VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Good day Guyswelcome again all over again on Mikrotik Indonesia channel Youtube Channel that should give guidelines and tricksabout Mikrotik this time I will continuetutorial collection on VPN on earlier videothat provided by my good friends 1st video there was a VPN introduction then You can find PPTP then for that nextI will make clear about SSTP or Protected Socket Tunneling Protocol ahead of continue on into the video rationalization do not forget for you to Subscribe then simply click the bell button so that you getthe hottest video updates from us there are various approaches or methods to create a VPN networkor Digital Non-public Network from the prior videoalready discussed about PPTP or Stage to Position Tunneling Protocol On this tutorialI will attempt for making a simulation how we could use SSTP or Safe Socket Tunneling Protocol what is actually the real difference?conceptually much like PPTP i might be demonstrate for 2 mechanisms two samples of implementation that may be made an effort to do the initial is Internet site to Website VPN this process is commonly usedto link amongst 2 web-sites that is not possible to employ physical connections as an example previously unique islands or various nations if inside the previous video clip applying PPTP now we use the SSTP process Aside from that we can also use SSTPfor the cellular customer but for SSTP not as flexible as PPTP due to the fact for now not all functioning methods present SSTP Shopper function Quickly I is likely to make a simulation by using a topology such as this when you pay attention or previously haven't witnessed the PPTP video tutorial you should look for this channel because the topology which i use now is identical The form is similar the main difference is just the sort or tunneling strategy that may be utilized specifically SSTP the first step for both of these web pages should be connected don't have to make use of the same ISP simply because in Every location it should be diverse Distinctive ISPs, Community IPs are differentnot a difficulty since if you employ this SSTP methodcan however be related although server and consumer use different Public IPs the time period is different segments then for every Workplace Each and every also incorporates a LAN network the objective is amongst these LANs so as to speak if the assumption is web-site A and website B or office A and office B thisthe spot has diverse islands or different international locations we will not use Actual physical connections any longer or afterwards we will use optical fiber at an exceedingly costly cost or just take a long time thus This VPN approach is a person solutionfast and maybe inexpensive if each web sites are linked to the online world in the image, There's two routers Router1 is a simulation at the head officeor Business office A You will discover extra A different router in front of me acting as Office environment B or as being a department Place of work the method we have to do first is mainly because Now we have to connect with the net we have to do The essential configuration if you continue to question tips on how to do standard configuration you are able to study over the videostart The essential Mikrotik configuration on this channel remember to discover the online video the way in which is how can both equally web-sites of each and every office be connected to the online world simply because in earning a VPN connectionwe use the world wide web community to be a Digital interface now i configure it for internet connection about the Business office B router or here acts like a branch Workplace right here you could see the RB951Ui-2HnD Routerwhich is utilised to be a simulation from the department Business router You should use any kind of Mikrotik router because of the way to configure the Mikrotik Routereverything is sort of the same for example I exploit two connections there is a WAN You will find a LAN much too then over the network I take place to later on for WAN connections applying DHCP Customer so below I must established the DHCP client By the way the internet connection uses ether1 right here has acquired an IP address far too then for LAN link I take advantage of ether2 things like this remain part of simple configuration this one particular is for WAN IPand the bottom for LAN IP or community network to make it easier for me to configure I'll insert on LAN with DHCP Server we can enter into your IP menu then DHCP Server below to configure itMy laptop computer connects to Ether2 I set get hold of IPso utilizing the DHCP Server so my laptop computer getsAutomatic IP Handle and now my laptop is gettingIP Handle 192.
168.
30.
254 immediately after this area is finished don't forget the configurationfor NAT firewalls or scrub NAT masquerade for Out.
The interface results in ether1 In case you are still bewildered and doubtful for standard configurations such as this please learnin The essential configuration online video on this channel for the reason that We've got discussed in more detailon the movie if this configuration is full this time I shown the configuration in one Business office on account of configuration in Place of work Aalso a similar configuration usually do not neglect to give the identify on the routeron the system-identity menu such as I named this router is Business office B so later there'll be Office environment Aand also Business B the subsequent move we configure for the SSTP Server we configure the router in Place of work A I occurred to get well prepared a router which makes use of IP Deal with 192.
168.
128.
05 which functions as Workplace A for VPN configuration on Mikrotik gadgets almost everything is within the PPP menu so we are able to enter the PPP menuon the very best left over the Interface tab we could research there are many buttons there is a PPTP Server, You will find there's SSTP Server, L2TP Serverand also OpenVPN Server for PPTP reviewed inside the previous video clip then this time We're going to discussabout SSTP Server to configure it is actually right here after we configure it we click the SSTP Server button the Screen https://vpngoup.com just isn't much distinct from when configuring PPTP Server we Examine this Enable then our profile selects default encryption OK Within this SSTP Server configurationlater we've been presented a choice to decide on a Certification one particular change that could be viewed amongst PPTP and SSTP on SSTP we are able to use SSL Certificate for Encryption choices if PPTP uses TCP port 1723 and you will discover opportunities at some ISPsblock the port alternatively we can use SSTP which makes use of the default port 443 This port 443 is similar to the 1 useful for the https Internet site so it's extremely unlikelyto be blocked by an ISP for example PPTP cannot be executed we could check out An additional substitute, SSTP by making use of a certification or not using a certification In the event the product works by using a similar Mikrotik We are going to test the just one without certification let's try out to start with withnot make use of a certificate we Verify to empower SSTP Servicethen click on OK for another actions to produce a VPN we must make authentication so the Company facet needs to make Secrets and techniques below There may be an account for sucrets we are able to increase or use this current one for producing techniques the same as PPTPor A further form of VPN to the experiment this time I selected the service specifically to SSTP we can also pick PPTP when creating a PPTP server or can also decide on any in order that later on it may be used for every type of VPN do not forget also to determineLocal and Remote Handle This is certainly some IP address which can be mounted when the SSTP servicecan be linked As an example, for a Local addressI give IP deal with ten.
2.
two.
one then for the distant addressusing IP handle ten.
two.
two.
2 for this part help it become a behavior to usePrivate IP tackle which can not are actually put in beforeon the router so that it'll be easierto manage the IP address for producing consumers can alter for example, it involves in excess of one userwe can do it by incorporating secrets like the bottom like this Or perhaps only use 1 userdepending on person wants for SSTP Server configuration just as simple as This can be plenty of and remember to activate the profile from the secretto choose default encryption the works by using for encryptingduring facts transactions Therefore if there are issues”Safe and sound or not employing a VPN?” the data need to be Risk-free as the information is encrypted simply because we pick the default-encryption profile This is actually the configuration with the SSTP server router or Place of work A then we swap to shopper configuration or Office environment B Workplace B We are going to specify as SSTP Shopper I've now remotely router for Business B never overlook the router measures for configuration are Practically exactly the same first we enter the PPP menu we Verify very first to connect to the server can pingto the general public IP tackle or not how to enter the terminal menuthen do ping Ping 192.
168.
128.
a hundred and five with the experiment this timeI simulate this 192.
168.
128.
105 is a Community IP for an Office A Server then we enter previously seen reply signifies we can connect with the server's IP address then we make the SSTP consumer we enter the PPP menu during the Interface tab then we increase the SSTP Shopper suppose I give a identify with sstp-center then with the tab dial out with the Connect To parameterwe fill in the general public IP that's about the server this time we use 192.
168.
128.
a hundred and five then A very powerful would be the Consumer parameter the server configurations were being currently madewith consumer name1 then my password is “take a look at” for quite a while thanks to usnot make use of a certification we could disable this parameter Confirm Server Deal with From Certification we will use this parameter If your certification the consumer and server currently exists then we click on OK It should be that this SSTP link is founded or the username and password are accurately filled then the R flag will appearin entrance of the interface if it's been shaped like this amongst web-site A and website B as though you already have a immediate connection using VPN Even though physically not directly linked This SSTP interface will even have an IP address specified about the server side we are able to try to check the IP-Deal with menu later on a brand new IP will look about the sstp-Heart interface This IP tackle is provided immediately from Techniques configurations on the server so we needn't configure the IP addressManually after the IP address around the interface has appeared to attach amongst LANs on equally web pages or might be connected then we must add static routing to start with we enter the IP menu then enter the Routes menu and also the IP handle in Workplace A is 172.
16.
one.
0 so this time I can incorporate to route-listing I incorporate it by pressing the + indicator And so on.
We enter the IP deal with 172.
sixteen.
one.
0/24 Gateway parameters can use IP addresses one example is we fill in IP 10.
two.
2.
one This is actually the IP address on the VPN interface since this VPN we can easily too or A part of the PPTP group then we can fill from the Gatewaywith the SSTP interface specifically only applies to VPN if physical interfaces are unable to for instance we made use of itGateway IP Deal with 10.
2.
two.
1 then the Route will look with US flags do not forget to help make the return route routing This is often routing from Workplace B to Business A LAN from office A to LAN Workplace Bstatic routing need to even be designed we really need to enter the router in Place of work A we have entered the Workplace A router will likely immediately surface latera new interface about the PPP menu in accordance with the title of your username then the IP address may also appearon the SSTP interface so we can just enable it to be inside the IP-Routes menu we insert new with Dst.
The deal with could be the IP in the Office environment LAN B 192.
168.
30.
0/24 We fill during the gateway ten.
two.
two.
two then we simply click Okay Routing is by now designed we are able to consider to examine through the office A router we open New Terminal then we try and ping 192.
168.
thirty.
1 we make an effort to ping all over again to my laptopwith IP 192.
168.
30.
245 look can presently we may Ping from Workplace B By the way my laptop computer can be a clientfrom LAN Workplace B so that my situation is in the Business LAN B if I open a whole new Terminal on the Laptop computer for example I Ping to 172.
16.
1.
1 look can previously indicating amongst LAN in Business office A and Business office Balready ready to communicate we can use this type of conversation to obtain the server at The pinnacle Business Or perhaps There's a CCTV machine, File Sharingetc to ensure these LANs can share resources Sharing connections for servers, for instance, at a branch Office environment, there won't be any this sort of amenities we are able to use characteristics similar to this This configuration is similar to PPTP while in the former video clip the primary difference is only inside the tunneling system now We'll test what if we use certificates if we did an experiment earlierwithout implementing certificates the first step we are able to check in Office Awhich acts as a Server we are able to Test over the PPP menu Lively Connections tab It'll be noticed applying AES256 encoding Should the past PPTP process encodes it uses MPPE default if now the SSTP technique takes advantage of AES256 encoding later we are able to modify this encoding or we can easily change this encryption through the use of SSL Certificates as We now have found beforeabout SSL Certificates we may make Self Signed SSL Certificatesand we could make it totally free The way to? just how we may make it on Linuxwith OpenSSL Microtic units are provided a Device for us in order to make SSL certificates what way? how do we enter the Technique menu then we enter into the sub menu Certificates so this menu is utilized to makeSSL certificates them selves by utilizing Mikrotik if indeed we do not have Linux to produce with Open SSL on this Certificates menu we are able to incorporate there are very important parameters like Nameand Common Identify but we can also fill in every one of the parameterswe make CA initially we make CA-Templateand I enter the Nation ID and we are able to enter info fully For instance, I fill inside the Firm Citraweb For instance, I fill in the Unit Complex Assistance for the Prevalent Title parameter we have to fill in the IP deal with of our Router 192.
168.
128.
105 then click on Implement Together with earning CA certificates, we must create a Server then Shopper as an example we make Server-Templates the parameters down below we fill the same as before I fill while in the Common Nameserver we make it yet again for customers and we can make more than one if We've multiple client by way of example, I will make Shopper-Template I fill in the State ID I fill while in the State of Yogyakarta then fill in more element and comprehensive then I fill in the Technological Assistance Unitand I enter the Prevalent Name Consumer soon after you'll find 3 certificates madethere are CA, Server and Shopper then we must do Self Check in we enter New Terminal since on Mikrotik there is not any GUI menu we are able to use the CLI to carry out Self Signedthe certificates the way we do With all the command”certificates indicator” then we style the title in the certificatefor case in point, I attempt the CA initial the command is like this then I provide the identify myCAcertificates if the procedure has completed, an outline will look while in the certificates menu with flag below we can begin to see the KLAT flagK-non-public vital, L-ctrl, A-authority, T-trushted then we could do the Self Sign up processfor Server and Shopper we enter while in the Terminal I make an effort to server initial we Visit the name ca that we have built right before then we provide the identify, by way of example, may be the server It ought to be famous that typing the command Here's Situation Delicate for example, before I manufactured myCA making use of lowercase letters and right here There's an outline of the mistake simply because prior to I produced it with all capital letters and also the command below won't find the desired destination file so During this next phase I am able to replace using uppercase letters and now the flag description appearson menu certificates the last is for the Customer we kind Command “certificates sign” then we enter ca = myCA and I give name = consumer so In any case the Register system is doneand the KA flag data appears but for Customer and server certificates there isn't any Trusted facts how to generate these certificates reliable? we may make arrangementsthrough the Command Line Interface we form “reliable certification established shopper = y” we do the exact same for certificates serverby typing “trustworthy certification established server = y” to ensure later the flag description will appear on the Certificates menu which has a T flag which suggests Trusted if It can be arrived right here then we can easily utilize it for SSTP certificate desires mainly because I designed these certificates within the Server router so it will also be stored within the router server soon after we signed signed certificatedand deliver trusted information we are able to export these certificatesfor us to import for the consumer the best way we make use of the CLI Along with the command”certificate export = certificate” initial step I export myCA firstand I gave a passphrase Yet another a person I really have to exportfor the consumer certification we will export the effects around the Files menuand you'll find 2 file sorts, specifically * .
crt and * essential we can down load these 4 information which afterwards we will import into your client router I've saved it to my Laptop desktopthere are quite a few data files viewed here, there are actually * .
critical and * crt then we enter the Business B routeror into the Customer router on this router client we uploadfor the certification file that Now we have built the best way is we add the file on the Information menu I select all filesfor all those who have the * crt and * .
essential extensions Just about every has two documents myCA has two filesand the consumer also has * .
crt and * .
essential following that we click on open already witnessed getting into here if It really is currently during the Data files menuthen we enter the Certificates menu disorders around the router consumer don't have any certificateswe can do import we can easily do import certificatesfirst doable for myCA initially then we import don't forget to import * .
vital also for myCA filesso that it may be reliable import much more certificate documents to the client then we also import The