Ok, for starters you would have to download ISRG ROOT X1 and R10 and R11 as .pem, add them to the router's files ajd import them
After that, you would create an IPsec profile and proposal:
Next, you would configure a policy group and a policy template for the traffic to be sent over the tunnel:
Following, you add a mode configuration which would be later set to forward the desired traffic through the VPN:
Further, you would add a peer and an identity - the most important parts; because in peer you add the address/DNS of the server you connect to and in identity the username and password:
Lastly, after all this is done, you would need to consider traffic from which subnets should be sent over the tunnel by adding them in a firewall address list and adding the list itself in the mode-config settings:
FYI, the structure of my answer is based on the following article from the MikroTik Docs where there are more detailed explanations but for another VPN vendor:
https://help.mikrotik.com/docs/spaces/R ... d+RouterOS
Code:
/certificateimport isrgrootx1.pemimport r10.pemimport r11.pemCode:
/ip ipsec profileadd name=TheSafety_VPN/ip ipsec proposaladd name=TheSafety_VPN pfs-group=noneCode:
/ip ipsec policy groupadd name=TheSafety_VPN/ip ipsec policyadd dst-address=0.0.0.0/0 group=TheSafety_VPN proposal=TheSafety_VPN src-address=0.0.0.0/0 template=yesCode:
/ip ipsec mode-configadd name=TheSafety_VPN responder=noCode:
/ip ipsec peeradd address=lou.msfcsi.com exchange-mode=ike2 name=TheSafety_VPN profile=TheSafety_VPN/ip ipsec identityadd auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=TheSafety_VPN peer=TheSafety_VPN policy-template-group=TheSafety_VPN username=myvpn password=myvpnCode:
/ip firewall address-listadd address=a.b.c.0/24 list=thr_VPN/ip ipsec mode-configset [ find name=TheSafety_VPN ] src-address-list=thr_VPNhttps://help.mikrotik.com/docs/spaces/R ... d+RouterOS
Statistics: Posted by TheCat12 — Tue Dec 31, 2024 1:09 pm