How To Setup Mikrotik Site To Site Vpn Configuration Amongst Ipsec
The goal of this tutorial is to configure a site to site IPsec VPN Tunnel amongst MikroTik RouterOS. So, for this entire tutorial I volition exhibit y'all how to configure IPsec VPN betwixt ii MikroTik Routers thus that an IPsec VPN Tunnel tin move hold upward established betwixt them in addition to local networks of these routers tin move communicate amongst each other.
To configure a site to site IPsec VPN Tunnel betwixt ii MikroTik Routers, I am next a network diagram similar the picture above.
In this network, Office 1 Router is connected to meshing through ether1 interface having IP address 192.168.70.2/30. In your existent network this IP address volition hold upward replaced amongst your world IP address. Office1 Router’s ether2 interface is connected to local network having IP network 10.10.11.0/24. Similarly, Office2 Router is connected to meshing through ether1 interface having IP address 192.168.80.2/30. In your existent network this IP address volition likewise hold upward replaced amongst world IP address. Office 2 Router’s ether2 interface is connected to local network having IP network 10.10.12.0/24. We volition configure site to site IPsec VPN Tunnel betwixt these ii routers thus that local network of these routers tin move communicate to each other through this VPN tunnel across world network.
To configure a site to site IPsec VPN amongst MikroTik RouterOS, I am using ii MikroTik RouterOS v6.38.1. IP information that I am using for this network configuration are given below.
Office 1 Router WAN IP: 192.168.70.2/30 in addition to LAN IP Block 10.10.11.0/24
Office 2 Router WAN IP: 192.168.80.2/30 in addition to LAN IP Block 10.10.12.0/24
This IP information is only for my RND purpose. Change this information according to your network requirements.
MikroTik IPsec Site to Site VPN Configuration
We volition directly get our site to site IPsec VPN configuration according to the higher upward network diagram. Complete configuration tin move hold upward divided into 4 parts.
MikroTik RouterOS basic configuration
IPsec Peer configuration
IPsec Policy in addition to Proposal Configuration
NAT Bypass Configuration
Part 1: MikroTik RouterOS Basic Configuration
Basic RouterOS configuration includes assigning WAN IP, LAN IP, DNS IP in addition to Route, NAT configuration. According to our network diagram, nosotros volition directly consummate these topics inwards our ii MikroTik RouterOS (Office 1 Router in addition to Office 2 Router).
Office 1 Router Basic Configuration
The next steps volition guide y'all how to perform basic configuration inwards your Office 1 RouterOS.
Login to Office 1 RouterOS using winbox in addition to become to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, lay WAN IP address (192.168.70.2/30) inwards Address input plain in addition to pick out WAN interface (ether1) from Interface dropdown carte in addition to click on Apply in addition to OK button. Click on PLUS SIGN in 1 lawsuit to a greater extent than in addition to lay LAN IP (10.10.11.1/24) inwards Address input plain in addition to pick out LAN interface (ether2) from Interface dropdown carte in addition to click on Apply in addition to OK button.
Go to IP > DNS in addition to lay DNS servers IP (8.8.8.8 or 8.8.4.4) inwards Servers input plain in addition to click on Apply in addition to OK button.
Go to IP > Firewall in addition to click on NAT tab in addition to and thus click on PLUS SIGN (+). Under General tab, pick out srcnat from Chain dropdown carte in addition to click on Action tab in addition to and thus pick out masquerade from Action dropdown menu. Click on Apply in addition to OK button.
Go to IP > Routes in addition to click on PLUS SIGN (+). In New Route window, click on Gateway input plain in addition to lay WAN Gateway address (192.168.70.1) inwards Gateway input plain in addition to click on Apply in addition to OK button.
Basic RouterOS configuration has been completed inwards Office 1 Router. Now nosotros volition exercise similar steps inwards Office 2 RouterOS.
Office 2 Router Basic Configuration
The next steps volition guide y'all how to perform basic configuration inwards your Office 2 RouterOS.
Login to Office 2 RouterOS using winbox in addition to become to IP > Addresses. In Address List window, click on PLUS SIGN (+). In New Address window, lay WAN IP address (192.168.80.2/30) inwards Address input plain in addition to pick out WAN interface (ether1) from Interface dropdown carte in addition to click on Apply in addition to OK button. Click on PLUS SIGN in 1 lawsuit to a greater extent than in addition to lay LAN IP (10.10.12.1/24) inwards Address input plain in addition to pick out LAN interface (ether2) from Interface dropdown carte in addition to click on Apply in addition to OK button.
Go to IP > DNS in addition to lay DNS servers IP (8.8.8.8 or 8.8.4.4) inwards Servers input plain in addition to click on Apply in addition to OK button.
Go to IP > Firewall in addition to click on NAT tab in addition to and thus click on PLUS SIGN (+). Under General tab, pick out srcnat from Chain dropdown carte in addition to click on Action tab in addition to and thus pick out masquerade from Action dropdown menu. Click on Apply in addition to OK button.
Go to IP > Routes in addition to click on PLUS SIGN (+). In New Route window, click on Gateway input plain in addition to lay WAN Gateway address (192.168.80.1) inwards Gateway input plain in addition to click on Apply in addition to OK button.
Basic RouterOS configuration has been completed inwards Office 2 Router. Now nosotros are going to get IPsec Peer configuration.
Part 2: IPsec Peer Configuration
After MikroTik Router basic configuration, nosotros volition directly configure IPsec Peer inwards both MikroTik RouterOS. In IPsec Peer configuration, nosotros volition specify peer address, port in addition to pre-shred-key.
IPsec Peer Configuration inwards Office 1 Router
The next steps volition exhibit how to configure IPsec Peer inwards your Office 1 RouterOS.
Go to IP > IPsec in addition to click on Peers tab in addition to and thus click on PLUS SIGN (+).
In New IPsec Peer window, lay Office 2 Router’s WAN IP (192.168.80.2) inwards Address input plain in addition to lay 500 inwards Port input field.
Choose pre shared telephone substitution option from Auth. Method dropdown menu.
Provide a suitable password inwards Secret input field. This password is required for IPsec authentication in addition to must hold upward same inwards both routers.
Click Apply in addition to OK button.
IPsec Peer configuration inwards Office 1Router has been completed. Now nosotros volition configure IPsec Peer inwards Office 2 Router.
IPsec Peer Configuration inwards Office 2 Router
We volition exercise the same steps every bit Office 1 Router’s IPsec Peer configuration inwards Office 2 Router but alone address parameter volition hold upward changed.
Go to IP > IPsec in addition to click on Peers tab in addition to and thus click on PLUS SIGN (+).
In New IPsec Peer window, lay Office 1 Router’s WAN IP (192.168.70.2) inwards Address input plain in addition to lay 500 inwards Port input field.
Choose pre shared telephone substitution option from Auth. Method dropdown menu.
Provide a suitable password inwards Secret input field. This password is required for IPsec authentication in addition to must hold upward same inwards both routers.
Click Apply in addition to OK button.
IPsec Peer configuration inwards our both Office Routers has been completed. Now nosotros volition get Policy in addition to Proposal configuration for our IPsec VPN Tunnel.
Part 3: IPsec Policy in addition to Proposal Configuration
After IPsec Peer configuration it is fourth dimension to configure IPsec Policy in addition to Proposal. It is of import that proposed authentication in addition to encryption algorithms must stand upward for on both routers. In this example, nosotros volition usage predefined default proposal. You volition uncovering default proposed authentication algorithms in addition to encryption algorithms inwards Proposals tab. In this component subdivision nosotros volition alone configure IPsec Policy on both routers. In Policy configuration nosotros volition specify source in addition to finish network that volition locomote yesteryear through IPsec tunnel in addition to the manner of this IPsec VPN.
IPsec Policy Configuration inwards Office 1 Router
The next steps volition exhibit how to configure IPsec Policy inwards Office 1 RouterOS.
Go to IP > IPsec in addition to click on Polices tab in addition to and thus click on PLUS SIGN (+). New IPsec Policy window volition appear.
In General tab, lay your source network (Office 1 Router’s network: 10.10.11.0/24) that volition hold upward matched inwards information packets, inwards Address input plain in addition to continue Src. Port untouched because nosotros desire to allow all the ports.
Put your finish network (Office 2 Router’s network: 10.10.12.0/24) that volition hold upward matched inwards information packets inAddress input plain in addition to continue Dst. Port untouched.
Now click on Action tab in addition to click on Tunnel checkbox to enable tunnel mode.
Put your finish network (Office 2 Router’s network: 10.10.12.0/24) that volition hold upward matched inwards information packets inwards Address input plain in addition to continue Dst. Port untouched.
Now click on Action tab in addition to click on Tunnel checkbox to enable tunnel mode.
Put Office 1 Router’s WAN IP (192.168.70.2) inwards SA Src. Address input plain in addition to Office 2 Router’s WAN IP (192.168.80.2) inwards SA Dst. Address input field.
Make certain default option is selected inwards Proposal dropdown menu.
Click Apply in addition to OK button.
IPsec Policy configuration inwards Office 1 Router has been completed. Similarly nosotros volition configure IPsec Policy inwards Office 2 Router.
IPsec Policy Configuration inwards Office 1 Router
The next steps volition exhibit the configuration of IPsec Policy inwards Office 1 RouterOS.
Go to IP > IPsec in addition to click on Polices tab in addition to and thus click on PLUS SIGN (+). New IPsec Policy window volition appear.
In General tab lay your source network ( Office 1 Router’s network: 10.10.12.0/24) that volition hold upward matched inwards information packets inwards Address input plain in addition to continue Src. Port untouched .
Put your finish network (Office 2 Router’s network: 10.10.11.0/24) that volition hold upward matched inwards packets inAddress input plain in addition to continue Dst. Port untouched.
Now click on Action tab in addition to click on Tunnel checkbox to enable tunnel mode.
Put Office 1 Router’s WAN IP (192.168.80.2) inwards SA Src. Address input plain in addition to Office 2 Router’s WAN IP (192.168.70.2) inwards SA Dst. Address input field.
Make certain default option is selected inwards Proposal dropdown menu
Click Apply in addition to OK button.
IPsec Policy configuration inwards Office 1 Router has been completed. At this call for IPsec tunnel volition hold upward created betwixt ii usage routers but local networks cannot communicate amongst each other. This is because both routers conduct maintain NAT rules that is changing source address afterwards package is encrypted. Remote router receives encrypted package but is unable to decrypt it because source address exercise non stand upward for address specified inwards policy configuration. The Solution is to educate NAT Bypass rule.
Part 4: NAT Bypass Configuration
We volition directly configure NAT Bypass dominion inwards our both Office Routers otherwise local network volition non hold upward able to communicate amongst each other.
NAT Bypass Rule Configuration inwards Office 1 Router
The next steps volition exhibit how to exercise NAT Bypass dominion inwards your Office 1 RouterOS.
Go to IP > Firewall in addition to click on NAT tab in addition to and thus click on PLUS SIGN (+). New NAT Rule window volition appear.
In General tab, pick out srcnat from Chain dropdown menu.
Put Office 1 Router’s LAN network (10.10.11.0/24) that wants to communicate to Office 2 Router, inwards Src. Address input field.
Put Office 2 Router’s LAN network (10.10.12.0/24) where Office 1 Router wants to reach, inwards Dst. Address input field.
Click on Action tab in addition to pick out bring option from Action dropdown menu.
Click Apply in addition to OK button.
Your newly created dominion volition hold upward available inwards the listing table. Now house this dominion at kickoff seat yesteryear drag in addition to driblet otherwise this dominion volition non hold upward workable.
NAT Bypass dominion inwards Office 1 Router has been completed. Similarly nosotros volition exercise NAT Bypass dominion inwards Office 2 RouterOS.
NAT Bypass Rule Configuration inwards Office 1 Router
The next steps volition exhibit the configuration of NAT Bypass dominion inwards Office2 RouterOS.
Go to IP > Firewall in addition to click on NAT tab in addition to and thus click on PLUS SIGN (+). New NAT Rule window volition appear.
In General tab, pick out srcnat from Chain dropdown menu.
Put Office 2 Router’s LAN network (10.10.12.0/24) that wants to communicate to Office 1 Router, inwards Src. Address input field.
Put Office 1 Router’s LAN network (10.10.11.0/24) where Office 2 Router wants to reach, inwards Dst. Address input field.
Click on Action tab in addition to pick out bring option from Action dropdown menu.
Click Apply in addition to OK button.
Your newly created dominion volition hold upward available inwards the listing table. Now house this dominion at kickoff seat yesteryear drag in addition to driblet otherwise this dominion volition non hold upward workable.
NAT Bypass dominion inwards Office 2 Router has been completed. Now Office 1 Router’s local network volition able to accomplish Office 2 Router’s local network through IPsec VPN Tunnel across world network in addition to vice versa. To cheque your configuration, exercise a ping asking from whatever local network machine to other local network machine. If everything is OK, your ping asking volition hold upward success.
0 Response to "How To Setup Mikrotik Site To Site Vpn Configuration Amongst Ipsec"
Post a Comment