Connecting three sites using IPSec tunnels

So far, we have discussed how to connect the two sites through an IPSec tunnel. Most readers will be satisfied with that, as these scenarios cover most real-life situations. However, we may have a need to interconnect three or more sites using the IPSec tunnels,

Although rare, these scenarios are possible. However, we need to plan everything carefully, as we will need more IPSec policies between routers. Therefore, I will describe here how to connect the “road warrior” users with distant site.

Continue reading

NETLOGON event 5807

Recently, I found a lot of NETLOGON warnings in the system log. As I know my network is very clean, I was very curious about this. Every anomaly in my network requires careful examination.

After analysis of the log file, I found the root cause of this warning. Over time, we added some servers in the test network and at the same time added them to the AD domain. However, I omitted to define this subnet range in the AD site structure.

 

Continue reading

Custom chains in the Mikrotik Firewall

Every network packet that firewall handles can be input, output or forwarded. In relation to this, we have the three predefined chains that handle the entire network traffic. We make a list of rules that allow or block specific traffic.

Over time, our list can grow. At one point, we may have a list with several hundred rules. Mikrotik routers can have a long list, still to operate without problems. However, each netwrok packet must be respectively compared with each rule in the list until it finds appropriate.

Continue reading

Enabling Windows features from the command line

Windows Server has available only the basic services after installation. We can enable additional features on request. We may later enable other features, like SNMP service. In addition, sometime we have to do that from a script or command line.

We have a powerful command for such task – DISM. This command can be used with both online Windows folders and offline installation disks.

Continue reading

Mikrotik device as a L2TP/IPSec client

In the previous post we have shown a Mikrotik router as a L2TP/IPSec server. In this scenario, we are using either Windows clients or mobile devices based on Android or Apple iOS operating systems. Here is a new scenario – we may have a need to use another Mikrotik device as the VPN client.

The most common scenario is that you want to connect a remote network with a main network. Using the L2TP/IPSec VPN connection, you will have in the same time the routable tunnel and the full power of IPSec encryption.

Continue reading

L2TP/IPSec for Road Warriors

In the sixth part of our Mikrotik IPSec series, we will cover the L2TP/IPSec scenario. This scenario is used to support “road warriors”, employees that need to work from home or while on the road.

This scenario is similar in some elements with the previous scenario, when one side is behind a NAT device. The main difference is that we use L2TP as the basic protocol and therefore we need to protect this VPN tunnel without encryption.

Continue reading

Updating iOS 10 beta to public version

My iPhone worked fine on the iOS 10 beta 2. Apple advises it won’t work any of the beta versions of any software, except during the test periods. The phone worked fine from my perspective and being lazy; I didn’t want to perform the update.

A couple of weeks ago though, the phone occasionally prompted with the message “A new iOS update is now available. Please update from the iOS 10 beta.”. Finally, over the last few days this prompt appeared every time the device was unlocked. Eventually, I decided to upgrade the iOS to the public version.

Continue reading