VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Good day Guyswelcome back again once more on Mikrotik Indonesia channel Youtube Channel that should deliver recommendations and tricksabout Mikrotik this time I will continuetutorial series on VPN on past videothat provided by my pals 1st online video there was a VPN introduction then There may be PPTP then for that nextI will reveal about SSTP or Safe Socket Tunneling Protocol just before continue on to your online video clarification don't forget that you should Subscribe then click on the bell button so that you getthe most up-to-date online video updates from us there are several approaches or approaches to produce a VPN networkor Digital Private Community inside the former videoalready stated about PPTP or Stage to Place Tunneling Protocol Within this tutorialI will check out to generate a simulation how we will use SSTP or Secure Socket Tunneling Protocol what is actually the primary difference?conceptually similar to PPTP i might be demonstrate for 2 mechanisms two examples of implementation that may be attempted to do the main is Site to Web page VPN this process is usually usedto hook up in between two websites that's not possible to make use of Actual physical connections by way of example currently various islands or unique international locations if within the previous video clip applying PPTP now we utilize the SSTP approach Moreover that we might also use SSTPfor the cellular customer but for SSTP not as flexible as PPTP mainly because for now not all functioning systems offer SSTP Client function Quickly I is likely to make a simulation using a topology similar to this in case you concentrate or Formerly have not found the PPTP video clip tutorial be sure to look for this channel because the topology which i use now is similar the shape is the same the main difference is just the type or tunneling process that will be employed specifically SSTP the first step for these two internet sites needs to be linked would not have to use a similar ISP for the reason that in Each and every location it need to be various Unique ISPs, Community IPs will also be differentnot a problem since if you utilize this SSTP methodcan still be related nevertheless server and consumer use distinctive Community IPs the expression differs segments then for every Office environment Each individual also features a LAN network the objective is involving these LANs as a way to communicate if the assumption is web site A and website B or Workplace A and Place of work B thisthe locale has distinctive islands or unique countries we will not use Actual physical connections any longer or afterwards we can use optical fiber at an exceedingly high-priced Price or get quite a long time consequently This VPN method is one particular solutionfast and maybe affordable if both websites are connected to the online market place in the picture, There are 2 routers Router1 is actually a simulation at The top officeor Office A You'll find far more A different router in front of me performing as Business office B or as a branch Business office the procedure we must do initially is simply because We've to hook up with the internet we have to do the basic configuration if you continue to doubt the best way to do basic configuration you'll be able to master within the videostart the basic Mikrotik configuration on this channel make sure you locate the video how is how can equally web sites of every Workplace be connected to the world wide web because in generating a VPN connectionwe use the net community for a virtual interface now i configure it for Connection to the internet to the Office environment B router or in this article functions to be a branch Office environment listed here you are able to begin to see the RB951Ui-2HnD Routerwhich is utilised for a simulation from the branch Business router You should utilize any kind of Mikrotik router as a result of how you can configure the Mikrotik Routereverything is sort of a similar as an example I take advantage of two connections There exists a WAN there is a LAN much too then around the network I happen to afterwards for WAN connections using DHCP Consumer so here I really need to established the DHCP consumer incidentally the internet connection utilizes ether1 right here has received an IP address also then for LAN relationship I exploit ether2 things such as this are still Portion of fundamental configuration this a person is for WAN IPand The underside for LAN IP or nearby network to make it less complicated for me to configure I'll include on LAN with DHCP Server we will enter into your IP menu then DHCP Server here to configure itMy laptop connects to Ether2 I established get IPso using the DHCP Server so my laptop computer getsAutomatic IP Address and now my laptop computer is gettingIP Tackle 192.
168.
thirty.
254 soon after this section is completed don't forget the configurationfor NAT firewalls or scrub NAT masquerade for Out.
The interface causes ether1 For anyone who is however bewildered and Uncertain for standard configurations such as this you should learnin The essential configuration online video on this channel simply because Now we have reviewed in additional detailon the online video if this configuration is entire this time I demonstrated the configuration in a single Business as a result of configuration in office Aalso the same configuration usually do not forget about to provide the name on the routeron the procedure-identification menu one example is I named this router is Business office B so afterwards there will be Office Aand also Business office B the subsequent move we configure for that SSTP Server we configure the router in Office environment A I transpired to get ready a router which makes use of IP Address 192.
168.
128.
05 which acts as Business office A for VPN configuration on Mikrotik products every little thing is over the PPP menu so we could enter the PPP menuon the very best still left around the Interface tab we can search there are plenty of buttons There's a PPTP Server, You will find there's SSTP Server, L2TP Serverand also OpenVPN Server for PPTP talked over inside the former movie then this time We'll discussabout SSTP Server to configure it is here whenever we configure it we click the SSTP Server button the Exhibit isn't much different from when configuring PPTP Server we Examine this Allow then our profile selects default encryption OK in this SSTP Server configurationlater we have been presented a selection to pick a Certificate a single distinction that can be viewed among PPTP and SSTP on SSTP we can use SSL Certificate for Encryption alternatives if PPTP takes advantage of TCP port 1723 and you will discover prospects at some ISPsblock the port alternatively we can use SSTP which works by using the default port 443 This port 443 is the same as the a person useful for the https website so it is very unlikelyto be blocked by an ISP such as PPTP can't be executed we can try another choice, SSTP through the use of a certification or not utilizing a certificate Should the unit utilizes the exact same Mikrotik we will try out the one devoid of certificate let us consider first withnot use a certificate we Test to permit SSTP Servicethen simply click Alright for the subsequent ways to create a VPN we need to make authentication Hence the Services aspect must make Tricks right here there is an account for sucrets we are able to add or use this current just one for producing tricks similar to PPTPor Yet another form of VPN with the experiment this time I chose the services particularly to SSTP we also can pick PPTP when developing a PPTP server or may pick any to make sure that later on it may be used for every type of VPN remember also to determineLocal and Remote Deal with This is often some IP handle that may be mounted when the SSTP servicecan be related For example, for an area addressI give IP tackle 10.
two.
2.
1 then for that distant addressusing IP address 10.
2.
2.
2 for this aspect enable it to be a pattern to usePrivate IP address which may not are mounted beforeon the router so that it's going to be easierto regulate the IP tackle for producing customers can adjust for instance, it needs a lot more than one userwe can do it by including insider secrets like the bottom such as this Or possibly only use 1 userdepending on unique demands for SSTP Server configuration just so simple as This is certainly enough and don't forget to activate the profile inside the secretto pick out default encryption the employs for encryptingduring data transactions Therefore if there are thoughts”Risk-free or not utilizing a VPN?” the information ought to be Risk-free as the data is encrypted due to the fact we choose the default-encryption profile this is the configuration for the SSTP server router or Place of work A then we switch to consumer configuration or Office environment B Business office B we will specify as SSTP Client I have now remotely router for Place of work B usually do not skip the router ways for configuration are Nearly the same very first we enter the PPP menu we Test initial to connect with the server can pingto the general public IP handle or not the way to enter the terminal menuthen do ping Ping 192.
168.
128.
one zero five for that experiment this timeI simulate this 192.
168.
128.
105 is usually a General public IP for an Office environment A Server then we enter by now found reply signifies we could hook up with the server's IP deal with then we make the SSTP customer we enter the PPP menu within the Interface tab then we increase the SSTP Customer suppose I provide a name with sstp-Middle then for the tab dial out to the Connect with parameterwe fill in the Public IP which is about the server this time we use 192.
168.
128.
one zero five then the most important is the Person parameter the server configurations were previously madewith user name1 then my password is “check” for a while as a result of usnot use a certification we could disable this parameter Confirm Server Deal with From Certificate we can easily use this parameter If your certification the consumer and server by now exists then we simply click Okay It should be this SSTP link has been founded or the username and password are effectively filled then the R flag will appearin entrance of this interface if it's been shaped such as this concerning web-site A and internet site B as if you already have a direct connection making use of VPN Though bodily circuitously connected This SSTP interface will even have an IP deal with specified to the server facet we can easily attempt to examine the IP-Deal with menu later on a completely new IP will appear to the sstp-Middle interface This IP deal with is provided instantly from Secrets and techniques options within the server so we needn't configure the IP addressManually once the IP tackle within the interface has appeared to connect between LANs on the two sites or might be linked then we must insert static routing initially we enter the IP menu then enter the Routes menu as well as IP address in office A is 172.
sixteen.
1.
0 so this time I'm able to increase to route-list I add it by pressing the + sign Etcetera.
We enter the IP tackle 172.
sixteen.
one.
0/24 Gateway parameters can use IP addresses for example we fill in IP ten.
two.
2.
one This is actually the IP tackle from the VPN interface because this VPN we can easily way too or A part of the PPTP class then we can fill during the Gatewaywith the SSTP interface exclusively only applies to VPN if physical interfaces can not one example is we employed itGateway IP Deal with ten.
2.
two.
one then the Route will seem with US flags remember to produce the return route routing This can be routing from Business office B to office A LAN from Business A to LAN office Bstatic routing will have to even be made we should enter the router in Place of work A We've entered the Business A router will likely mechanically look latera new interface over the PPP menu in accordance with the identify of the username then the IP tackle will likely appearon the SSTP interface so we will just make it within the IP-Routes menu we include new with Dst.
The handle is the IP in the Place of work LAN B 192.
168.
30.
0/24 We fill in the gateway ten.
two.
two.
2 then we simply click Okay Routing is presently made we can test to check through the office A router we open New Terminal then we make an effort to ping 192.
168.
30.
one we seek to ping all over again to my laptopwith IP 192.
168.
thirty.
245 seem can previously we might also Ping from Business office B By the way my laptop computer is usually a clientfrom LAN Office environment B to ensure that my situation is inside the Office environment LAN B if I open a fresh Terminal over a Laptop for instance I Ping to 172.
16.
one.
one appear can by now meaning between LAN in Office environment A and office Balready able to speak we could use this sort of communication to entry the server at The top Place of work Or possibly there is a CCTV machine, File Sharingetc so that these LANs can share assets Sharing connections for servers, as an example, at a department Business, there aren't any this kind of services we can use capabilities similar to this This configuration is similar to PPTP in the preceding video clip the main difference is simply from the tunneling strategy now We are going to check out Imagine if we use certificates if we did an experiment earlierwithout making use of certificates the first step we can easily sign in Business office Awhich functions as a Server we can Look at within the PPP menu Active Connections tab It will likely be viewed utilizing AES256 encoding if the preceding PPTP system encodes it employs MPPE default if now the SSTP system utilizes AES256 encoding afterwards we are able to transform this encoding or we will alter this encryption through the use of SSL Certificates as We've noticed beforeabout SSL Certificates we may make Self Signed SSL Certificatesand we may make it free of charge How you can? the way we may make it on Linuxwith OpenSSL Microtic equipment can also be delivered a Tool for us to have the ability to make SSL certificates what way? how do we enter the Program menu then we enter into the sub menu Certificates so this menu is utilized to makeSSL certificates on their own by using Mikrotik if in truth we do not have Linux to create with Open SSL on this Certificates menu we can increase there are important parameters like Nameand Common Identify but we may fill in all of the parameterswe make CA very first we make CA-Templateand I enter the Region ID and we could enter data absolutely One example is, I fill within the organization Citraweb For example, I fill during the Unit Technical Help with the Prevalent Identify parameter we have to fill inside the IP handle of our Router 192.
168.
128.
one hundred and five then click on Use As well as producing CA certificates, we have to create a Server then Client one example is we make Server-Templates the parameters under we fill the same as just before I fill from the Widespread Nameserver we help it become once again for clientele and we may make multiple if We now have multiple shopper as an example, I will make Customer-Template I fill from the Region ID I fill inside the State of Yogyakarta then fill in more depth and entire then I fill in the Technological Support Unitand I enter the Common Name Consumer immediately after you will discover three certificates madethere are CA, Server and Consumer then we really need to do Self Check in we enter New Terminal mainly because on Mikrotik there's no GUI menu we can easily use the CLI to complete Self Signedthe certificates the best way we do Using the command”certificates indication” then we type the name on the certificatefor example, I try the CA 1st the command is like this then I give the title myCAcertificates if the process has completed, a description will show up inside the certificates menu with flag below we could begin to see the KLAT flagK-personal key, L-ctrl, A-authority, T-trushted then we are able to do the Self Sign up processfor Server and Shopper we enter within the Terminal I make an effort to server initially we Visit the name ca that We've designed prior to then we give the identify, such as, is definitely the server It ought to be noted that typing the command here https://vpngoup.com is Circumstance Delicate one example is, prior to I produced myCA utilizing lowercase letters and right here There may be a description of the error mainly because prior to I created it with all cash letters and also the command in this article would not discover the place file so Within this second phase I'm able to switch employing uppercase letters and now the flag description appearson menu certificates the last is for your Shopper we sort Command “certificates indicator” then we enter ca = myCA And that i give title = consumer so In spite of everything the Register method is doneand the KA flag information seems but for Customer and server certificates there is no Reliable data how to generate these certificates reliable? we might make arrangementsthrough the Command Line Interface we variety “dependable certificate set client = y” we do the same for certificates serverby typing “trustworthy certificate set server = y” making sure that later on the flag description will appear within the Certificates menu that has a T flag which implies Trusted if It can be arrived in this article then we are able to utilize it for SSTP certificate desires due to the fact I created these certificates to the Server router so it can even be stored to the router server immediately after we signed signed certificatedand give reliable information we could export these certificatesfor us to import for the client the way in which we utilize the CLI With all the command”certificate export = certification” first step I export myCA firstand I gave a passphrase Yet another a single I have to exportfor the client certificate we could export the results to the Files menuand there are actually two file kinds, namely * .
crt and * important we could obtain these 4 documents which later we can easily import in the customer router I have saved it to my computer desktopthere are numerous information found listed here, you can find * .
key and * crt then we enter the Place of work B routeror to the Customer router on this router customer we uploadfor the certification file that We've got created the way in which is we add the file to the Files menu I select all filesfor whoever has the * crt and * .
essential extensions Each individual has two documents myCA has 2 filesand the consumer also has * .
crt and * .
vital after that we simply click open by now witnessed moving into in this article if It is really by now from the Data files menuthen we enter the Certificates menu situations on the router shopper don't have any certificateswe can do import we could do import certificatesfirst achievable for myCA very first then we import don't forget to import * .
vital also for myCA filesso that it may be trusted import much more certification documents for that shopper then we