MikroTik Site to Site IPSec with RSA certificates

18.07.202008.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, MikroTik, Networking, Security, VPN IPSec, MikroTik, RouterOS 6.40.x IPSec, RouterOS 6.44.x IPSec, RSA certificates, site to site IPSec connection

Today, I will guide you through the configuration process of a Site to Site IPSec tunnel between two MikroTik routers while using RSA certificates instead commonly used Pre-Shared Keys (PSK).

The advantage is clear – even a weakest certificate is stronger than many PSKs used around. The seed value used for all other computations and crypto-keys is longer and consequently the whole communication is more secure. In addition, when it come to the PSK generation process, many people lost their creativity. Continue reading →

How to protect an IP-IP tunnel with IPSec

09.07.202008.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, MikroTik, Networking, Security, VPN Check Gateway option, how to add IP address to any interface, how to configure IP-IP tunnel, how to configure the static route, how to protect IP-IP traffic with IPSec, IP series, IP-IP tunnel over IPSec, MikroTik

In this part of the MikroTik IPSec series, I will discuss about how to use IPSec to protect any other MikroTik tunnel without built-in encryption. I will use in this example an IP-IP tunnel as the reference, but you can apply this method to any other type. I already covered L2TP/IPSec PSK tunnels, as they are different in their nature.

Let’s begin! Continue reading →

MikroTik Site to Site IPSec when one router has a dynamic WAN IP address

06.07.202008.12.2022 Srdjan Stanisic IP, IP-IPSec, IPSec, MikroTik, Networking, Security, VPN a Loopback adapter, MikroTik, one side with dynamic WAN IP, RouterOS 6.44.5 IPSec dialogs, site to site IPSec connection

In this part of the MikroTik IPSec series, I will show you how to establish a Site to Site IPSec tunnel between two routers, when one of them has a dynamic WAN IP address.

This scenario is different than other one described in this article where MikroTik is behind another router, as in this case our MikroTik has a WAN port (like a 3G/4G-LTE or cable modem) with the dynamic IP address, plus there’s a good chance that this address is from the ISP’s private IP address pool.

Even better, in this article I will explain you the concept of a Loopback adapter and how you can use it in situations similar to this one. Let’s begin! Continue reading →

MikroTik and the Rogue DHCP Server

03.09.201918.11.2022 Srdjan Stanisic IP-DHCP, MikroTik, Networking, Scripting, Security DHCP alert, Dude probe, how-to, MikroTik, on-alert script, rogue DHCP detect, RouterOS

Every MikroTik device with the DHCP server service can be used to search your network for any rogue DHCP server. Even better, it can send you an email on such detection. When an alert occurred, you will be informed about the MAC address (and a few more details) of that machine.

You can’t use the MikroTik router to actively block such machine. This is the option that should be implemented on your network switches. Continue reading →

How to export the DHCP leases list in MikroTik RouterOS

05.08.201918.11.2022 Srdjan Stanisic IP-DHCP, MikroTik, Scripting DHCP server, how to export, leases list, MikroTik, RouterOS

In one productional network, I used the MikroTik router also as the DHCP server for their LAN. After a while, the customer decided to move that DHCP to another host. To speed up this process, the customer asked me for the current DHCP leases list.
Continue reading →

MiViLiSNet

MikroTik, virtualisation, Linux, servers, networks and more

IP