We have implemented a site to site setup (
MikroTik Setup.pdf (42.5 KB)
).
We would like to encrypt the traffic (even though it is a very short distance between sites).
Would anyone have some complete step by step instructions on how to achieve this? I have found some examples online, but they are missing explanation of some of the key details.
Any help would be appreciated!
-Tim T.
The information provided is pretty little.
In case it is just a transparent bridge, you can only encrypt the transport link.
If your links are running 802.11, first step would be to encrypt the w/l traffic with WPA2-PSK. Create identical security profiles on each end of a link and use them in the wireless interfaces. Done.
When running nv2, tick “security” and enter a PSK, done.
If the links are w60g, make sure you ticked “security” and have an identical PSK on both ends.
If traffic is routed, you could even add ipsec encyrption over the (still encrypted) link.
-Chris
Sorry for the lack of detail. My understanding is that this is a simple point to point setup between 2 MikroTik antennae. If useful, here is the running-config:
_# jul/27/2020 03:54:36 by RouterOS 6.47.1
/interface bridge
add admin-mac=C4:AD:34:68:E0:3C auto-mac=no comment=defconf name=bridge
/interface w60g
set [ find ] disabled=no frequency=58320 mode=bridge name=wlan60-1
put-stations-in-bridge=bridge ssid=MikroTik-68e03c
/interface w60g station
add mac-address=C4:AD:34:68:E0:3D name=wlan60-station-1 parent=wlan60-1
remote-address=C4:AD:34:68:EA:DD
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/user group
set full policy="local,telnet,ssh,ftp,reboot,read,write,policy,test,winbox,passw
ord,web,sniff,sensitive,api,romon,dude,tikapp"
/interface bridge port
add bridge=bridge comment=defconf interface=ether1
/interface list member
add interface=wlan60-1 list=WAN
add interface=bridge list=LAN
/ip address
add address=10.9.11.247/20 comment=defconf interface=ether1 network=10.9.0.0
/ip dns
set servers=10.9.10.100,8.8.8.8
/ip service
set www disabled=yes
set www-ssl certificate=Webfig disabled=no
/system identity
set name="Master 1"
/system ntp client
set enabled=yes primary-ntp=10.9.8.56_
I would simply like to encrypt the traffic between the 2.
Thanks!
-Tim
Now that’s simple.
execute this command on both ends, station side first:
/int w60g set [find] password=yoursafepassword
After they reconnect, traffic is encrypted.
-Chris
Thank you so much for the command!!
We have a dual link setup for this site and I just performed on both ends of one of the links. Is there any way to verify that the traffic is now encrypted?