Kamis, 12 Juni 2008

Mengamankan Mikrotik Router dengan Firewall

Untuk mengamankan router mikrotik dari serangan orang orang yang tidak bertanggung jawab, traffic virus dan excess ping, berikut ini langkah-langkah yang harus dilakukan :

Pertama kita buat address-list “trusted-network” yang berisi alamat IP yang berhak mengakses router dan masuk dalam kategori �Trusted Network�.

Dalam contoh berikut ini, saya menggunakan IP lokal network / LAN 192.168.1.0/24. Dan IP public 202.152.x.x dari akses internet rumah saya. Anda bisa menambahkan list IP tersebut agar dapat mengakses routernya.

/ip firewall address-list add list=trusted-network address=192.168.1.0/24 comment=”Trusted Network” disabled=no

/ip firewall address-list add list=trusted-network address=202.152.x.x/24 comment=”Trusted Network” disabled=no

Selanjutnya buat chain virus agar port-port yang sering dimanfaatkan virus di blok sehingga traffic virus tidak dapat dilewatkan, tetapi perlu diperhatikan jika ada user yang kesulitan mengakses service tertentu apakah port yang dibutuhkan user tersebut terblok oleh firewall.

/ip firewall filter add chain=forward connection-state=established action=accept comment=”Allow Established Connections” disabled=no

/ip firewall filter add chain=forward connection-state=related action=accept comment=”Allow Related Connections” disabled=no

/ip firewall filter add chain=virus protocol=udp dst-port=135-139 action=drop comment=”Drop Messenger Worm” disabled=no

/ip firewall filter add chain=forward connection-state=invalid action=drop comment=”Drop Invalid Connections” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=135-139 action=drop comment=”Drop Blaster Worm” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1433-1434 action=drop comment=”Worm” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=445 action=drop comment=”Drop Blaster Worm” disabled=no

/ip firewall filter add chain=virus protocol=udp dst-port=445 action=drop comment=”Drop Blaster Worm” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=593 action=drop comment=”________” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1024-1030 action=drop comment=”________” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1080 action=drop comment=”Drop MyDoom” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1214 action=drop comment=”________” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1363 action=drop comment=”NDM Requester” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1364 action=drop comment=”NDM Server” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1368 action=drop comment=”Screen Cast” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1373 action=drop comment=”Hromgrafx” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=1377 action=drop comment=”Cichlid” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Bagle Virus” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=2283 action=drop comment=”Drop Dumaru.Y” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=2535 action=drop comment=”Drop Beagle” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=2745 action=drop comment=”Drop Beagle.C-K” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=3127 action=drop comment=”Drop MyDoom” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=3410 action=drop comment=”Drop Backdoor OptixPro” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=4444 action=drop comment=”Worm” disabled=no

/ip firewall filter add chain=virus protocol=udp dst-port=4444 action=drop comment=”Worm” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=5554 action=drop comment=”Drop Sasser” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=8866 action=drop comment=”Drop Beagle.B” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=9898 action=drop comment=”Drop Dabber.A-B” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=10000 action=drop comment=”Drop Dumaru.Y, sebaiknya disable karena juga sering digunakan utk vpn / webmin” disabled=yes

/ip firewall filter add chain=virus protocol=tcp dst-port=10080 action=drop comment=”Drop MyDoom.B” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=12345 action=drop comment=”Drop NetBus” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=17300 action=drop comment=”Drop Kuang2″ disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=27374 action=drop comment=”Drop SubSeven” disabled=no

/ip firewall filter add chain=virus protocol=tcp dst-port=65506 action=drop comment=”Drop PhatBot, Agobot, Gaobot” disabled=no

Jump semua paket yang melewati router ke dalam virus chain

/ip firewall filter add chain=forward action=jump jump-target=virus comment=”Jump to The Virus Chain” disabled=no

Accept Established and Related Connection

/ip firewall filter add chain=input connection-state=established action=accept comment=”Accept Established Connections” disabled=no

/ip firewall filter add chain=input connection-state=related action=accept comment=”Accept Related Connections” disabled=no

Drop Invalid Connection

/ip firewall filter add chain=input connection-state=invalid action=drop comment=”Drop Invalid Connections” disabled=no

Accept UDP Connection, Limited Pings and Drop Excess Ping

/ip firewall filter add chain=input protocol=udp action=accept comment=”UDP” disabled=no

/ip firewall filter add chain=input protocol=icmp limit=50/5s,2 action=accept comment=”Allow Limited Pings” disabled=no

/ip firewall filter add chain=input protocol=icmp action=drop comment=”Drop Excess Pings” disabled=no

Allow Input Connection From Trusted Networks

/ip firewall filter add chain=input protocol=tcp dst-port=21 src-address-list=trusted-network action=accept comment=”FTP” disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=22 src-address-list=trusted-network action=accept comment=”SSH for Secure Shell” disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=23 src-address-list=trusted-network action=accept comment=”Telnet” disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=80 src-address-list=trusted-network action=accept comment=”Web” disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=8291 src-address-list=trusted-network action=accept comment=”Winbox” disabled=no

/ip firewall filter add chain=input protocol=tcp dst-port=1723 action=accept comment=”pptp-server” disabled=no

/ip firewall filter add chain=input src-address-list=trusted-network action=accept comment=”From Trusted Network” disabled=no

Log All and Drop Everything Else

/ip firewall filter add chain=input action=log log-prefix=”DROP INPUT” comment=”Log Everything Else” disabled=no

/ip firewall filter add chain=input action=drop comment=”Drop Everything Else” disabled=no

Dengan Firewall diatas maka :

  1. Router hanya dapat diakses service FTP, SSH, Web dan Winbox dari IP yang telah didefinisikan dalam address-list “trusted-network”.
  2. Port-port yang sering dimanfaatkan oleh virus di blok oleh Router sehingga traffic virus tidak dapat melewati Router, tetapi perlu diperhatikan jika ada user yang mengakses service tertentu harus dicek pada chain=”virus” apakah port yang dibutuhkan user tersebut terblok oleh firewall atau tidak.
  3. Ping Request dibatasi untuk menghindari excess ping.
NB : Perlu diperhatikan bahwa default user dari mikrotik ini adalah admin. Untuk lebih safe nya, buat user baru dan password dengan group full kemudian disable user admin, hal ini untuk meminimasi resiko router mikrotik di hack orang.
Diposting oleh di Tidak ada komentar:

Jumat, 09 Mei 2008

User Manager Untuk Hotspot Mikrotik

User Manager Untuk Hotspot Mikrotik
Written by Fajar
Monday, 31 December 2007
User Manager Mikrotik merupakan management system yang apat dipergunakan untuk memanage user sbb:
  1. HotSpot users
  2. PPP (PPtP/PPPoE) users
  3. DHCP users
  4. Wireless users
  5. RouterOS users.
  • Pada tulisan ini akan sedikit diulas mengenai User Manager untuk hotspot user. Sebelumnya paket hotspot dan dhcp server harus sudah terintall/enable dan dikonfigurasi terlebih dahulu pada Mikrotik RouterOS. Asumsi pada tulisan ini RouterOS terdiri atas 1 Wlan dan 1 ether. Ether sebagai interface yang terhubung ke internet sedangkan wlan sebagai interface yang terhubung ke hotspot client.Ip ether 1 192.168.0.40 dan wlan 1 dengan ip 172.16.0.1/24. Langkah-langkahnya sebagai berikut:
  • 1. Set DHCP Server pada interface wlan1 ( Set Dhcp server ada pada tulisan terdahulu).
  • 2. Set Hostpot 
  • / ip hotspot profile set hsprof1 use-radius=yes
  • 3. Set Radius Client untuk User Manager menangani hotspot
  • / radius add service=hotspot address=172.16.0.1 secret=123456
  • Sebagai catatan pertama kali hotspot user autentifikasi akan membaca pada database /ip hotspot user print. Remove data pada direktori ini agar autentifikasi pada radius.

4. Install User Manager

- Buka system packages dari winbox atau terminal

/system/packages/print - Jika belum ada paket user manager install dulu. Karena User-manager merupakan paket terpisah dari router os MT. Pastikan versi outer OS sama dengan versi paket user manager. Misalnya jika router os kita 2.9.50 maka paket user-manager juga harus 2.9.50. Download dari http://www.mikrotik.com/download.html, pilih salah paket user-manager-2.9.x.npk dari paket zip - Upload via Program FTP Ke Mikrotik Server - Reboot Mikrotik Server - Cek system packages spt no 1, jika user manager belum aktif diaktifkan terlebih dahulu kemudian reboot. Jika sudah aktif - buka http://192.168.0.40/userman - Jika sudah bisa terbuka halaman login user manager, berarti user manager sudah aktif.

  • 5. Buat Pada User Manager nama subcriber
  • / tool user-manager customer add login="admin" password=123 permissions=owner
  • 6. Buat Hotspot Router
  • / tool user-manager router add subscriber=admin ip-address=172.16.0.1 shared-secret=123456
  • 7. Buat User untuk Hotspot
  • / tool user-manager user add username=fajar password=123 subscriber=admin
Silahkan dicoba untuk konek hotspot dengan laptop dan User manager dapat diakses melalui http://192.168.0.40/userman. Menu-menu yang terdapat di dalamnya antara lain status login, add user, delete user, log dan lain-lain. Lengkapnya seperti ini http://wiki.mikrotik.com/wiki/User_Manager/Customer_page Referensi: http://wiki.mikrotik.com/wiki/MikroTik_User_Manager http://wiki.mikrotik.com/wiki/User_Manager/Hotspot_Example
Diposting oleh di Tidak ada komentar:

Selasa, 06 Mei 2008

Mikrotik crack download at local server

Mikrotik iso crack juga dapat di download di server Indonesia, gigeupload.com silahkan klik disini

Download mikrotik crack bajakan

Maaf rekan2, untuk mikrotik yg download di rapidshare udah expired silahkan download yg di indowebster http://rapidshare.com/files/31374001/mikrotik-2.9.27.rar --->link ini udah expired update (2 Des 2007): http://www.indowebster.com/mikrotik2927cracked.html --->valid

Diposting oleh di Tidak ada komentar:

Why choose Mikrotik?

Why choose Mikrotik?

  • Cost effective solution
  • High-speed wireless data links (Up to 108Mbps)
  • Connection distance up to 70 km without repeater sites.
  • IP - NAT, Routing, DHCP
  • Security - Firewall, Secure Tunnels
  • Control - Queues, Proxy, Accounting, HotSpot
  • Fast and simple installation for base station and clients
  • Reliable and instant 24 hour internet access

Basic requirements to create a wireless links are:

  • Direct Line of sight between both points of presence
  • Distance between points of presence is:
    • up to 25 km for point-to-multipoint links
    • up to 70 km for point-to-point links
  • Use of 2.4 or 5.2-5.8 GHz solutions according to the local regulations. In some countries obtaining a special license might be required.
wireless systems come with Mikrotik RouterOS software preinstalled. RouterOS will enable you to use many features such as: firewall, NAT, bandwidth management, different kinds of tunnels, HotSpot and others.
Diposting oleh di Tidak ada komentar:

Video tutorial mikrotik

You can found many tutorial mikrotik by following this link: Video tutorial mikrotik
Diposting oleh di Tidak ada komentar:

Tutorial Mikrotik VPN : EoIP

Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol that creates an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet level traffic (all Ethernet protocols) will be bridged just as if there where a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple network schemes possible.

Network setups with EoIP interfaces:

  • Possibility to bridge LANs over the Internet
  • Possibility to bridge LANs over encrypted tunnels
  • Possibility to bridge LANs over 802.11b 'ad-hoc' wireless networks
An EoIP interface should be configured on two routers that have the possibility for an IP level connection. The EoIP tunnel may run over an IPIP tunnel, a PPTP 128bit encrypted tunnel, a PPPoE connection, or any connection that transports IP.

Specific Properties:

  • Each EoIP tunnel interface can connect with one remote router which has a corresponding interface configured with the same 'Tunnel ID'.
  • The EoIP interface appears as an Ethernet interface under the interface list.
  • This interface supports all features of and Ethernet interface. IP addresses and other tunnels may be run over the interface.
  • The EoIP protocol encapsulates Ethernet frames in GRE (IP protocol number 47) packets (just like PPTP) and sends them to the remote side of the EoIP tunnel.
  • Maximal count of EoIP tunnels is 65536.
This is how to set up EoIP to bridge two (or more) Mikrotik routers for central PPPoE authentication Using 2 routers called R1 and R2 that have an IP connection between them and R2 has 2 ethernet ports, i.e. you can ping rB from R1 and R1 from R2 where the R1 facing eth port is called eth1 and its other port is called eth2. 1. create a new EoIP tunnel on R1. 2. create a new EoIP tunnel on R2, where the tunnel ID is the same as the one on R1 but the MAC addreses are different. 4. create a new bridge on R1 and R2 3. add a PPPoE server to the Bridge on R1. 4. on R2 and add eth2 and the EoIP tunnel to the bridge. 5. put an IP address onto eth2 (any address seems to work, but it maybe better to use a different subnet for routing purposes). Now you should be able to establish a PPPoE connection from a PC plugged into the eth2 port on router R2, this PPPoE connection will terminate on router R1. This is not the most efficient method of using the available bandwidth on a network, but is perhaps easier than having a PPPoE A/C on every Mikrotik router and using RADIUS as you can just have PPP secrets setup on one router. taken from http://wiki.mikrotik.com/wiki/EoIP
Diposting oleh di Tidak ada komentar:

Tutorial Mikrotik VPN : Point to Point Tunnel Protocol (PPTP)

Summary PPTP (Point to Point Tunnel Protocol) supports encrypted tunnels over IP. The MikroTik RouterOS implementation includes support fot PPTP client and server. General applications of PPTP tunnels: * For secure router-to-router tunnels over the Internet * To link (bridge) local Intranets or LANs (when EoIP is also used) * For mobile or remote clients to remotely access an Intranet/LAN of a company (see PPTP setup for Windows for more information) Each PPTP connection is composed of a server and a client. The MikroTik RouterOS may function as a server or client – or, for various configurations, it may be the server for some connections and client for other connections. For example, the client created below could connect to a Windows 2000 server, another MikroTik Router, or another router which supports a PPTP server. Description PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows). PPTP includes PPP authentication and accounting for each PPTP connection. Full authentication and accounting of each connection may be done through a RADIUS client or locally. MPPE 40bit RC4 and MPPE 128bit RC4 encryption are supported. PPTP traffic uses TCP port 1723 and IP protocol GRE (Generic Routing Encapsulation, IP protocol ID 47), as assigned by the Internet Assigned Numbers Authority (IANA). PPTP can be used with most firewalls and routers by enabling traffic destined for TCP port 1723 and protocol 47 traffic to be routed through the firewall or router. PPTP connections may be limited or impossible to setup though a masqueraded/NAT IP connection. Please see the Microsoft and RFC links at the end of this section for more information. PPTP Client Setup Submenu level : /interface pptp-client Property Description name (name; default: pptp-out1) - interface name for reference mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets) mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MRU to 1460 to avoid fragmentation of packets) connect-to (IP address)- the IP address of the PPTP server to connect to user (string)- user name to use when logging on to the remote server password (string; default: "")- user password to use when logging to the remote server profile (name; default: default) - profile to use when connecting to the remote server add-default-route (yes | no; default: no) - whether to use the server which this client is connected to as its default router (gateway) Example To set up PPTP client named test2 using username john with password john to connect to the 10.1.1.12 PPTP server and use it as the default gateway: [admin@MikroTik] interface pptp-client> add name=test2 connect-to=10.1.1.12 \ \... user=john add-default-route=yes password=john [admin@MikroTik] interface pptp-client> print Flags: X - disabled, R - running 0 X name="test2" mtu=1460 mru=1460 connect-to=10.1.1.12 user="john" password="john" profile=default add-default-route=yes [admin@MikroTik] interface pptp-client> enable 0 Monitoring PPTP Client Command name : /interface pptp-client monitor Property Description Statistics: uptime (time) - connection time displayed in days, hours, minutes, and seconds encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection status (string) - status of the client: # Dialing – attempting to make a connection # Verifying password... - connection has been established to the server, password verification in progress # Connected – self-explanatory # Terminated – interface is not enabled or the other side will not establish a connection Example Example of an established connection: [admin@MikroTik] interface pptp-client> monitor test2 uptime: 4h35s encoding: MPPE 128 bit, stateless status: Connected [admin@MikroTik] interface pptp-client> PPTP Server Setup Submenu level : /interface pptp-server server [admin@MikroTik] interface pptp-server server> print enabled: no mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@MikroTik] interface pptp-server server> Description The PPTP server supports unlimited connections from clients. For each current connection, a dynamic interface is created. Property Description enabled (yes | no; default: no) - defines whether PPTP server is enabled or not mtu (integer; default: 1460) - Maximum Transmit Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets) mru (integer; default: 1460) - Maximum Receive Unit. The optimal value is the MTU of the interface the tunnel is working over decreased by 40 (so, for 1500-byte ethernet link, set the MTU to 1460 to avoid fragmentation of packets) authentication (multiple choice: pap | chap | mschap1 | mschap2; default: mschap2) - authentication algorithm default-profile (name; default: default) - default profile to use Example To enable PPTP server: [admin@MikroTik] interface pptp-server server> set enabled=yes [admin@MikroTik] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@MikroTik] interface pptp-server server> PPTP Server Users Submenu level : /interface pptp-server Description There are two types of items in PPTP server configuration - static users and dynamic connections. A dynamic connection can be established if the user database or the default-profile has its local-address and remote-address set correctly. When static users are added, the default profile may be left with its default values and only P2P user (in /ppp secret) should be configured. Note that in both cases P2P users must be configured properly. Property Description name - interface name user - the name of the user that is configured statically or added dynamically Statistics: mtu - shows (cannot be set here) client's MTU client-address - shows (cannot be set here) the IP of the connected client uptime - shows how long the client is connected encoding (string) - encryption and encoding (if asymmetric, separated with '/') being used in this connection Example To add a static entry for ex1 user: [admin@MikroTik] interface pptp-server> add user=ex1 [admin@MikroTik] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENC... 0 DR ex 1460 10.0.0.202 6m32s none 1 pptp-in1 ex1 [admin@MikroTik] interface pptp-server> In this example an already connected user ex is shown besides the one we just added. PPTP Router-to-Router Secure Tunnel Example The following is an example of connecting two Intranets using an encrypted PPTP tunnel over the Internet. There are two routers in this example: * [HomeOffice] Interface LocalHomeOffice 10.150.2.254/24 Interface ToInternet 192.168.80.1/24 * [RemoteOffice] Interface ToInternet 192.168.81.1/24 Interface LocalRemoteOffice 10.150.1.254/24 Each router is connected to a different ISP. One router can access another router through the Internet. On the PPTP server a user must be set up for the client: [admin@HomeOffice] ppp secret> add name=ex service=pptp password=lkjrht local-address=10.0.103.1 remote-address=10.0.103.2 [admin@HomeOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=="" [admin@HomeOffice] ppp secret> Then the user should be added in the PPTP server list: [admin@HomeOffice] interface pptp-server> add user=ex [admin@HomeOffice] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENC... 0 pptp-in1 ex [admin@HomeOffice] interface pptp-server> And finally, the server must be enabled: [admin@HomeOffice] interface pptp-server server> set enabled=yes [admin@HomeOffice] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@HomeOffice] interface pptp-server server> Add a PPTP client to the RemoteOffice router: [admin@RemoteOffice] interface pptp-client> add connect-to=192.168.80.1 user=ex \ \... password=lkjrht disabled=no [admin@RemoteOffice] interface pptp-client> print Flags: X - disabled, R - running 0 R name="pptp-out1" mtu=1460 mru=1460 connect-to=192.168.80.1 user="ex" password="lkjrht" profile=default add-default-route=no [admin@RemoteOffice] interface pptp-client> Thus, a PPTP tunnel is created between the routers. This tunnel is like an Ethernet point-to-point connection between the routers with IP addresses 10.0.103.1 and 10.0.103.2 at each router. It enables 'direct' communication between the routers over third party networks. To route the local Intranets over the PPTP tunnel – add these routes: [admin@HomeOffice] > ip route add dst-address 10.150.1.0/24 gateway 10.0.103.2 [admin@RemoteOffice] > ip route add dst-address 10.150.2.0/24 gateway 10.0.103.1 On the PPTP server it can alternatively be done using routes parameter of the user configuration: [admin@HomeOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes=="" [admin@HomeOffice] ppp secret> set 0 routes="10.150.1.0/24 10.0.103.2 1" [admin@HomeOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.0.103.1 remote-address=10.0.103.2 routes="10.150.1.0/24 10.0.103.2 1" [admin@HomeOffice] ppp secret> Test the PPTP tunnel connection: [admin@RemoteOffice]> /ping 10.0.103.1 10.0.103.1 pong: ttl=255 time=3 ms 10.0.103.1 pong: ttl=255 time=3 ms 10.0.103.1 pong: ttl=255 time=3 ms ping interrupted 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 3/3.0/3 ms Test the connection through the PPTP tunnel to the LocalHomeOffice interface: [admin@RemoteOffice]> /ping 10.150.2.254 10.150.2.254 pong: ttl=255 time=3 ms 10.150.2.254 pong: ttl=255 time=3 ms 10.150.2.254 pong: ttl=255 time=3 ms ping interrupted 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 3/3.0/3 ms To bridge a LAN over this secure tunnel, please see the example in the 'EoIP' section of the manual. To set the maximum speed for traffic over this tunnel, please consult the 'Queues' section. Connecting a Remote Client via PPTP Tunnel The following example shows how to connect a computer to a remote office network over PPTP encrypted tunnel giving that computer an IP address from the same network as the remote office has (without need of bridging over eoip tunnels) Please, consult the respective manual on how to set up a PPTP client with the software You are using. The router in this example: * [RemoteOffice] Interface ToInternet 192.168.81.1/24 Interface Office 10.150.1.254/24 The client computer can access the router through the Internet. On the PPTP server a user must be set up for the client: [admin@RemoteOffice] ppp secret> add name=ex service=pptp password=lkjrht local-address=10.150.1.254 remote-address=10.150.1.2 [admin@RemoteOffice] ppp secret> print detail Flags: X - disabled 0 name="ex" service=pptp caller-id="" password="lkjrht" profile=default local-address=10.150.1.254 remote-address=10.150.1.2 routes=="" [admin@RemoteOffice] ppp secret> Then the user should be added in the PPTP server list: [admin@RemoteOffice] interface pptp-server> add name=FromLaptop user=ex [admin@RemoteOffice] interface pptp-server> print Flags: X - disabled, D - dynamic, R - running # NAME USER MTU CLIENT-ADDRESS UPTIME ENC... 0 FromLaptop ex [admin@RemoteOffice] interface pptp-server> And the server must be enabled: [admin@RemoteOffice] interface pptp-server server> set enabled=yes [admin@RemoteOffice] interface pptp-server server> print enabled: yes mtu: 1460 mru: 1460 authentication: mschap2 default-profile: default [admin@RemoteOffice] interface pptp-server server> Finally, the proxy APR must be enabled on the 'Office' interface: [admin@RemoteOffice] interface ethernet> set Office arp=proxy-arp [admin@RemoteOffice] interface ethernet> print Flags: X - disabled, R - running # NAME MTU MAC-ADDRESS ARP 0 R ToInternet 1500 00:30:4F:0B:7B:C1 enabled 1 R Office 1500 00:30:4F:06:62:12 proxy-arp [admin@RemoteOffice] interface ethernet> ref: http://www.mikrotik.com/documentation//manual_2.7/Interface/PPTP.html

Diposting oleh di Tidak ada komentar:
Langganan: Postingan (Atom)