VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Hi Guyswelcome again all over again on Mikrotik Indonesia channel Youtube Channel that could offer tips and tricksabout Mikrotik this time I will continuetutorial sequence on VPN on earlier videothat provided by my pals 1st video clip there was a VPN introduction then There may be PPTP then for your nextI will clarify about SSTP or Protected Socket Tunneling Protocol before go on to your online video explanation don't forget so that you can Subscribe then click on the bell button so you getthe hottest video clip updates from us there are numerous methods or methods to produce a VPN networkor Digital Private Community inside the prior videoalready defined about PPTP or Point to Place Tunneling Protocol Within this tutorialI will check out to generate a simulation how we are able to use SSTP or Secure Socket Tunneling Protocol what's the primary difference?conceptually much like PPTP i might be reveal for 2 mechanisms two examples of implementation that may be tried to do the very first is Web-site to Website VPN this method is often usedto join in between two sites that is not possible to utilize Bodily connections for example already distinctive islands or distinctive international locations if during the prior movie using PPTP now we make use of the SSTP process In addition to that we may also use SSTPfor the mobile customer but for SSTP not as versatile as PPTP due to the fact for now not all running devices provide SSTP Shopper feature Promptly I will make a simulation which has a topology similar to this in the event you concentrate or Earlier have not observed the PPTP video tutorial be sure to research this channel since the topology that I use now is identical The form is identical the real difference is only the variety or tunneling technique that will be employed namely SSTP the first step for both of these internet sites should be linked do not need to implement the identical ISP due to the fact in each area it needs to be distinctive Distinctive ISPs, Community IPs also are differentnot a dilemma simply because if you use this SSTP methodcan continue to be linked however server and customer use diverse General public IPs the expression differs segments then for each Business office Every also contains a LAN community the target is concerning these LANs to be able to speak if the belief is website A and website B or Business A and Place of work B thisthe spot has different islands or diverse international locations we will not use Actual physical connections any more or afterwards we could use optical fiber at an incredibly highly-priced Price tag or just take quite a long time for that reason This VPN method is one solutionfast and maybe low-priced if equally internet sites are linked to the net in the picture, There's two routers Router1 is a simulation at the head officeor Business office A There are extra A different router before me acting as Business office B or for a department Business the procedure we must do initially is because We've to hook up with the world wide web we must do The fundamental configuration if you still doubt tips on how to do simple configuration you may master within the videostart the basic Mikrotik configuration on this channel be sure to locate the movie the way in which is how can both of those web-sites of each and every Workplace be linked to the online market place for the reason that in making a VPN connectionwe use the world wide web community to be a virtual interface now i configure it for internet connection around the Place of work B router or here functions as being a department Office environment right here you are able to begin to see the RB951Ui-2HnD Routerwhich is applied for a simulation on the branch Office environment router You can utilize any type of Mikrotik router as a consequence of ways to configure the Mikrotik Routereverything is sort of the exact same for instance I use two connections You will find there's WAN You will find a LAN also then on the community I materialize to later for WAN connections utilizing DHCP Consumer so below I need to set the DHCP consumer incidentally the Connection to the internet employs ether1 here has bought an IP handle far too then for LAN relationship i use ether2 things such as this are still Component of fundamental configuration this one particular is for WAN IPand The underside for LAN IP or nearby community to make it less difficult for me to configure I will include on LAN with DHCP Server we are able to enter into your IP menu then DHCP Server below to configure itMy notebook connects to Ether2 I set get IPso using the DHCP Server so my notebook getsAutomatic IP Deal with and now my notebook is gettingIP Deal with 192.
168.
thirty.
254 following this section is finished don't forget the configurationfor NAT firewalls or scrub NAT masquerade for Out.
The interface causes ether1 When you are continue to confused and doubtful for standard configurations like this make sure you learnin the basic configuration video clip on this channel since We've got talked over in additional detailon the movie if this configuration is finish this time I demonstrated the configuration in one Business thanks to configuration in Business Aalso exactly the same configuration never overlook to provide the name of your routeron the process-id menu for instance I named this router is Office B so later on there will be Workplace Aand also Business B the next action we configure for your SSTP Server we configure the router in office A I took place to acquire well prepared a router which employs IP Tackle 192.
168.
128.
05 which acts as Business office A for VPN configuration on Mikrotik products anything is within the PPP menu so we will enter the PPP menuon the highest left around the Interface tab we are able to lookup there are lots of buttons there is a PPTP Server, There exists a SSTP Server, L2TP Serverand also OpenVPN Server for PPTP reviewed in the past video clip then this time We'll discussabout SSTP Server to configure it is actually listed here when we configure it we click on the SSTP Server button the Exhibit is just not A lot various from when configuring PPTP Server we Test this Enable then our profile selects default encryption OK Within this SSTP Server configurationlater we're supplied a option to decide on a Certification a single difference that may be observed involving PPTP and SSTP on SSTP we can easily use SSL Certificate for Encryption solutions if PPTP takes advantage of TCP port 1723 and you'll find choices at some ISPsblock the port alternatively we can use SSTP which employs the default port 443 This port 443 is similar to the a person utilized for the https Web site so it's extremely unlikelyto be blocked by an ISP for example PPTP cannot be executed we will try An additional alternative, SSTP by using a certification or not employing a certification if the machine takes advantage of the exact same Mikrotik we will test the just one devoid of certificate let us attempt 1st withnot utilize a certificate we Look at to enable SSTP Servicethen click OK for the next actions to make a VPN we really have to make authentication And so the Service side must make Tricks right here You can find an account for sucrets we are able to include or use this present a person for producing techniques similar to PPTPor Yet another sort of VPN for the experiment this time I selected the service particularly to SSTP we can also decide on PPTP when creating a PPTP server or could also select any so that later it can be used for every type of VPN don't forget also to determineLocal and Distant Handle This can be some IP address which will be mounted once the SSTP servicecan be related For instance, for a neighborhood addressI give IP handle ten.
two.
2.
one then to the distant addressusing IP handle ten.
two.
two.
2 for this part allow it to be a pattern to usePrivate IP deal with which can not are installed beforeon the router so that it's going to be easierto handle the IP handle for creating users can modify for instance, it necessitates a lot more than one userwe can perform it by introducing tricks like The underside similar to this Or even only use 1 userdepending on unique requires for SSTP Server configuration just as simple as This is certainly adequate and don't forget to activate the profile within the secretto select default encryption the utilizes for encryptingduring information transactions Therefore if there are concerns”Risk-free or not using a VPN?” the info really should be Harmless because the details is encrypted due to the fact we select the default-encryption profile this is the configuration for your SSTP server router or Business office A then we switch to shopper configuration or Workplace B Office environment B We are going to specify as SSTP Shopper I have now remotely router for Office environment B will not overlook the router ways for configuration are Just about exactly the same first we enter the PPP menu we Look at 1st to connect to the server can pingto the general public IP handle or not the best way to enter the terminal menuthen do ping Ping 192.
168.
128.
one hundred and five for the experiment this timeI simulate this 192.
168.
128.
one zero five is actually a Public IP for an Business office A Server then we enter previously observed reply implies we will connect with the server's IP tackle then we make the SSTP customer we enter the PPP menu in the Interface tab then we include https://vpngoup.com the SSTP Consumer suppose I give a title with sstp-Centre then to the tab dial out to the Connect To parameterwe fill in the general public IP that is around the server this time we use 192.
168.
128.
105 then The main could be the Consumer parameter the server options ended up now madewith user name1 then my password is “exam” for quite a while thanks to usnot make use of a certification we will disable this parameter Validate Server Address From Certification we are able to use this parameter if the certificate the client and server already exists then we click Alright It ought to be this SSTP link has long been proven or the username and password are appropriately crammed then the R flag will appearin front of this interface if it has been formed similar to this between site A and web page B like you have already got a immediate link utilizing VPN Despite the fact that physically not directly related This SSTP interface will also have an IP tackle specified over the server aspect we can try to check the IP-Deal with menu afterwards a different IP will show up around the sstp-Centre interface This IP tackle is specified immediately from Tricks settings about the server so we need not configure the IP addressManually once the IP deal with to the interface has appeared to connect between LANs on the two internet sites or may be related then we have to increase static routing very first we enter the IP menu then enter the Routes menu and also the IP address in office A is 172.
16.
one.
0 so this time I am able to include to route-list I increase it by urgent the + indication And so forth.
We enter the IP deal with 172.
sixteen.
one.
0/24 Gateway parameters can use IP addresses one example is we fill in IP ten.
2.
two.
1 This can be the IP tackle of the VPN interface because this VPN we can easily far too or included in the PPTP group then we will fill from the Gatewaywith the SSTP interface especially only applies to VPN if Actual physical interfaces cannot such as we made use of itGateway IP Tackle 10.
two.
2.
one then the Route will show up with US flags do not forget for making the return path routing This really is routing from Business B to Place of work A LAN from Office environment A to LAN Office environment Bstatic routing need to even be designed we really need to enter the router in Business A We now have entered the Business A router will also routinely surface latera new interface about the PPP menu in accordance with the title of the username then the IP deal with will even appearon the SSTP interface so we could just make it during the IP-Routes menu we insert new with Dst.
The address will be the IP from the Place of work LAN B 192.
168.
30.
0/24 We fill during the gateway 10.
2.
two.
two then we simply click OK Routing is by now designed we are able to test to examine from the Place of work A router we open New Terminal then we try to ping 192.
168.
thirty.
one we seek to ping all over again to my laptopwith IP 192.
168.
30.
245 appear can presently we also can Ping from Business B By the way my notebook is actually a clientfrom LAN office B to ensure my position is inside the Place of work LAN B if I open a New Terminal on the Laptop computer as an example I Ping to 172.
16.
one.
one glimpse can previously this means amongst LAN in Business A and Business office Balready ready to speak we could use this sort of conversation to accessibility the server at The top office Or possibly You will find there's CCTV machine, File Sharingetc to ensure these LANs can share means Sharing connections for servers, for example, in a department office, there are no this sort of facilities we could use functions similar to this This configuration is comparable to PPTP in the former video the main difference is just while in the tunneling approach now We're going to try Imagine if we use certificates if we did an experiment earlierwithout applying certificates the initial step we are able to check in Office environment Awhich acts to be a Server we can Examine about the PPP menu Energetic Connections tab It will probably be seen applying AES256 encoding Should the previous PPTP strategy encodes it works by using MPPE default if now the SSTP technique works by using AES256 encoding afterwards we can transform this encoding or we are able to modify this encryption through the use of SSL Certificates as We've noticed beforeabout SSL Certificates we may make Self Signed SSL Certificatesand we can make it free of charge How you can? how we will make it on Linuxwith OpenSSL Microtic equipment also are offered a Software for us in order to make SSL certificates what way? how do we enter the Method menu then we enter in the sub menu Certificates so this menu is used to makeSSL certificates on their own by making use of Mikrotik if certainly we do not have Linux to create with Open SSL on this Certificates menu we are able to add there are very important parameters like Nameand Frequent Name but we can also fill in all the parameterswe make CA first we make CA-Templateand I enter the Country ID and we could enter information wholly By way of example, I fill while in the Business Citraweb For instance, I fill inside the Unit Specialized Support for the Widespread Title parameter we must fill in the IP tackle of our Router 192.
168.
128.
105 then click Implement As well as making CA certificates, we have to create a Server then Customer as an example we create Server-Templates the parameters underneath we fill similar to just before I fill from the Prevalent Nameserver we help it become once more for customers and we can make more than one if We now have more than one shopper for example, I will create Consumer-Template I fill during the Nation ID I fill while in the Condition of Yogyakarta then fill in more detail and comprehensive then I fill during the Technological Assist Unitand I enter the Prevalent Identify Consumer immediately after there are actually 3 certificates madethere are CA, Server and Client then we really need to do Self Check in we enter New Terminal mainly because on Mikrotik there is absolutely no GUI menu we are able to make use of the CLI to complete Self Signedthe certificates the way in which we do Using the command”certificates indication” then we style the name from the certificatefor instance, I try the CA to start with the command is such as this then I give the title myCAcertificates if the procedure has completed, a description will seem from the certificates menu with flag in this article we can easily see the KLAT flagK-personal crucial, L-ctrl, A-authority, T-trushted then we could do the Self Register processfor Server and Customer we enter during the Terminal I endeavor to server very first we Visit the name ca that Now we have manufactured right before then we give the name, for example, may be the server It ought to be observed that typing the command Here's Case Delicate one example is, before I manufactured myCA employing lowercase letters and listed here There exists a description in the error mainly because just before I produced it with all funds letters as well as command below will not find the location file so On this second stage I'm able to substitute employing uppercase letters and now the flag description appearson menu certificates the last is for your Customer we kind Command “certificates sign” then we enter ca = myCA and I give name = client so after all the Sign up approach is doneand the KA flag data seems but for Client and server certificates there's no Trusted information how to create these certificates trustworthy? we could make arrangementsthrough the Command Line Interface we kind “reliable certification set consumer = y” we do a similar for certificates serverby typing “reliable certification set server = y” so that later the flag description will appear about the Certificates menu that has a T flag which means Trusted if It is really arrived here then we are able to utilize it for SSTP certification requirements simply because I designed these certificates around the Server router so it will likely be saved on the router server immediately after we signed signed certificatedand offer dependable information we are able to export these certificatesfor us to import towards the consumer how we utilize the CLI With all the command”certification export = certificate” initial step I export myCA firstand I gave a passphrase Yet another a person I really have to exportfor the customer certification we can export the results on the Information menuand you will find 2 file styles, namely * .
crt and * essential we can easily obtain these 4 data files which later on we will import to the customer router I've saved it to my Pc desktopthere are a number of documents observed listed here, you'll find * .
crucial and * crt then we enter the Business office B routeror in to the Consumer router on this router consumer we uploadfor the certificate file that We've produced the way is we add the file into the Information menu I choose all filesfor all those who have the * crt and * .
key extensions Just about every has 2 files myCA has two filesand the consumer also has * .
crt and * .
important following that we click on open previously seen moving into here if It can be presently from the Documents menuthen we enter the Certificates menu problems to the router shopper don't have any certificateswe can perform import we could do import certificatesfirst doable for myCA very first then we import do not forget to import * .
key also for myCA filesso that it could be trusted import far more certification documents for your shopper then we also import The true secret file with the customer making sure that both types