Mikrotik… need I say More?
Show MenuHide Menu

Category Archives: Mikrotik

Mikrotik IPsec Site to Site VPN – HOW TO

March 10, 2013

IPsec Site to Site VPN Mikrotik Setup- HOW TO by Travis Kenner

This is going to be a shotgun setup example. I do not show how to setup Clients or DHCP servers on each Mikrotik for the LANs. This is just and example of setting up the IPsec so you may have to fill in the blanks. Hopefully this is enough to fill in the gaps with for an IPsec connection to make a Mikrotik Site to Site IPsec VPN Tunnel.
Enjoy 🙂

 

PLEASE NOTE: For any configuration examples please visit the Mikrotik Forums for help and support. There are some really knowledgeable people on the forums who will be able to help you with your individual setups.

http://forum.mikrotik.com/

 

 

 

PLEASE NOTE: You need NAT bypass rules for the IPsec negotiation. I will be updating the pictures to help more with visual clues and setup help. Also I will be clearing up any mistakes I have made in IP addresses or any other technical mistakes as well as putting pictures back in for IPsec Peer examples.

Equipment:
2 Rb750GL Mikrotik with Router OS 6.0rc11

 

Server Side Mikrotik Setup:

WAN: 1.1.1.3/28
LAN: 172.16.30.1/24

clip_image002

read more …

Packet Sniffer Streaming to Wireshark from your Mikrotik

March 2, 2013

Packet Sniffer Streaming to Wireshark from your Mikrotik HOW TO by Travis Kenner

Equipment:
Mikrotik RB 750GL running package 6.0rc11
Windows 7 Pro Workstation 64 bit
Wireshark version 1.8.5 64 bit

 

How to Stream Packet Sniffing from your Mikrotik to your workstation running Wireshark:

Start Wireshark on your workstation

image

Log onto your Mikrotik and click on the Tools Menu on the left side

image

read more …

Mikrotik Firewall Mangle and Queue Tree example

March 2, 2013

Mikrotik Firewall Mangle and Queue Trees Example HOW TO

by Travis Kenner

PLEASE NOTE: For any configuration examples please visit the Mikrotik Forums for help and support. There are some really knowledgeable people on the forums who will be able to help you with your individual setups.

http://forum.mikrotik.com/

Equipment:
Mikrotik RB750GL Running Package version 6.0rc11

NOTE: I am no Mikrotik expert and definitely don’t fully understand Mangling and Queues but I will correct and add to this blog as I learn.

I decided to put this together after I could not find a clear and concise example of how to use the Mikrotik Mangle and Queue functionality.

Marking a connection? Packet Mark, route mark, connection mark, Queue Tree???? Anything I found was vague, felt incomplete or just didn’t explain enough of the what and the how.

So What is Mikrotiks IP Firewall Mangle?
Here is the Wiki that explains it: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Mangle

Here is the Summary copied straight from the Wiki:
Mangle is a kind of ‘marker’ that marks packets for future processing with special marks. Many other facilities in RouterOS make use of these marks, e.g. queue trees, NAT, routing. They identify a packet based on its mark and process it accordingly. The mangle marks exist only within the router, they are not transmitted across the network.

read more …

Cool stuff you can do with your Mikrotik Router

March 1, 2013

Mikrotik Cool Stuff  HOW TO

Equipment:
Mikrotik RB750GL Running Package version 6.0rc11

If you have an L2TP/IPSec VPN setup or SSTP how about writing a script to Wake up your Workstation at your office or home or how about waking up your ESXi 5.x Hypervisor Server or how about waking up your NAS so you can pull a few files from it and shut id down when done.

I run test servers and real servers on my VMWare ESXi 5.x Hypervisor. Recently I setup a Windows 2012 Server and one Exchange 2013 server on it. Instead of leaving my ESXi server running 24/7 I thought… why not just use WOL (Wake on Lan) to wake it up, start the test servers or servers I need access to so I can test the Exchange or test an Ubuntu server or whatever I need from the internet.

Well VOILA in comes Mikrotik scripting.

read more …

Free Mikrotik and some CISCO CCNA Training

February 22, 2013

If you want a great site that has some free CISCO info and Mikrotik training then head over to

http://gregsowell.com/

Look on the right for CISCO and Mikrotik Blogs

He even has videos you can watch and they are packed full of awesome info

L2TP with IPSec on Mikrotik RoutersOS

February 20, 2013

Mikrotik L2TP with IPSec HOW TO by Travis Kenner

Equipment:
Mikrotik RB750GL Running Package version 6.0rc11
Apple IPhone 4 with iOS 5.x

NOTE: All the formatting on this page is not done as this was a really long Blog: I am redoing it to have better formatting and better explanations. I added some screen shots but like anything you write yourself after you have gone over and over it I tend to miss grammer or spelling mistakes LOL and that’s with a spell checker. HA HA. Most IT guys I know would rather work on the firewall rules and just gloss over the grammer or spelling. Anyways, on to my blog on Mikrotik and L2TP.

 

PLEASE NOTE: For any configuration examples please visit the Mikrotik Forums for help and support. There are some really knowledgeable people on the forums who will be able to help you with your individual setups.

http://forum.mikrotik.com/

 

PPTP is getting a Bad Rap for being unsecure so I implemented SSTP with an SSL Certificate for my Mikrotik Router. (Check out this blog that talks about the PPTP MS-CHAPv2 findings http://blog.calyptix.com/2012/08/pptp-is-so-insecure-it-should-be.html )

All proud that I got it up and running so that I can securely connect to my Mikrotik from another PC (Note: Mikrotik to Mikrotik you don’t need an SSL Certificate) when I am offsite, I thought why not try connecting with my IPhone. Unfortunately there is only 3 Options with the IPhone 4 at this point in time.

PPTP – Not so secure anymore accoriding to some googling and the blog above
L2TP/IPSec
IPSec (only used for CISCO).

So I set out to get my IPhone connected to my Mikrotik using L2TP with IPSec.

Here are the steps to get it setup.

read more …

SSTP VPN with SSL Certificate with Mirkotik

February 20, 2013

Mikrotik SSTP VPN with a SSL Certificate  HOW TO by Travis Kenner

Equipment:
Mikrotik RB750GL Running Package version 6.0rc11
Go Daddy account with a nice $8.00 SSL Certificate and a domain registered

NOTE: When connecting a Mikrotik to another Mikrotik using SSTP you do NOT need an SSL certificate. Mikrotik to Mikrotik will take care of itself.

PLEASE NOTE: For any configuration examples please visit the Mikrotik Forums for help and support. There are some really knowledgeable people on the forums who will be able to help you with your individual setups.

http://forum.mikrotik.com/

All I’m going to say is no coffee and no sleep and finally I got it working

STEPS:
Find a Linux Box and use openssl to generate a Private Key:
Depending on your flavor if it does not have open ssl,  Google how to add openssl to your linux distro.

read more …

4 visitors online now
4 guests, 0 members
Max visitors today: 15 at 07:11 pm UTC
This month: 21 at 11-03-2017 04:44 pm UTC
This year: 47 at 01-03-2017 08:06 pm UTC
All time: 47 at 01-03-2017 08:06 pm UTC