switch making use of uppercase letters and now the flag description appearson menu certificates the last is with the Shopper we type Command “certificates indication” then we enter ca = myCA And that i give title = shopper so In any case the Check in course of action is doneand the KA flag information and facts seems but for Customer and server certificates there's no Trustworthy details how to create these certificates reliable? we may make arrangementsthrough the Command Line Interface we style “trusted certification set shopper = y” we do the identical for certificates serverby typing “dependable certificate set server = y” making sure that later the flag description will seem over the Certificates menu which has a T flag which means Dependable if it's arrived in this article then we are able to use it for SSTP certificate demands because I manufactured these certificates within the Server router so it will also be saved within the router server immediately after we signed signed certificatedand supply dependable info we can export these certificatesfor us to import to the consumer just how we use the CLI With all the command”certificate export = certificate” initial step I export myCA firstand I gave a passphrase Yet another one particular I really need to exportfor the consumer certificate we can export the outcomes about the Documents menuand you'll find two file styles, namely * .
crt and * essential we are able to down load these four files which afterwards we will import to the consumer router I've saved it to my Laptop or computer desktopthere are various information viewed in this article, there are * .
critical and * crt then we enter the Business office B routeror in the Client router on this router customer we uploadfor the certification file that Now we have manufactured the way is we upload the file to the Information menu I choose all filesfor those who have the * crt and * .
key extensions Every has 2 documents myCA has two filesand the client also has * .
crt and * .
key following that we click open by now noticed moving into in this article if It truly is previously during the Information menuthen we enter the Certificates menu situations within the router shopper haven't any certificateswe can perform import we can easily do import certificatesfirst attainable for myCA initially then we import do not forget to import * .
crucial also for myCA filesso that it can be trusted import additional certificate documents for your shopper then we also import The crucial element file to the customer so that both of those types of data files