Panduan Konfigurasi VPN IPsec di MikroTik

Hello guys, meet again on the Mikrotik Indonesia YouTube channel the development of technology is now a lot of the latest mobile phone products or new generations each generation has new features too, and the old features are sometimes abandoned. one of them is the built-in VPN feature of the mobile phone on smartphones that we now encounter a lot, there is no VPN with PPTP or L2TP types. The current IPsec type is IKEv2. what is the solution for those of you who want to use the built-in VPN from a Smartphone, so that you can connect to the office using a VPN or tunnel Don't worry, MikroTik can still support your VPN needs for the tutorial please refer to this video and for those of you who haven't subscribed yet, please subscribe and click the bell so you don't miss our latest videos You must have been in a condition when outside the office maybe on vacation, it turns out that there is sudden work that requires taking files or access to local sites that have an office or access the server in the offic of course we need to use a VPN or tunnel but when you want to use a VPN or Tunnel on a Smartphone in previous versions of Smartphone software, there may be various types of VPN such as PPTP, L2TP, and some others. maybe you are now using the latest edition of a Smartphone device automatically when you check in the built-in VPN section of the Smartphone, there is no longer a PPTP or L2TP VPN feature now there is only IPsec IKEv2 What is the solution? Don't worry, MikroTik can still support your needs. when you want to access files from home or from a vacation location, you can still use IPsec IKEv2 on MikroTik. for the definition of iKEv2, this is one of the security protocols used to hesh or secure data in the IPsec Tunnel. for more details, we will try to practice it directly. for the topology you can see on the right It looks like the office already has a public IP. then underneath there is LAN or its local network of offices Let's say you're out or enjoying a vacation then there is work to be done using the website or file access in the office we can implement VPN or Tunnel for the first step, first make sure your router has done Basic Config and there is a Public IP next we will try remote on the main router here to save time I have done the basic config on the Router we will try to test it, we will Ping to 8.8.8.8 or to Google it can be seen that my Router can connect to the internet make sure you have done basic config before doing experiments like this the first step we will go to the IP-IPsec menu this is where you configure IPsec but we also have to create an IP Pool first we go to the IP-Pool menu to create it we give Name=pool-vpn for the Pool IP address range we are free to choose any number here we will specify Addresses=10.10.11.10-10.10.11.100 Here I give Name=pool-vpn-ipsec then after we create the IP Pool, we can enter IPsec on the Config Mode Tab far right here we can add it by clicking the + button please specify the name first, for example Name=vpn-ipsec-ikev We can select the Address Pool parameter in the IP Pool that we have previously created. for Address Prefix Length, we enter 32 we Uncheck the DNS parameter, because we will use the DNS from the Mobile Phone we click Apply and Ok after that we can go to the Proposals Tab in the Proposals Tab we add a new we give Name=ipsec-ikev2 here for the Auth parameter. Algorithms we use "sha256" then this one we just uncheck section we now select "aes-256 cbc" then we select PFS Group=none we click Apply and Ok we move on the next tab, which is the Groups tab, we create a new one too we give Name=ipsec-ikev2 after we make a proposal and group we can go to this Profiles section after we add it, here we use Hash Algorithm=sha256 don't forget to specify the name "ipsec-ikev" we select PRF Algorithms=atuto and Encryption Algorithm we select "aes-256" and for DH Group, we select "modp1024" and "modp2048". we click Apply and Ok after that we can go to the Policies Tab when we first add a Policy here we first activate the Template at the bottom. then we select the Group that we created earlier, we select Group=ipsec-ikev2 we select Action=Encrypt with IPsec Protocols=esp and Proposal=ipsec-ikev2 then we enter the Peers Tab we add a new one with Name=vpn-ikev2 for the one here we enter the profile that we created earlier we enter Profile=ipsec-ikev we select Exchange Mode=IKE2 don't forget to enable Passive parameters like this, then click Apply and Ok. next we go to the Identities Tab here here we use the Peer we created Peer=vpn-ikev2 then for the authentication method we select Auth. Method=pre-shared key Secret parameter is used to specify the password that we will use, for example Secret=jalanmagelang to make the writing visible, here we uncheck hide password here next we select Policy Templae Group=ipsec-ikev2 with Configuration Mode=vpn-ipsec-ikev if it looks like this, we click Apply and Ok how to configure the Router like this, it's quite easy after we configure the office MikroTik Router is complete next we will try to use the IKEv2 IPsec configuration through this Smartphone to use it we will not use additional applications we don't need to install in Playstore, because we use the built-in VPN of this Smartphone To use we can enter in the settings section of our smartphone. here we try to find the VPN menu it's in the "Connections and Sharing" section we look for the VPN menu, and in this VPN menu we add a new before adding, I will provide additional information for the type of VPN found in Smartphones of the type before this or the old Android generation there are several types of VPN, not only IKEv2. for the latest Smartphone here other VPNs such as PPTP or L2TP are no longer available. so you have to use an IKEv2 VPN. we create a new one with Name=vpn ipsec office type we select Type=IKEv2/IPsec-PSK here the server address we must enter the Public IP address installed on the office Router we enter here IPsec Identifier parameters we can specify according to taste then in this "IPsec pre-shared key" we enter the password to enter the VPN through this Smartphone we enter the Password or Secret configuration that we have previously created Okay that's right just additional information, when you have a DNS configuration on the Router, you can also enter the address of this server we Apply the configuration and enable we wait, and here we see that his smartphone is connected to the IPsec VPN in his office. okay yes, let's go back, since we are connected we will try the Ping Test or open the IP address of the website from our office. we use Ping Tool but we enter the IP address of the LAN network or laptop in the office we try Ping Okay, we have successfully pinged, then we will also try to access the webserver in the office. we can open it in a Web Browser let's try to enter the server address sometimes there are servers that use Private IP addresses, so when you want to connect, you have to want to connect to a Tunnel or VPN first. Okay, it's successfully connected here that's for the configuration which is quite easy So this method is very helpful when you have needs while outside the office. We may be enjoying our vacation time and we may have work to do. For example, if we need to move folders from the office to our vacation location or take attendance. we can use a feature in MikroTik, namely VPN IPsec IKEv2. There are also tips and tricks when you have a little trouble when trying to use IPsec IKEv2 VPN here you can explore the configuration on the Router in the IPsec section here we can make adjustments in the Profiles Tab or in Proposals but broadly speaking, the configuration is pretty much like that. quite easy indeed and also make sure when you are going to practice it using Public IP, and it is recommended to use Static Public IP when you want to use or try this IKEv2 IPsec configuration You can buy MikroTik Router products on our website citraweb.com or in your favorite Marketplace with the store name "Citraweb". So that was the process of configuring IPsec IKEv2 VPN on a MikroTik Router. Thank you for watching for those of you who have questions, you can put them in the comments column below and if you like our video please click Like and Share to others so that more people know to configure MikroTik. don't forget for those of you who haven't subscribed, please subscribe first. and click the bell so you don't miss our videos Bye.

Hello guys, meet again on the Mikrotik Indonesia YouTube channel the development of technology is now a lot of the latest mobile phone products or new generations each generation has new features too, and the old features are sometimes abandoned. one of them is the built-in VPN feature of the mobile phone on smartphones that we now encounter a lot, there is no VPN with PPTP or L2TP types. The current IPsec type is IKEv2. what is the solution for those of you who want to use the built-in VPN from a Smartphone, so that you can connect to the office using a VPN or tunnel Don't worry, MikroTik can still support your VPN needs for the tutorial please refer to this video and for those of you who haven't subscribed yet, please subscribe and click the bell so you don't miss our latest videos You must have been in a condition when outside the office maybe on vacation, it turns out that there is sudden work that requires taking files or access to local sites that have an office or access the server in the offic of course we need to use a VPN or tunnel but when you want to use a VPN or Tunnel on a Smartphone in previous versions of Smartphone software, there may be various types of VPN such as PPTP, L2TP, and some others. maybe you are now using the latest edition of a Smartphone device automatically when you check in the built-in VPN section of the Smartphone, there is no longer a PPTP or L2TP VPN feature now there is only IPsec IKEv2 What is the solution? Don't worry, MikroTik can still support your needs. when you want to access files from home or from a vacation location, you can still use IPsec IKEv2 on MikroTik. for the definition of iKEv2, this is one of the security protocols used to hesh or secure data in the IPsec Tunnel. for more details, we will try to practice it directly. for the topology you can see on the right It looks like the office already has a public IP. then underneath there is LAN or
its local network of offices Let's say you're out or enjoying a vacation then there is work to be done using the website or file access in the office we can implement VPN or Tunnel for the first step, first make sure your router has done Basic Config and there is a Public IP next we will try remote on the main router here to save time I have done the basic config on the Router we will try to test it, we will Ping to 8.8.8.8 or to Google it can be seen that my Router can connect to the internet make sure you have done basic config before doing experiments like this the first step we will go to the IP-IPsec menu this is where you configure IPsec but we also have to create an IP Pool first we go to the IP-Pool menu to create it we give Name=pool-vpn for the Pool IP address range we are free to choose any number here we will specify Addresses=10.10.11.10-10.10.11.100 Here I give Name=pool-vpn-ipsec then after we create the IP Pool, we can enter IPsec on the Config Mode Tab far right here we can add it by clicking the + button please specify the name first, for example Name=vpn-ipsec-ikev We can select the Address Pool parameter in the IP Pool that we have previously created. for Address Prefix Length, we enter 32 we Uncheck the DNS parameter, because we will use the DNS from the Mobile Phone we click Apply and Ok after that we can go to the Proposals Tab in the Proposals Tab we add a new we give Name=ipsec-ikev2 here for the Auth parameter. Algorithms we use "sha256" then this one we just uncheck section we now select "aes-256 cbc" then we select PFS Group=none we click Apply and Ok we move on the next tab, which is the Groups tab, we create a new one too we give Name=ipsec-ikev2 after we make a proposal and group we can go to this Profiles section after we add it, here we use Hash Algorithm=sha256 don't forget to specify the name "ipsec-ikev" we select PRF Algorithms=atuto and Encryption Algorithm we select "aes-256" and for DH Group, we select "modp1024" and "modp2048". we click Apply and Ok after that we can go to the Policies Tab when we first add a Policy here we first activate the Template at the bottom. then we select the Group that we created earlier, we select Group=ipsec-ikev2 we select Action=Encrypt with IPsec Protocols=esp and Proposal=ipsec-ikev2 then we enter the Peers Tab we add a new one with Name=vpn-ikev2 for the one here we enter the profile that we created earlier we enter Profile=ipsec-ikev we select Exchange Mode=IKE2 don't forget to enable Passive parameters like this, then click Apply and Ok. next we go to the Identities Tab here here we use the Peer we created Peer=vpn-ikev2 then for the authentication method we select Auth. Method=pre-shared key Secret parameter is used to specify the password that we will use, for example Secret=jalanmagelang to make the writing visible, here we uncheck hide password here next we select Policy Templae Group=ipsec-ikev2 with Configuration Mode=vpn-ipsec-ikev if it looks like this, we click Apply and Ok how to configure the Router like this, it's quite easy after we configure the office MikroTik Router is complete next we will try to use the IKEv2 IPsec configuration through this Smartphone to use it we will not use additional applications we don't need to install in Playstore, because we use the built-in VPN of this Smartphone To use we can enter in the settings section of our smartphone. here we try to find the VPN menu it's in the "Connections and Sharing" section we look for the VPN menu, and in this VPN menu we add a new before adding, I will provide additional information for the type of VPN found in Smartphones of the type before this or the old Android generation there are several types of VPN, not only IKEv2. for the latest Smartphone here other VPNs such as PPTP or L2TP are no longer available. so you have to use an IKEv2 VPN. we create a new one with Name=vpn ipsec office type we select Type=IKEv2/IPsec-PSK here the server address we must enter the Public IP address installed on the office Router we enter here IPsec Identifier parameters we can specify according to taste then in this "IPsec pre-shared key" we enter the password to enter the VPN through this Smartphone we enter the Password or Secret configuration that we have previously created Okay that's right just additional information, when you have a DNS configuration on the Router, you can also enter the address of this server we Apply the configuration and enable we wait, and here we see that his smartphone is connected to the IPsec VPN in his office. okay yes, let's go back, since we are connected we will try the Ping Test or open the IP address of the website from our office. we use Ping Tool but we enter the IP address of the LAN network or laptop in the office we try Ping Okay, we have successfully pinged, then we will also try to access the webserver in the office. we can open it in a Web Browser let's try to enter the server address sometimes there are servers that use Private IP addresses, so when you want to connect, you have to want to connect to a Tunnel or VPN first. Okay, it's successfully connected here that's for the configuration which is quite easy So this method is very helpful when you have needs while outside the office. We may be enjoying our vacation time and we may have work to do. For example, if we need to move folders from the office to our vacation location or take attendance. we can use a feature in MikroTik, namely VPN IPsec IKEv2. There are also tips and tricks when you have a little trouble when trying to use IPsec IKEv2 VPN here you can explore the configuration on the Router in the IPsec section here we can make adjustments in the Profiles Tab or in Proposals but broadly speaking, the configuration is pretty much like that. quite easy indeed and also make sure when you are going to practice it using Public IP, and it is recommended to use Static Public IP when you want to use or try this IKEv2 IPsec configuration You can buy MikroTik Router products on our website citraweb.com or in your favorite Marketplace with the store name "Citraweb". So that was the process of configuring IPsec IKEv2 VPN on a MikroTik Router. Thank you for watching for those of you who have questions, you can put them in the comments column below and if you like our video please click Like and Share to others so that more people know to configure MikroTik. don't forget for those of you who haven't subscribed, please subscribe first. and click the bell so you don't miss our videos Bye.

Transcript for:Panduan Konfigurasi VPN IPsec di MikroTik

Transcript for:
Panduan Konfigurasi VPN IPsec di MikroTik