VPNGoupCom Herkes çevrimiçi güvenlik ve gizlilik konusunda endişe ve kişisel bilgilerini ve tarama alışkanlıkları ortaya istemiyoruz, VPN harika bir çözüm
Howdy Guyswelcome back again once more on Mikrotik Indonesia channel Youtube Channel which will deliver suggestions and tricksabout Mikrotik this time I will continuetutorial collection on VPN on prior videothat provided by my pals 1st movie there was a VPN introduction then there is PPTP then for the nextI will explain about SSTP or Safe Socket Tunneling Protocol prior to continue to the online video rationalization remember that you should Subscribe then click the bell button so you getthe most up-to-date movie updates from us there are several methods or strategies to produce a VPN networkor Digital Personal Network during the former videoalready described about PPTP or Place to Position Tunneling Protocol Within this tutorialI will attempt to help make a simulation how we will use SSTP or Protected Socket Tunneling Protocol what is the difference?conceptually just like PPTP i will probably be clarify for two mechanisms two examples of implementation that should be attempted to do the main is Web site to Web-site VPN this technique is commonly usedto link between two web-sites that's impossible to utilize Actual physical connections such as by now different islands or different nations if inside the earlier online video employing PPTP now we use the SSTP technique Other than that we might also use SSTPfor the cell consumer but for SSTP not as flexible as PPTP since for now not all operating methods deliver SSTP Client attribute Immediately I will make a simulation with a topology like this should you concentrate or Formerly have not noticed the PPTP online video tutorial remember to research this channel because the topology which i use now is the same the shape is identical the primary difference is only the variety or tunneling approach which will be utilised specifically SSTP step one for both of these web-sites have to be linked do not need to work with precisely the same ISP due to the fact in Each and every location it need to be distinctive Different ISPs, Public IPs are differentnot a difficulty because if you utilize this SSTP methodcan nevertheless be connected though server and customer use distinct Public IPs the term is different segments then for each Place of work Every single also has a LAN community the target is in between these LANs if you want to speak if the belief is web page A and site B or Office environment A and Workplace B thisthe location has different islands or unique countries we won't use physical connections any more or afterwards we will use optical fiber at a very pricey Value or take quite a long time as a result This VPN process is 1 solutionfast and perhaps inexpensive if the two sites are connected to the internet in the picture, There's two routers Router1 is a simulation at The pinnacle officeor Workplace A There are more A different router before me performing as Workplace B or as being a department Office environment the process we have to do to start with is simply because We now have to hook up with the net we must do the basic configuration if you continue to question the way to do basic configuration you'll be able to discover over the videostart The fundamental Mikrotik configuration on this channel please locate the online video the best way is how can each websites of every Business office be linked to the net since in generating a VPN connectionwe use the world wide web community like a virtual interface now i configure it for internet connection on the Business B router or listed here acts being a branch Business office listed here you may see the RB951Ui-2HnD Routerwhich is utilized for a simulation of the department Place of work router you can use any kind of Mikrotik router due to the best way to configure the Mikrotik Routereverything is almost exactly the same as an example I take advantage of two connections There's a WAN You will find a LAN much too then within the network I occur to later on for WAN connections using DHCP Client so here I really have to set the DHCP consumer incidentally the internet connection makes use of ether1 listed here has received an IP address also then for LAN relationship i use ether2 such things as this remain Component of essential configuration this one particular is for WAN IPand The underside for LAN IP or neighborhood community to make it much easier for me to configure I'll incorporate on LAN with DHCP Server we can enter in to the IP menu then DHCP Server below to configure itMy notebook connects to Ether2 I established acquire IPso using the DHCP Server so my laptop computer getsAutomatic IP Address and now my laptop computer is gettingIP Address 192.
168.
30.
254 after this part is finished remember the configurationfor NAT firewalls or scrub NAT masquerade for Out.
The interface brings about ether1 For anyone who is still perplexed and doubtful for essential configurations similar to this remember to learnin The fundamental configuration video on this channel due to the fact We have now talked about in more detailon the online video if this configuration is complete this time I shown the configuration in a single Workplace because of configuration in Business Aalso precisely the same configuration will not forget about to give the title from the routeron the program-identification menu as an example I named this router is Business B so afterwards there'll be Office environment Aand also Workplace B the subsequent action we configure for the SSTP Server we configure the router in office A I happened to own ready a router which makes use of IP Deal with 192.
168.
128.
05 which functions as Place of work A for VPN configuration on Mikrotik equipment anything is to the PPP menu so we can easily enter the PPP menuon the highest left within the Interface tab we can look for there are several buttons there is a PPTP Server, There's a SSTP Server, L2TP Serverand also OpenVPN Server for PPTP mentioned during the past video clip then this time we will discussabout SSTP Server to configure it is right here whenever we configure it we click the SSTP Server button the Display screen is not A lot diverse from when configuring PPTP Server we Examine this Empower then our profile selects default encryption OK On this SSTP Server configurationlater we have been offered a option to choose a Certification just one big difference that could be observed involving PPTP and SSTP on SSTP we could use SSL Certification for Encryption possibilities if PPTP works by using TCP port 1723 and there are opportunities at some ISPsblock the port alternatively we are able to use SSTP which takes advantage of the default port 443 This port 443 is the same as the a single used for the https Web site so it is very unlikelyto be blocked by an ISP for instance PPTP can not be executed we will try A different substitute, SSTP by utilizing a certificate or not utilizing a certificate If your gadget takes advantage of the exact same Mikrotik we will attempt the one with out certification let us try out 1st withnot use a certificate we check to enable SSTP Servicethen simply click OK for the following measures to make a VPN we need to make authentication Therefore the Company side must make Tricks below There may be an account for sucrets we are able to increase or use this current one for creating techniques the same as PPTPor another variety of VPN for the experiment this time I selected the service particularly to SSTP we also can decide on PPTP when developing a PPTP server or could also opt for any to ensure that later it can be employed for all sorts of VPN don't forget also to determineLocal and Distant Deal with This is certainly some IP tackle which is able to be mounted if the SSTP servicecan be related Such as, for a neighborhood addressI give IP deal with 10.
two.
2.
one then with the distant addressusing IP tackle ten.
two.
2.
two for this component allow it to be a practice to usePrivate IP handle which may not are already put in beforeon the router so that it will be easierto deal with the IP handle for building people can modify one example is, it calls for greater than one userwe can do it by including secrets and techniques like The underside such as this Or perhaps only use 1 userdepending on unique requires for SSTP Server configuration just as simple as This is certainly ample and do not forget to activate the profile during the secretto decide on default encryption the utilizes for encryptingduring data transactions Therefore if you'll find issues”safe or not employing a VPN?” the data ought to be Risk-free as the knowledge is encrypted due to the fact we pick the default-encryption profile This can be the configuration for that SSTP server router or Place of work A then we switch to shopper configuration or Business office B Business office B We're going to specify as SSTP Client I've now remotely router for Place of work B tend not to pass up the router actions for configuration are Virtually the exact same 1st we enter the PPP menu we check first to connect to the server can pingto the public IP deal with or not tips on how to enter the terminal menuthen do ping Ping 192.
168.
128.
105 to the experiment this timeI simulate this 192.
168.
128.
a hundred and five is actually a Public IP for an Office A Server then we enter already viewed reply indicates we will hook up with the server's IP address then we make the SSTP consumer we enter the PPP menu inside the Interface tab then we incorporate the SSTP Customer suppose I give a name with sstp-Middle then with the tab dial out for your Hook up with parameterwe fill in the Public IP that's about the server this time we use 192.
168.
128.
a hundred and five then An important is definitely the Person parameter the server options have been previously madewith consumer name1 then my password is “exam” for a while on account of usnot make use of a certificate we are able to disable this parameter Validate Server Address From Certification we can use this parameter When the certification the client and server already exists then we click OK It ought to be this SSTP connection has been set up or even the username and password are correctly stuffed then the R flag will appearin front of the interface if it's been shaped like this between web-site A and web page B as though you have already got a direct connection working with VPN Even though physically circuitously related This SSTP interface will even have an IP tackle specified to the server facet we will consider to examine the IP-Address menu afterwards a new IP will show up about the sstp-Middle interface This IP address is presented automatically from Secrets and techniques settings within the server so we need not configure the IP addressManually after the IP handle to the interface has appeared to connect in between LANs on the two websites or might be connected then we must include static routing to start with we enter the IP menu then enter the Routes menu as well as the IP deal with in Place of work A is 172.
sixteen.
1.
0 so this time I'm able to insert to route-checklist I add it by pressing the + signal Etcetera.
We enter the IP address 172.
16.
one.
0/24 Gateway parameters can use IP addresses one example is we fill in IP ten.
2.
two.
1 This can be the IP address in the VPN interface because this VPN we can easily also or A part of the PPTP category then we are able to fill during the Gatewaywith the SSTP interface specifically only applies to VPN if Actual physical interfaces won't be able to for instance we utilized itGateway IP Tackle ten.
two.
two.
1 then the Route will appear with US flags do not forget to make the return path routing This is certainly routing from office B to Business A LAN from Place of work A to LAN Place of work Bstatic routing ought to also be built we must enter the router in Workplace A We've got entered the Business A router may also automatically surface latera new interface over the PPP menu in accordance with the name from the username then the IP address may also appearon the SSTP interface so we are able to just ensure it is in the IP-Routes menu we increase new with Dst.
The address will be the IP from the Business LAN B 192.
168.
thirty.
0/24 We fill while in the gateway ten.
2.
two.
2 then we click Okay Routing is by now built we are able to try to check in the Business office A router we open up New Terminal then we attempt to ping 192.
168.
30.
one we seek to ping yet again to my laptopwith IP 192.
168.
thirty.
245 glimpse can currently we may Ping from Office B incidentally my notebook is usually a clientfrom LAN Business office B to ensure that my place is from the Business LAN B if I open up a whole new Terminal with a Laptop computer as an example I Ping to 172.
sixteen.
one.
1 look can already this means concerning LAN in Office environment A and Business Balready equipped to communicate we will use this type of interaction to accessibility the server at the head Business Or possibly There's a CCTV unit, File Sharingetc making sure that these LANs can share methods Sharing connections for servers, by way of example, in a branch Business office, there isn't any this sort of services we will use features like this This configuration is analogous to PPTP during the past video the main difference is simply during the tunneling technique now we will try out Let's say we use certificates if we did an experiment earlierwithout implementing certificates step one we can sign in Office environment Awhich acts being a Server we can easily Look at about the PPP menu Active Connections tab It's going to be noticed using AES256 encoding In case the former PPTP approach encodes it uses MPPE default if now the SSTP approach utilizes AES256 encoding later on we can easily alter this encoding or we can easily transform this encryption by making use of SSL Certificates as We've found beforeabout SSL Certificates we could make Self Signed SSL Certificatesand we will make it for free The best way to? the way in which we could make it on Linuxwith OpenSSL Microtic products are also provided a Tool for us to be able to make SSL certificates what way? how do we enter the Procedure menu then we enter in the sub menu Certificates so this menu is used to makeSSL certificates on their own through the use of Mikrotik if certainly we do not have Linux to make with Open up SSL on this Certificates menu we could include there are important parameters like Nameand Widespread Name but we can also fill in all the parameterswe make CA very first we make CA-Templateand I enter the Nation ID and we could enter facts completely By way of example, I fill while in the organization Citraweb By way of example, I fill from the Unit Technological Assistance to the Prevalent Title parameter we have to fill within the IP deal with of our Router 192.
168.
128.
a hundred and five then click on Utilize Along with producing CA certificates, we must create a Server then Client by way of example we develop Server-Templates the parameters down below we fill similar to prior to I fill in the Prevalent Nameserver we help it become all over again for clientele and we might make more than one if We've more than one client such as, I'll create Customer-Template I fill during the Nation ID I fill during the State of Yogyakarta then fill in more detail and finish then I fill inside the Specialized Assist Unitand I enter the Popular Name Consumer just after you'll find three certificates madethere are CA, Server and Customer then we really need to do Self Sign up we enter New Terminal for the reason that on Mikrotik there is not any GUI menu we will utilize the CLI to carry out Self Signedthe certificates just how we do Together with the command”certificates sign” then we type the title in the certificatefor case in point, I try out the CA very first the command is similar to this then I give the identify myCAcertificates if the method has completed, an outline will show up inside the certificates menu with flag below we are able to see the KLAT flagK-non-public key, L-ctrl, A-authority, T-trushted then we can do the Self Sign In processfor Server and Shopper we enter within the Terminal I try and server initial we Visit the name ca that We have now produced ahead of then we provide the name, by way of example, is definitely the server It ought to be pointed out that typing the command here is Scenario Delicate such as, just before I designed myCA making use of lowercase letters and right here There's an outline in the error because prior to I created it with all capital letters as well as command right here does not find the https://vpngoup.com location file so With this next phase I can change applying uppercase letters and now the flag description appearson menu certificates the last is for that Consumer we type Command “certificates indicator” then we enter ca = myCA And that i give identify = consumer so All things considered the Register process is doneand the KA flag facts appears but for Consumer and server certificates there is not any Trustworthy info how to generate these certificates reliable? we might make arrangementsthrough the Command Line Interface we style “trusted certification set consumer = y” we do a similar for certificates serverby typing “reliable certification set server = y” to make sure that afterwards the flag description will show up on the Certificates menu that has a T flag which means Reliable if It is really arrived in this article then we could utilize it for SSTP certificate needs for the reason that I designed these certificates to the Server router so it may even be saved over the router server right after we signed signed certificatedand supply trustworthy information we could export these certificatesfor us to import to your shopper the way in which we utilize the CLI While using the command”certification export = certification” first step I export myCA firstand I gave a passphrase another one I should exportfor the consumer certification we could export the outcome around the Files menuand you'll find 2 file forms, specifically * .
crt and * key we can easily download these four documents which later on we can import in the consumer router I've saved it to my Laptop desktopthere are quite a few data files observed in this article, you will discover * .
key and * crt then we enter the Business B routeror into the Client router on this router customer we uploadfor the certificate file that we have made the way in which is we upload the file into the Information menu I choose all filesfor anyone who has the * crt and * .
vital extensions Each individual has 2 data files myCA has two filesand the shopper also has * .
crt and * .
key after that we click on open previously observed coming into here if It is presently while in the Information menuthen we enter the Certificates menu situations about the router client don't have any certificateswe can do import we could do import certificatesfirst possible for myCA initially then we import remember to import * .
key also for myCA filesso that it might be trustworthy import far more certification files with the shopper then we also import The main element file for that client making sure that both