Community discussions

MikroTik App
 
thomassocz
just joined
Topic Author
Posts: 16
Joined: Sat Sep 17, 2022 1:55 pm

Always On VPN with MikroTik Configuration

Wed Dec 07, 2022 10:11 pm

Hello,

I want to configure Always On VPN User & Device Tunnel in our small office network. Here is my scenario:

Image

The problem is that all deployment guides assume that every office has multiple servers and the official Microsoft deployment guide assumes that a Windows server will be used as the remote access server. But in my setup, I only have a single MikroTik router and a single Windows Server machine (which is also my certification authority in the network).

I've read tons of documentation on both MikroTik and Windows Server, but I'm still confused about certain steps - this must be a very typical setup for many businesses. Is there any definitive guide how to set this up for reference? I would very much appreciate that :)

Thanks a lot.
Tomas
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Always On VPN with MikroTik Configuration

Fri Dec 09, 2022 3:37 am

I don't know if Windows domain has any special requirements, but can't you simply split it into two "independent" parts?

1) VPN for clients that will allow them to access 192.168.0.0/24
2) domain-joined devices that are either in different subnet (could be VPN as well as just another subnet connected to router), or even in same subnet but without L2 connectivity (using proxy ARP)

And then it would just "click" together. Access to VPN could have either separate credentials, or maybe it could be controlled by domain too, but unfortunately I can't tell you much about that (IPSec identity has auth-method=eap-radius, so maybe that could be used).
 
thomassocz
just joined
Topic Author
Posts: 16
Joined: Sat Sep 17, 2022 1:55 pm

Re: Always On VPN with MikroTik Configuration

Fri Dec 16, 2022 7:36 pm

Hello, sorry for my late reply, I wasn't checking the forum very often.

I tried that - a Mikrotik SSTP server... I almost made it work, I could ping everything within my business network (including hostnames) and I could even connect to the server via remote desktop, but I wasn't able to access my shared files, the SQL server and so on. It said something about "failing to connect to the domain controller in order to authenticate". I asked about this on Microsoft forums, without any resolution.
 
User avatar
cfikes
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Dec 08, 2014 9:14 pm
Location: Texas
Contact:

Re: Always On VPN with MikroTik Configuration

Fri Dec 16, 2022 9:05 pm

"failing to connect to the domain controller in order to authenticate".
For Active Directory to work, you will need to make sure that your DNS settings for the client needing to access AD resources are pointing at one of the domain controllers.
 
thomassocz
just joined
Topic Author
Posts: 16
Joined: Sat Sep 17, 2022 1:55 pm

Re: Always On VPN with MikroTik Configuration

Fri Dec 16, 2022 10:45 pm

Thank you for the reply. On the Mikrotik SSTP server, the DNS server record was pointing to the domain controller itself (hence being able to ping hostnames on the corp network), and I still got the error.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Always On VPN with MikroTik Configuration

Sat Dec 17, 2022 3:04 am

You could try wireguard VPN tunnel, assuming the RB3011 has a reachable public IP. Its fast, easy and works....
 
thomassocz
just joined
Topic Author
Posts: 16
Joined: Sat Sep 17, 2022 1:55 pm

Re: Always On VPN with MikroTik Configuration

Sat Dec 17, 2022 11:32 am

Yes it does, thanks, I will give it a go and let you know if it worked :)
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Always On VPN with MikroTik Configuration

Sat Dec 17, 2022 7:19 pm

Who is online

Users browsing this forum: Google [Bot], GoogleOther [Bot], NetTecture, RobertsN, sinisa and 77 guests