good day just want to ask help to those who knows how to configure mikrotik vpn for celfone user
i have a new mikrotik router rb951ui. i want to configure a vpn on my mikrotik so that my families and friends in other province can connect to the internet via my vpn set up in mikrotik.
i dont know on how can i do that. is there anyone who could help me to configure. thank you and hoping to hear from you soon
You need to enable the l2tp server: configure IPsec secret (shard secret) and authentication
You need to create your IPsec Policy
You need to create your IPsec Peers (allow any IP or restrict, not usually a good idea unless users have static IPs)
You need to create your IPsec Proposals (level of encryption)
You need to create a Pool of IP addresses for your VPN Users
You need to create your PPP Profiles (identify Local Address: DG of VPN [simple definition] Remote Address: IP pool VPN users get their VPN IP from
You need to create PPP secrets: this is where you can create usernames and assign passwords for login. You also identify what service is used (i.e. l2tp) select profile and select the Local address (see above) remote address (here you can simply select the pool or provide a specific IP from that pool) You can also enable simple bandwidth controls here as well.
Optional:
Create interfaces in PPP and tie that to the usernames you already created (allows for easier monitoring of user traffic, for me that is)
Finally:
You need to add the VPN IP Pool of addresses to your NAT
do you have a simple video link like youtube of the procedure above? i see in you tube some tutorials but intended for the pc and mac computer. there is no for celfone/ android
okey thank you sir revelation. it would be more great if you provide some steps / procedure in configuring vpn in mikrotik for celfone users. i have no idea of configuring mikrotik so im very thankful if someone could do it even simple configuration , either its pptp or whatever form of vpn service. and since you try already to configure l2tp vpn , could you mind if you share it for me ? thank you very much in advance sir revelation.
thank you very much sir revelation. i will try your given instruction. if im going to give a 1 mbps per user, where i am going to config? can you give an example of that? also that example you give is for 3 user only right? if i will add user until 20 celfon, im planning to have 20 celfon user/clienti will create the remote adress like 192.168.100.XX something like that right? correct me if im wrong. also, do you mind , what is the set up on celfon paramters?what will i use server name, etc…??
than you sir revelation and hoping to hear from you again. ..
Easiest way that I can think of to add rate-limiting to the VPN users is under the PPP profile - add the following item: rate-limit=“1000”
You can create as many users as you want, I provided a couple of examples. Two with a specific IP and one that will get a random IP from the pool that was created so you can see the difference. There are no special settings on cell phone user’s devices. They will input your Public IP address, shared secret and L2TP. Then they will follow whatever prompts on their respective device to input their username and password.
thank you very much sir revelation for helping me. i will try your sample config next week may 09,2017(my whole day off) as i will be helping my co employee on their mid year inventory. i work in a chain of convenience store in our country.by the way sir revelation, based on your examples of confg, what are the two specific ip and 1 random ip? and also based on your example , the public ip ad is 192.168.100.1? pls correct me if im wrong. .. sorry im newbie sir revelation
This is the example of assigning a specific IP versus random IP to a VPN user.
add local-address=192.168.100.1 name=User3 password=“///redacted///” profile=default-encryption remote-address=192.168.100.10 service=l2tp
add disabled=yes local-address=192.168.100.1 name=User4 password=“///redacted///” profile=default-encryption remote-address=“” service=l2tp
The local address is the IP on the Router itself, the WAN IP is a different IP. On my configs, I used the WAN interface versus the IP as I get a dynamically assigned IP from my ISP. Using the interface in the settings prevents me from having to update my settings whenever there is an IP change.
P.S. I don’t mind helping people out, you need to start trying things for yourself, do some research and then come back asking for assistance.
sir revelation, id like to apologized that it is really a headache for me regarding your tutorials on how the celfone users can connect to the internet using vpn configuration of mikrotik router. i really dont know on how to do it. can you help me on how to configure? is it possible to help me the config via script terminal (dont know the exact term) , meaning i just only copy paste the script to the terminal command?
sir revelation, just email me @ billyrobediso@yahoo.com. if how much should i pay in your script config? hope its not really expensive. hehehehe. i lived in a 3rd world countries.
hoping to hear you soon and hoping you emailed me . thank you very much sir revelation
Using the WinBox GUI, under Quick Set there is a VPN option. Enable “VPN Access” and enter a secret. I confirmed this works for iOS and MacOSX using the L2TP/IPSEC VPN clients. You login using user “vpn” and you set the secret and password to the secret you entered on the Quick Set page. I had to also add firewall filter rules to open ports 500 and 4500 to get it to work. This is under IP->Firewall in the WinBox GUI. Add a filter rule in the Input chain to accept UDP ports 500 and 4500.
To connect from your client you need to know the IP of the MikroTik with the dynamic IP. Again in WinBox, open IP->Cloud. You will see a dialog box to enable a dynamic DNS for your router. Enable this and you can then connect to your router at XXX.sn.mynetname.net from your client.
For your clients to access the Internet through the VPN, you will need to check “Send all traffic” or the equivalent setting on the VPN client.
thank you sir stshaw for your comments. sad to say, i really dont know on how to configure. do you have a scripts file sir so that i only copy paste the command? how much i would spend if you will configure on this kind of set up sir stshaw?