Tuesday, September 25, 2012

VPN Server with MikroTik RB750 or RB1000


In this article I will be sharing about how to create a VPN server with MikroTik RB750 using PPTP protocol. One of the benefits is that we can create a VPN connection between computers in the workplace with a computer at home. Here's a picture that I use network topology:
 

Because by default MikroTik RB750 has been configured as an Internet gateway, so here I just add another few settings so that we can make VPN Server. Here are the steps on how to create a VPN server with MikroTik RB750 using PPTP protocol.
  1. Turn off the DHCP client on the interface 0 (ether1-gateway)                                                      ip dhcp-client disable 0
  2. Provide IP Address Public on ether1-gateway
    ip address add address=121.212.12.12/29 interface=ether1-gateway
  1. Add IP Filter Firewall follows:                                                                                                      ip firewall filter add chain=input in-interface=ether1-gateway connection-state=new acction=accept
  2. Add Create IP Pool, to provide dynamic IP address for the VPN client connected.                    ip pool add name=vpn-pool ranges=10.10.10.2-10.10.10.5
  3. Create PPP Profile
    ppp profile add name=vpn-profile local-address=10.10.10.1 remote-address=vpn-pool
  4. Create PPP Secret
    ppp secret add name=user-vpn01 password=user-password01 service=pptp profile=vpn-profile
  5. Enable PPTP Server
    interface pptp-server server set enable=yes


Creating a VPN Client in Windows XP
Once the VPN server on MikroTik RB750 work we created, the next step is to create a VPN Client on our home computer. Here I will outline langkah2 make VPN Client on the computers that use Windows XP.

     Open the Control Panel - Network Connections icon click
     Click Create a new connection - click Next
     In the Network Connection Type window, select Connect to the network at my workplace - click Next
     In the Create the following connection option, select Virtual Private Network connection - click Next
     Fill in the fields Company Name, eg VPNKU - click Next
     In the next window enter the IP address of the MikroTik RB750 public address which we will call, ie 121.212.12.12
     Click Next - Click Finish.
     To try VPN, double click the icon VPNKU, the Connect window VPNKU fill-vpn01 username = user password = user-password01 as it was made before.
     If already connected will be no notification "VPNKU is now connected" right corner of the monitor. To view the network status information, double click the icon aja and we will get something like the following:

Now your computer is connected to a LAN network using a gateway Mikrotik RB750, we can perform data transfer to a printer sharring printer, server remotely and so forth. Our internet connection was already using the gateway MikroTik RB750, to try to do the command tracert google.com wrote and note the difference between pre-connect and post-connect to the  VPN.

Gud luck



Posted by at 5 comments:

Monday, September 24, 2012

Bandwidth Management Mikrotik Extension List

Bandwidth Management Mikrotik Extension List


Limiting bandwidth downloading Based on the file extension

Beginning with the creation mangle first aimed as a liaison between the file downloads are filtered by the firewall then execute the function queue

Ip firewall mangle add chain = forward action = mark-packet new-packet-mark = downloads-packet passthrough = protocol = tcp src yess-address-list = downloads

Here is a function to run the queue.

Queue simple add name = download-files interface = all parent = none packet-marks = download packet-direction = both priority = 8 queue = default-small/default-small limit-at = 0/0 max-limit = 1m/512k burst-limit = 0/0 burst-threshold = 0/0 burst-time = 0s/0s total-queue = default-small

Next granting extension file to the download limit

Ip firewall filter add chain = forward action = add-dst-to-address-list protocol = tcp src-address = 192.168.1.0/24 address-list = downloads address-list-timeout = 5m content =. Mp3

This method has been done on RB750, RB1000, and RB1200



Enjoy
Posted by at No comments:

Sunday, September 23, 2012

Block Torrent Connection

Block Torrent Connection



IP > Firewall > Filter Rules fill like below
Tab General
Chain : forward
src-address : 192.168.1.0/24 - Assume Ip address
P2P : all-p2p
Tab Action
Action : Drop
klik Apply
Atau copas ini ke New Terminal agan :
/ip firewall filter
add action=drop chain=forward comment="blokir torrent"
    disabled=no p2p=all-p2p

Block Torrent With Mikrotik
Run torrent application and see the statistic 
gud luck
 
SECOND METHOD:

Assume you want to block torrent & p2p traffic on 192.168.1.0/24
/ip firewall layer7-protocol>
use winbox to copy paste name=torrentsites
regexp:
^.*(get|GET).+(torrent|

thepiratebay|isohunt|entertane|demonoid|btjunkie|mininova|flixflux|

torrentz|vertor|h33t|btscene|bitunity|bittoxic|thunderbytes|

entertane|zoozle|vcdq|bitnova|bitsoup|meganova|fulldls|btbot|

flixflux|seedpeer|fenopy|gpirate|commonbits).*$


/ip firewall filter>
add chain=forward src-address=192.168.1.0/24 layer7-protocol=torrentsites action=drop comment=torrentsites
add chain=forward src-address=192.168.1.0/24 protocol=17 dst-port=53 layer7-protocol=torrentsites action=drop comment=dropDNS
add chain=forward src-address=192.168.1.0/24 content=torrent action=drop comment=keyword_drop
add chain=forward src-address=192.168.1.0/24 content=tracker action=drop comment=trackers_drop
add chain=forward src-address=192.168.1.0/24 content=getpeers action=drop comment=get_peers_drop
add chain=forward src-address=192.168.1.0/24 content=info_hash action=drop comment=info_hash_drop
add chain=forward src-address=192.168.1.0/24 content=announce_peers action=drop comment=announce_peers_drop

& also use default rule to drop p2p traffic which alone is not working for me

add chain=forward src-address=192.168.1.0/24 p2p=all-p2p action=drop comment=p2p_drop

Gud luck
Posted by at 7 comments:

Friday, September 21, 2012

Bandwidth Management based on time



Bandwidth Differentiating by time

Some of the ways we can find to make a distinction bandwidth by the time we wanted. The following inform me how I know and the easiest. This process I have ever been run on Mikrotik RB750, RB1000 and RB1200. please try

I use Simple Queue menu, Script and Scheduler.

Is like we have a network 192.168.1.0/24 and want to set the bandwidth to differentiate on day and night. as details below
Network 192.168.1.0/24
Bandwidth = 06:00am – 18:00pm – 1Mbps. <Max-Limit>
Bandwidth = 18:00pm – 06:00am – 2Mbps. <Max-Limit>
Create two simple queue on the same network with a different bandwidth.
/queue simple
#name=”Day” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8
queue=default-small/default-small limit-at=512k/512k
max-limit=1M/1M total-queue=default-small

#name=”Night” target-addresses=192.168.1.0/24 dst-address=0.0.0.0/0
interface=<ether-x> parent=none direction=both priority=8
queue=default-small/default-small limit-at=1M/1M
max-limit=2M/2M total-queue=default-small
Then copy the following script:
/system script
#name=”Day” source=/queue simple enable Day; /queue simple disable Night

#name=”Night” source=/queue simple enable Night; /queue simple disable Day
And Schedule:
/system scheduler
#name=”Day” on-event=Day policy=read,write start-date=oct/13/2007 start-time=06:00:00 interval=1d

#name=”Night” on-event=Night policy=read,write start-date=oct/13/2007 start-time=18:00:00 interval=1d

FYI: setting the clock on the system clock to run first.

if the process is not running make sure the setting on the router with the same schedulernya system.

Good luck
Posted by at 1 comment:
Subscribe to: Posts (Atom)