آموزش میکروتیک
راهانداری Mikrotik RouterOS از طریق Terminal و فایل Backup
در صورتی که به هر علت امکان ارتباط با Mikrotik RouterOS از طریق Winbox ممکن نبود میتوانیم Mikrotik RouterOS را از طریق Terminal و فایل Backup گرفته شده مجددا راهاندازی نماییم. برای این منظور دستورات زیر را از طریق Terminal اجرا میکنیم:
System Backup Load Name=Your Backup Name
Then Enter Your Password and Press Y
بهروزرسانی Mikrotik RouterOS
Quick Set|Check For Updates
Channel : current
Download and Install
Channel : development
Download and Install
راهاندازی Openvpn Server در Mikrotik RouterOS
مرحله اول :
IP|Pool|+
Name : Pool-OVPN
Address : 10.0.0.2-10.0.0.100
Ok
مرحله دوم :
ادامهPPP|Interface Tab|+|OVPN Server Binding
Name : VPN-OVPN
Ok
مرحله سوم :
PPP|Profile Tab|+
General Tab
Name : Profile-OVPN
Local Address : 10.0.0.1
Remote Address : Pool-OVPN
DNS Server : 8.8.8.8
Protocols Tab
Use Encryption(Yes)
Ok
مرحله چهارم :
IP|Firewall|Filter Rules Tab|+
General Tab
Chain : Input
Protocol : UDP
DST.Port : 1100
Action Tab
Action : Accept
Ok
مرحله پنجم :
PPP|Interface|OVPN Server
Enable(checked)
Port : 1100
Protocol : udp
Keepalive Timeout : 100
Default Profile : Profile-OVPN
Certificate : Server
Require Client Certificate(checked)
sha1(checked)
aes 256(checked)
Ok
مرحله ششم :
IP|Firewall|NAT Tab|+
General Tab
Chain : srcnat
Src Address : 10.0.0.0/24
Out.Interface : ether1
Action Tab
Action : masqurade
Ok
مرحله هفتم :
System|Certificates|+
General Tab
Name : ca
Common Name : ca
Key Usage Tab
crl sign(checked)
key cert sign(checked)
Apply
Sign
Certificate : ca
Start
Close
Close
+
General Tab
Name : server
Common Name : server
Trusted(checked)
Key Usage Tab
digital signature(checked)
key enciphement(checked)
tls server(checked)
Apply
Sign
Certificate : server
CA : ca
Start
Close
Close
+
General Tab
Name : client
Common Name : client
Key Usage Tab
tls client(checked)
Apply
Sign
Certificate : client
CA : ca
Start
Close
Close
مرحله هشتم :
System|Certificates
In Certificate Session Double Click On ca and in Opened Windows Click on Export
In Opened Windows Select Certificate : ca and Click on Export
Again Click on Export and In Opened Windows Select Certificate : client and Fill Passphrase TextBox With 10101010101010101010101010101010 and Click on Export
Click on Ok
Click on Close
مرحله نهم :
Go to Files and Copy cert_export_ca.crt and cert_export_client.crt and cert_export_client.key to Your C Drive and Rename Them to ca.crt and client.crt and client.key Respectively.
مرحله دهم :
Download OpenSSL From Here
مرحله یازدهم :
Extract Downloaded File to C Drive
Copy client.key From C Drive and Paste it in C:\openssl
Open CMD as Administrator and go to C:\openssl Path and Execute Below Command
openssl.exe
rsa -in client.key -out new_client.key
Then Enter Passphrase 10101010101010101010101010101010
Copy new_client.key to C Drive
مرحله دوازدهم :
Download configuration_file From Here
مرحله سیزدهم :
Open configuration_file.ovpn Via Notepad++ and Replace Server_IP and Port With Your Server IP And Defined Port in Step 4
Open ca.crt and client.crt and new_client.key Via Notepad++ and Replace Session (1) and (2) and (3) of configuration_file.ovpn With Their Content Respectively
Save Change
مرحله چهاردهم :
PPP|Secrets Tab|+
Name : Username
Password : Password
Service : ovpn
Profile : Profile-OVPN
Ok
مرحله پانزدهم :
Download and Install Openvpn Client and Import Configuration_file.ovpn
Use Defined Username and Password Session 13 for Connect to VPN.
راهاندازی L2TP VPN Server در Mikrotik RouterOS
مرحله اول :
IP|Pool|+
Name : Pool_L2TP
Address : 192.168.200.2-192.168.200.200
Apply
Ok
مرحله دوم :
PPP|Profile Tab|+
General Tab
Name : Profile_L2TP
Local Address : 192.168.200.1
Remote Address : Pool_L2TP
Protocols Tab
Use Encryption(Yes)
Ok
مرحله سوم :
PPP|Interface Tab|L2TP Server Tab
Enable(Checked)
Default Profile : Profile_L2TP
Authentication :
mschap2(Checked)
mschap1(Checked)
chap(Checked)
Use IPsec(Yes)
IPsec Secret : 10101010101010101010101010101010
Allow Fast Path(Checked)
Ok
مرحله چهارم :
PPP|Interface Tab|L2TP Server Binding
General Tab
Name : VPN_L2TP
Ok
مرحله پنجم :
PPP|Secrets Tap
Name : Username
Password : Password
Service : L2TP
Profile : Profile_L2TP
Ok
مرحله ششم :
IP|Firewall|NAT Tab|+
General Tab
Chain : srcnat
Src Address : 192.168.200.0/24
Out.Interface : ether1
Action Tab
Action : masquerade
Ok
مرحله هفتم :
IP|DNS
Servers : 8.8.8.8
Ok
راهاندازی PPTP VPN Server در Mikrotik RouterOS
مرحله اول :
IP|Pool|+
Name : Pool_PPTP
Address : 192.168.200.2-192.168.200.200
Apply
Ok
مرحله دوم :
PPP|Profile Tab|+
General Tab
Name : Profile_PPTP
Local Address : 192.168.200.1
Remote Address : Pool_PPTP
Protocols Tab
Use Encryption(Yes)
Ok
مرحله سوم :
PPP|Interface Tab|PPTP Server Tab
Enable(Checked)
Default Profile : Profile_PPTP
Authentication :
mschap2(Checked)
mschap1(Checked)
chap(Checked)
Ok
مرحله چهارم :
PPP|Interface Tab|PPTP Server Binding
General Tab
Name : VPN_PPTP
Ok
مرحله پنجم :
PPP|Secrets Tap
Name : Username
Password : Password
Service : PPTP
Profile : Profile_PPTP
Ok
مرحله ششم :
IP|Firewall|NAT Tab|+
General Tab
Chain : srcnat
Src Address : 192.168.200.0/24
Out.Interface : ether1
Action Tab
Action : masquerade
Ok
مرحله هفتم :
IP|DNS
Servers : 8.8.8.8
Ok
راهاندازی SSTP VPN Server در Mikrotik RouterOS
مرحله اول :
IP|Pool|+
Name : Pool-SSTP
Address : 192.168.200.2-192.168.200.200
Ok
مرحله دوم :
PPP|Profile Tab|+
General Tab
Name : Profile_SSTP
Local Address : 192.168.200.1
Remote Address : Pool_SSTP
Ok
مرحله سوم :
System|Certificates|+
General Tab
Name : ca
Common Name : Public IP of VPS
Subject Alt Name : IP
Key Usage Tab
crl sign(checked)
key cert sign(checked)
Apply
Sign
Certificate : ca
CA CRL Host : Public IP of VPS
Start
Close
Ok
مرحله چهارم :
System|Certificates|+
General Tab
Name : server
Common Name : Public IP of VPS
Subject Alt Name : IP
Key Usage Tab
digital signature(checked)
key enciphement(checked)
tls server(checked)
Apply
Sign
Certificate : server
CA : ca
CA CRL Host : Public IP of VPS
Start
Close
Ok
مرحله پنجم :
System|Certificates
In Certificate Session Double Click On ca and in Opened Windows Click on Export
In Opened Windows Select Certificate : ca and Click on Export
مرحله ششم :
PPP|Interface Tab|SSTP Server Tab
Enable(Checked)
Default Profile : Profile_SSTP
Authentication :
mschap2(Checked)
mschap1(Checked)
chap(Checked)
pap(Checked)
Certificate : server
TLS Version : only 1.2
Force AES(Checked)
PFS(Checked)
Ok
مرحله هفتم :
PPP|Secrets Tap
Name : Username
Password : Password
Service : SSTP
Profile : Profile_SSTP
Ok
مرحله هشتم :
Go to Files and Copy ca.crt to Your Computer
مرحله نهم :
In Windows
Go to Run|Execute MMC Command
Then in Opened Console root Windows
Select File|Select Add/Remove Snapp-in|Then From Avaliable snap-in Panel Select Certificates|Select Add
Select Computer Account|Press Next Button|Press Finish Button|Press Ok Button
Then In Console Root Windows
Select Certificates(Local Computer)|Select Trusted Root Certification Authorities
Right Click on Certificates|Select All Tasks|Select Import|Press Next Button|Press Browse Button and select Exported ca.crt|Press Next Button|Press Finish Button