VPN sometime called VPN Tunnel,gives the engineer two remote site a way to send a packet between two
site with private ip address through the internet,Ipsec site-to-site vpn tunnel used to allow the secure transmission between to remote site .VPN provides privacy,encryption and verification that the sender legitimate.
In this scenario two remote office router are connected to internet and office workstation behind routers are NAT ed.Each office has its own local network 192.168.1.0/24 for site1 and 10.10.10.0/24 for site 2.both remote site needs secure tunnel to local networks behind routers.
site with private ip address through the internet,Ipsec site-to-site vpn tunnel used to allow the secure transmission between to remote site .VPN provides privacy,encryption and verification that the sender legitimate.
In this scenario two remote office router are connected to internet and office workstation behind routers are NAT ed.Each office has its own local network 192.168.1.0/24 for site1 and 10.10.10.0/24 for site 2.both remote site needs secure tunnel to local networks behind routers.
IP address Configuration for
mikrotikroutersite1:
[laxmi@mikrotikroutersetup.blogspot.com]/ip
address
Add address=172.16.1.2/30
interface=WAN
Add address=192.168.1.1/24
interface=LOCAL
/ip
route
Add gateway=172.16.1.1
/ip
firewall nat
Add chain=srcnet
out-interface=WAN action=masquerade
Mikrotikroutersite2
configuration:
[laxmi@mikrotikroutersetup.blogspot.com]/ip
address
Add address=172.16.100.2/30
interface=WAN
Add address=10.10.10.1/24
interface=LOCAL
/ip
route
Add gateway=172.16.100.1
/ip
firewall nat
Add chain=srcnet
out-interface=WAN action=masquerade
Ip
Sec Peer’s configuration:
We need
to specify peers address and port and pre=shared-key and other are default value.
MikrotikRoutersite1:
/ip sec peer
Add address=172.16.100.2/32:500
auth-method=pre-shared-key secret=”123456”
MikrotikRoutersite2:
Add address=172.16.1.2/32:500
auth-method=pre-shared-key secret=”123456”
Policy
and proposal Configuration:
We want
to encrypt data coming from 10.10.10.0/24 to 192.168.1.0/24 and vice versa.
MikrotikrouterSite1:
/ip
ipsec policy
Add src-address=10.10.10.0/24:any
dst-address=192.168.1.0/24:any sa-src-address=172.16.1.2
sa-dst-address=172.16.100.2 tunnel=yes action=encrypt proposal-default
MikrotikrouterSite2:
Add src-address=192.168.1.0/24:any
dst-address=10.10.10.0/24:any sa-src-address=172.16.100.2 sa-dst-address=172.16.1.2
tunnel=yes action=encrypt proposal-default
NAT
Bypass Configuration:
MikrotikrouterSite1:
/ip
firewall nat
Add chain=srcnet
action=accept place-before=0 src=address=192.168.1.0/24
dst-address=10.10.10.0/24
Mikrotikroutersite2:
/ip
firewall nat
Add chain=srcnet
action=accept place-before=0 src=address=10.10.10.0/24 dst-address=192.168.1.0/24
Placed at the top of
all other NAT rules and clear connection table from existing connection or
restart the routers.
FastestVPN has recently announced its Black Friday Deal and it shows just how seriously this company takes the festive season as they are actually offering 92.5% off on the original price. You can now avail this discount through vpn black Friday sale. Some of the features that FastestVPN providers to their customers are mentioned below.
ReplyDelete NAT Firewall
Anonymous Torrents Downloading
Anonymous Browsing
Unblocking Restricted Or Region-Locked Websites
YouTube, Hulu, Amazon Prime and Netflix Streaming From Any Region
Browser extensions
Unlimited Bandwidth
250+ servers in 36+ countries locations
No Logs – 256
Helpful artical.
ReplyDeleteThanks for a well written and informative post.
Best WiFi Extenders to Look For In the Year 2020
MikroTik VPN setup Manual
ReplyDeleteThis post is Attractive. Try our Winbox Web gaming hub for earn real cash with fun.
ReplyDeleteWinboxweb-profile
Uid.me - winbox
Winbox Blogspot
About winbox
winbox profile
The best vpn website 在中囯 是中国VPN推荐 and 中国VPN
ReplyDeletethanks for sharing Mikrotik IPsec site to site vpn setup
ReplyDelete