Langsung ke konten utama

SSTP Configuration Mikrotik



Make certificate templates
/certificate
add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign
add name=server-template common-name=server
add name=client1-template common-name=client1
add name=client2-template common-name=client2

Sign certificates and add CRL url. We will use IP address of the server as CRL URL.
/certificate
sign ca-template ca-crl-host=10.5.101.16 name=myCa
sign server-template ca=myCa name=server
sign client1-template ca=myCa name=client1
sign client2-template ca=myCa name=client2
Note: If signing certificates on mipbe cpu based devices(RB7xx,RB2011,RB9xx) then this process might take a while depending on key-size of specific certificate. With values 4k and higher it might take a substantial time to sign this specific certificate.

If certificate does not have T flag then you need to set it as trusted before using it:
/certificate
set myCa trusted=yes
set server trusted=yes
Export client certificates with keys and CA certificate:
/certificate export-certificate myCa
/certificate export-certificate client1 export-passphrase=xxxxxxxx
/certificate export-certificate client2 export-passphrase=xxxxxxxx
Now these exported files can be imported on client machines.
If everything went well you should have something like this:
[admin@pe0] /certificate> print
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key,
A - authority, I - issued, R - revoked, E - expired, T - trusted
 #         NAME               COMMON-NAME               FINGERPRINT             
 0 K L A T myCa               myCa                      7fa636e6576495fe78f1a4...
 1 K   I T server             server                    cf0650a291bf4685f2fbd3...
 2 K   I   client1            client1                   26233de30e89b203b946ab...
 3 K   I   client2            client2                   cf172b62201befaf8d8966...



Import certificates
To import newly created certificates to your router, first you have to upload server.crt and server.key files to the router via FTP. Now go to /certificatesubmenu and run following commands:
[admin@test_host] /certificate> import file-name=server.crt
passphrase:
     certificates-imported: 1
     private-keys-imported: 0
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0
[admin@test_host] /certificate> import file-name=server.key
passphrase:
     certificates-imported: 0
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0

If everything is imported properly then certificate should show up with KT flag.


Create Server
/interface sstp-server server set certificate=server
/interface sstp-server server set enabled=yes

/interface sstp-server server print
                    enabled: no
                       port: 443
                    max-mtu: 1500
                    max-mru: 1500
                       mrru: disabled
          keepalive-timeout: 60
            default-profile: default
             authentication: pap,chap,mschap1,mschap2
                certificate: none
  verify-client-certificate: no
                  force-aes: no






SSTP CLIENT






Komentar

Posting Komentar

Postingan populer dari blog ini

Whitelist URL di Mikrotik dengan layer 7 protocol

Whitelist URL Mikrotik dengan layer 7 protocol Pada kasus kali ini user hanya boleh akses website kompas.com dan detik.com saja, selain itu di blok (drop). Hanya dua step yang perlu dilakukan: Step1. Create regexp at ip firewall, layer 7 protocol. /ip firewall layer7-protocol add name=whitelist regexp=^.+kompas|detik.* /ip firewall layer7-protocol add name=blacklist regexp=^.*.*$ Step2. Create filter rules /ip firewall filter add chain=forward layer7-protocol=whitelist action=accept /ip firewall filter add chain=forward layer7-protocol=blacklist action=drop Pastikan posisi filter rules dengan action accept diatas drop, jika posisi ini terbalik dipastikan semua website tidak bisa diakses. Jika dua step diatas dilakukan dengan benar, dipastikan hanya dua website di whitelist yang bisa diakses oleh user. Selesai. Mei, 2014 – Riri Rizal
Posting Komentar
Baca selengkapnya

Setup Bridge on Mikrotik

Pada kasus ini, router yang digunakan adalah RB450. Reset semua konfigurasi pada router, kemudian lakukan konfigurasi seperti ini: via terminal: > interface bridge add name=bridge1 > interface bridge port add interface=ether1 bridge=bridge1 > interface bridge port add interface=ether2 bridge=bridge1 > interface bridge port add interface=ether3 bridge=bridge1 > interface bridge port add interface=ether4 bridge=bridge1 > interface bridge port add interface=ether5 bridge=bridge1 Konfigurasi diatas akan memfungsikan semua port pada RB450 menjadi switch. Untuk memproses traffic yang lewat melalui firewall, tinggal ditambahkan konfigurasi seperti dibawah ini. > interface bridge settings set use-ip-firewall=yes Tap jangan lupa untuk menambah konfigurasi firewall pada ip firewall filter (sesuai kebutuhan)
Posting Komentar
Baca selengkapnya

Pagefile size bigger than 4095MB on Windows Server 2003

The pagefile size on Windows Server 2003 x86 and other Windows x86 platforms is limited to 4095 MB per pagefile. But a lot of Windows Server 2003 systems already have 4GB RAM and are using PAE ( Physical Address Extension ) to use them. So it would be useful to create more than 4 GB pagefiles. Microsofts solution for this is to create multiple pagefiles. You can now create multiple pagefiles on different partitions. If you don’t have enough partitions or you just have one, you can create multiple pagefile in different folders by using the Windows Registry. Create the folders on the drive where the pagefiles should be located. For example, C:\Pagefile1, C:\Pagefile2, and C:\Pagefile3. Open regedit.exe I would recommend to create a backup of the registry locate this key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SessionManager\MemoryManagement Edit the value “PagingFiles” Remove the existing values and add the following values: C:\Pagefile1\pagefile.sys 4096 4096 C...
Posting Komentar
Baca selengkapnya