Dude, what happening to my Windows server?

The successful administration of every server for the great part depends on your capability to have an insight into the server’s daily operations. We may have a general picture about the status of a particular service, like an e-mail or database, and still be missing crucial signs of the improper operations on a daily level.

The simplest way to monitor any server, including Windows servers, is the SNMP monitoring of the essential parameters – CPU load, RAM usage or free disk space. Mikrotik Dude can assist us in this task.

Continue reading

Connecting three sites using IPSec tunnels

So far, we have discussed how to connect the two sites through an IPSec tunnel. Most readers will be satisfied with that, as these scenarios cover most real-life situations. However, we may have a need to interconnect three or more sites using the IPSec tunnels,

Although rare, these scenarios are possible. However, we need to plan everything carefully, as we will need more IPSec policies between routers. Therefore, I will describe here how to connect the “road warrior” users with distant site.

Continue reading

Custom chains in the Mikrotik Firewall

Every network packet that firewall handles can be input, output or forwarded. In relation to this, we have the three predefined chains that handle the entire network traffic. We make a list of rules that allow or block specific traffic.

Over time, our list can grow. At one point, we may have a list with several hundred rules. Mikrotik routers can have a long list, still to operate without problems. However, each netwrok packet must be respectively compared with each rule in the list until it finds appropriate.

Continue reading

Mikrotik device as a L2TP/IPSec client

In the previous post we have shown a Mikrotik router as a L2TP/IPSec server. In this scenario, we are using either Windows clients or mobile devices based on Android or Apple iOS operating systems. Here is a new scenario – we may have a need to use another Mikrotik device as the VPN client.

The most common scenario is that you want to connect a remote network with a main network. Using the L2TP/IPSec VPN connection, you will have in the same time the routable tunnel and the full power of IPSec encryption.

Continue reading

L2TP/IPSec for Road Warriors

In the sixth part of our Mikrotik IPSec series, we will cover the L2TP/IPSec scenario. This scenario is used to support “road warriors”, employees that need to work from home or while on the road.

This scenario is similar in some elements with the previous scenario, when one side is behind a NAT device. The main difference is that we use L2TP as the basic protocol and therefore we need to protect this VPN tunnel without encryption.

Continue reading

Site-to-site IPSec through NAT

In the fifth part of the IPSec series, we will cover the next common scenario in IPSec implementation. We will also be IPSec myth busters. Of course, there will be no spectacular explosions as in the TV show. Nevertheless, we will break the myth that IPSec tunnel cannot pass through the NAT.

Our scenario is very common in the world. We have a larger company, with one or more high-speed Internet links and public IP addresses assigned to them. On the other hand, we have a small company that wants to works almost without spending money. In addition, they want to reduce the operation costs in the wrong places.

Continue reading

Site-to-site IPSec tunnel with NATing host address

In the fourth part of the Mikrotik IPSec series, we will cover the scenario when we need to establish IPSec tunnel between two sites and at the same time to provide an alternative (NAT) address for the host. This scenario brings a new level of mayhem to our scenario.

You can expect such the same scenario whenever you need to work with restricted sites (like banks) or when the address space will not fit in your plans. In such case, you need to assign alternate addresses to the hosts involved in this solution.

Continue reading