Good morning, i’m just approching to mikrotik routerboard, i need to have a custom default configuration in order to not lose setting after a reset through the reset button.
I red some articles on the wiki but they seems to be old and not working, i’m talking about the “Netinstall guide”, i tried everything there but i’m unable to let Netinstall see my device (right now i’m working with a RB2011UiAS-RM)
Do i need netinstall or flashfig to place my custom default configuration?
I also want to remote control this device from outside the network without port redirection on firewall, i red about SSTP, if i understood it should be something like a VPN that works very well without port redirection, how can i configure such service?
I also want to remote control this device from outside the network without port redirection on firewall, i red about SSTP, if i understood it should be something like a VPN that works very well without port redirection, how can i configure such service?
Thanks a lot for your reply, regarding the first question, do i need Netinstall of Flashfig to do what i need?
I tried to let netinstall find my mikrotik with no luck, my procedure is:
enabling Net Boot server on netinstall giving an IP inside the range of mikrotik and notebook
connect directly through ethernet my notebook to the port 2 of mikrotik (i tried multiple port), IP assigned to mikrotik is 192.168.88.1, my laptop 192.168.88.99, net boot server 192.168.88.2, Flashfig boot client 192.168.88.3
Power on mikrotik pressing reset button for 15 seconds (ether boot show up on LCD panel but Netinstall won’t see it)
I also tried to connect mikrotik to Port 1 as stated on the wiki, on that port i need to use a DHCP server under 192.168.1.0 subnet but no luck also in this scenario.
In fact i create client/server certificate, configured SSTP server, created user and installed the previously created certificate on the client i intended to use but the server won’t reply to my sstp connection request.
This is the config i’m using:
Telephone line arrive on a Draytek router
Mikrotik is connected through ethernet in DHCP from draytek (WAN 192.168.1.12, LAN 192.168.88.1)
This is my print result on mikrotik:
[admin@MikroTik] > /interface sstp-server server print
enabled: yes
port: 443
max-mtu: 1500
max-mru: 1500
mrru: disabled
keepalive-timeout: 60
default-profile: default
authentication: mschap2
certificate: server
verify-client-certificate: no
force-aes: no
[admin@MikroTik] > /ppp secret print
Flags: X - disabled
# NAME SERVICE CALLER-ID PASSWORD PROFILE REMOTE-ADDRESS
0 sstp1 sstp 123 default 192.168.88.250
Where 192.168.88.250 is the computer i want to connect to, or should i connect to 192.168.88.1?
The certificate is the following:
[admin@MikroTik] /certificate> print detail
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted
0 K L A T name="myCa" common-name="myCa" key-size=2048 days-valid=365 trusted=yes key-usage=key-cert-sign,crl-sign ca-crl-host="EXTERNAL_IP_ADDRESS_WHERE_DRAYTEK+MIKROTIK_ARE_CONNECTED"
serial-number="1" fingerprint="31a719d15ad21176353fd395f3aa58326cca5107" invalid-before=jan/02/1970 00:18:53 invalid-after=jan/02/1971 00:18:53
1 K I T name="server" common-name="server" key-size=2048 days-valid=365 trusted=yes ca=myCa serial-number="1"
fingerprint="2564c4a206829b43351b5696c2eee8d1d5dd2685" invalid-before=jan/02/1970 00:19:53 invalid-after=jan/02/1971 00:19:53
2 K I name="client1" common-name="client1" key-size=2048 days-valid=365 trusted=no ca=myCa serial-number="2"
fingerprint="96ffba0b2d98729a5b5853c81f34e25cc4adf6fc" invalid-before=jan/02/1970 00:20:37 invalid-after=jan/02/1971 00:20:37
3 K I name="client2" common-name="client2" key-size=2048 days-valid=365 trusted=no ca=myCa serial-number="3"
fingerprint="164be515d05d3457a82ac70567667a0b810a06ec" invalid-before=jan/02/1970 00:20:54 invalid-after=jan/02/1971 00:20:54