Community discussions

MikroTik App
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

How to configure 450g with this setup

Tue May 11, 2010 11:42 am

Hi all

Kindly refer to this:

Image

As you can see I wish to configure the 450g to act as a firewall and also I wish to make it a VPN server. How can I configure it in this manner and to be as secure as possible?

Thanks for your help!
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: How to configure 450g with this setup

Tue May 11, 2010 1:55 pm

I do not see any problems to use RouterBOARD for VPN server, just choose one of the supported servers,
http://wiki.mikrotik.com/wiki/Category:Manual (<---- Look for VPN chapter).

Use /ip firewall filter for the firewall.
Firewall configuration depends on the way, you want to secure the router.
Use chain=input to secure access to it,
- allow only IP address you will use for router management;
- allow VPN client address and used port/protocol;
- drop everything else.
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Tue May 11, 2010 2:04 pm

I do not see any problems to use RouterBOARD for VPN server, just choose one of the supported servers,
http://wiki.mikrotik.com/wiki/Category:Manual (<---- Look for VPN chapter).

Use /ip firewall filter for the firewall.
Firewall configuration depends on the way, you want to secure the router.
Use chain=input to secure access to it,
- allow only IP address you will use for router management;
- allow VPN client address and used port/protocol;
- drop everything else.

isnt there a simpler setup? like with WINBOX? i am kinda new to this stuff :?
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6695
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Re: How to configure 450g with this setup

Tue May 11, 2010 4:26 pm

All the console commands are just the same as Winbox commands.
The same sequence is used, look at the console command and reproduce them in Winbox (it should be quite much the same).
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Tue May 11, 2010 4:53 pm

ok guys i ll give it a try. thanks
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Wed May 12, 2010 10:07 am

Hi all. Been trying to configure the 450g but I cant find some settings. Can someone tell me how to find these:

- enable IPSEC
- enable L2TP over IPSEC
- enable PPTP
- create VPN users
- allow ping from WWW
- configure virtual server (port forward)
- NAT configuration
- setup default route

Thanks
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: How to configure 450g with this setup

Wed May 12, 2010 5:27 pm

For 1-4:
What packages do you have installed on the 450?
Refer to this Wiki page to know what you need:
http://wiki.mikrotik.com/wiki/Manual:System/Packages
Most of enabling IPSec/PPTP are done under the PPP menu. Read the Wiki for examples for what situation that you want to duplicate and adjust for your situation.

For 5:
ICMP is allowed by default on the MikroTik, you have to explicitly filter out that for it to not work. These are not like dumb Linksys routers that assume a lot of things, and keep a ton of things hidden. You are expected with a MikroTik to set up your own security and filters. Read up on the firewall and securing your router in the Wiki for examples of how to do this.

For 6 and 7:
Port forwarding and nat rules are done in /firewall nat.
For port forwarding set up what you need on chain dstnat with action dst-nat.
For other NAT settings we would need to know what you are trying to do specifically, but once again, most of the information you need is contained in the Wiki, find something similar to what you want to do and read up on that.

For 8:
This is done in /ip route
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Wed May 12, 2010 5:38 pm

thanks :D
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Thu May 13, 2010 11:31 am

Hi all

Since my last post I manage to configure the router. Only problem left now is that I cannot connect to it from a remote location via VPN. Funny thing is that I can connect via the PPTP service when on the same network though...

scenario:

LAPTOP ---- LAN ---- MIKROTIK ---- WAN (in this way I can connect with a VPN connection without problems)

LAPTOP ---- ROUTER ---- MODEM ----- WWW ---- MIKROTIK (I am able to ping ETH1 but cant establish PPTP conn)

Pls help thanks
 
Feklar
Forum Guru
Forum Guru
Posts: 1724
Joined: Tue Dec 01, 2009 11:46 pm

Re: How to configure 450g with this setup

Thu May 13, 2010 6:08 pm

What kind of VPN are you trying to use?

If it's L2TP/IPSec, Mikrotik doesn't like it when you are behind a NAT router, I think it has something to do with the way it handles the NAT helper. If you are on a real public IP, does it work?

If you are using PPTP, can you do an export of your ppp settings so we can see the config? Don't forget to anonymize the data.
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Mon May 17, 2010 3:07 pm

Hi all! One FINAL tweak left.

I managed to connect from another location to the VPN server I have setup. In fact I was in a different country and it did LOG in! Only problem is that I couldn't ping internal machines when I connected to the VPN! What might I be missing here?

Topology:
Image

IP Scheme (note colors - same color means same value)
Image
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Tue Jun 08, 2010 10:28 am

ANY HELP PLS?

I am connecting via VPN but cant ping internal hosts!
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8709
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: How to configure 450g with this setup

Fri Jun 11, 2010 10:31 pm

enable Proxy-ARP?..
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Tue Jul 06, 2010 2:39 pm

I enabled proxy-arp but still no luck - can't ping internal hosts...

See this:

Image


Any other ideas?
 
ramon82
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Fri Apr 30, 2010 2:19 pm

Re: How to configure 450g with this setup

Thu Jul 08, 2010 1:34 pm

Finally I managed to find the solution. Just enabled proxy-arp on the BRIDGE interface!

Thanks

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], gigabyte091, onnyloh, RobertsN, TheCat12 and 82 guests