Compilation of Computer Benefits, Lan - Wifi Solution, Synthesis of Technology Solutions, Tech News

Instructions for configuring the VPN connection between MIKROTIK Router and DRAYTEK Router

Posted on by CCTV IT
15
Jul

Mikrotik and Draytek routers are widely used by offices, businesses, factories because of their stability and quality. Below Mikrotik Vietnam would like to introduce instructions on how to configure the connection between 2 Mikrotik and Draytek devices to connect between branches with each other, or with the center

1. Connect 2 LANs via 2 routers using GRE tunnel.

– System analysis:

Our customers regularly exchange data between 2 LANs at each branch. With the requirement of not requiring high data encryption, we need to build a method of connecting 2 LANs over the Internet environment.

– Our customers regularly exchange data between 2 LANs at each branch. With the requirement of not requiring high data encryption, we need to build a method of connecting 2 LANs over the Internet environment.

We find that connecting LANs using Tunnel will be the best, so GRE Tunnel will be built between 2 branches.

Why Choose Tunnel & VPN?

In fact, a tunnel is a tunnel used to connect remote LANs over the Internet; while VPNs are heavily used in the model of connecting individual devices from the outside to the internal network, which has stronger protection mechanisms. Today, Tunnel has IPSec protection, so data exchanged back and forth on the tunnel is highly secure. Mikrotik router supports all 3 different tunnels, including: EoIP Tunnel, IP Tunnel, GRE Tunnel.

What are the 3 steps to set up the tunnel?

  • Initiate tunnel connections at 2 branches.
  • Assign IP to the tunnel point
  • Directions to LANs in 2 branches.

Connection GRE tunnel diagram.

At Router Mikrotik, we initiate a tunnel connection back to the Draytek router.
At the Interfaces menu – GRE tunnel

Remote Address: The WAN IP address of the Dalekek router.

Name: Tunnel

Name! The Mikrotik router doesn’t need a Local Address entry, so we don’t need to enter it.

In the next step, we assign the tunnel IP to the connection “Mikrotik >> Draytek” just initialized above, via the IP – Address Menu.
Mikrotik tunnel IP score: 172.16.1.1

At the Draytek Router, we assign the tunnel point IP as 172.16.1.2
Finally, we show the way to the Draytek side LAN (192.168.10.0/24) on the Mikrotik router, by going through the IP Menu – Routes.

Complete at Router Mikrotik.

At Router Draytek, we navigate to the VPN and Remote Access Menu, and select the LAN to LAN tab.
Then we initiate a remote connection, for example select item 1.

Note !
With the current Draytek router, we can initiate up to 32 connections to different LANs at each branch. And we select item 1 to initiate a connection to the branch with the Mikrotik router.

The information that we will have to include in this section.

We check the box Enable this Profiles.
Tunnel Mode: GRE tunnel
in section 4. GRE Setting:

My GRE IP: IP this head tunnel point (Draytek Tunnel IP).
Peer GRE IP: IP tunnel point other end (IP Tunnel Mikrotik).

Note!

Because the security of tunneling over IPSec on Draytek routers is a little different, we will enable Enable IPSec Dial-out… for subsequent network models later.

In section 5. TCP/IP Network Settings:

My WAN IP: WAN IP address of Router Draytek
Remote Gateway IP: WAN IP address of Router MikrotikRemote Network: LAN of Router Mikrotik
Remote Network Mask: Subnet Mask of the LAN on the Mikrotik router.
Local Network IP: The LAN of the Drakartek router.
Local Network Mask: Subnet Mask of the LAN on the Draytek router.

Finally, we confirm the information just entered on the Router Draytek.

Click OK to save the information.

Finish the installation process on the Draytek router.

At Router Mikrotik, we monitor the information at the GRE Tunnel tab.

At Router Draytek, we track information at the Connection Management tab.

2. Connect 2 LANs via 2 Routers via PPTP VPN.

With the requirement of not requiring high data encryption, this time we need to build a method of connecting 2 LANs over the Internet environment through the PPTP VPN method.

Methods of implementation::

Due to the characteristics of PPTP VPNs, it requires a router to always run the service (like the server) and other routers and devices to connect (like the client).
In this situation,
 
We use Draytek Router PPTP server.
We use Mikrotik routers and other client devices.
At Router Draytek.
We go into the VPN & Remote Access Menu > LAN to LAN and select item 1.

Under Profile Index: 1 and 2. Dial-Out Settings

Since the Draytek router acts as a PPTP server, we will select Dial-in (listen for connections from outside the Internet). VPN Dial-Out Through: WAN 1 First to use WAN 1 as an Internet path to listen for PPTP connections from outside the Internet.

 
In section 3. In Dial-In Settings, we enable PPTP and create an anz/anz account

Note!

The anz/anz account is used to connect the PPTP on the Mikrotik router.
Next, in Section 4. GRE Setting and 5. TCP/IP Network Setting
We will direct the path to the network layer on the Mikrotik router side in the Remote Network IP section with the Remote Network Mask.
The My WAN IP and Remote Gateway IP values we leave to default values

Finish the installation on the Draytek Router.

Cautious!
In the VPN and Remote Access menu > Remote dial-in user.
This card is used when you connect individual devices outside
the Internet to the Draytek network, while LAN to LAN
cards are used to connect LANs over the Internet environment.
Meaning:Remote Dial-In User: Use for single devices connected
to LAN to LAN:
Use for LAN from Internet connection.
 
At Router Mikrotik.
We go to the PPP Menu – Interfaces > Select PPTP Client

Use of information:
– User: anz– Password: anz
– Connect To: 12.13.14.19 – IP address Public Router Draytek.

Finish the installation.
Test the installation.
We use a computer in the LAN Router Mikrotik

and try sending the ping command to test.

3. Connect 2 LANs via 2 Routers via L2TP/IPSec VPN.

After the complexity of implementing a PPTP-style VPN on Draytek, in this situation, we used the Mikrotik Router for installation first.
 
3 steps to install L2TP/IPSec.
  • Initialize the L2TP/IPSec service.
  • Create an account.
  • Check the tunnel (If on).
At Router MikroTIK
First, we open the L2TP service on the Mikrotik router through the PPP > Interfaces menu and select the L2TP Server item.

Tunnel key: ahuAsx09A
The next step, we initialize the IP range to grant devices, by going to the PPP Menu > the Profiles tab and initializing a group.

Then we go back to the Secret card to create an L2TP account,

Finally, we directed the path to LAN 192.168.10.0/24 on the Mikrotik router, using the IP – Routes menu.

Finish installing on the Mikrotik router.
 
At Draytek Router
We select on the VPN and Remote Access menu and select the LAN to LAN tab
 
Note!
LAN to LAN cards are used to connect LANs
The Remote Dial-In User card is used to connect devices
from outside the Internet to the Draytek router.
We select item 1., for example

In section 1. Common Settings.

The VPN connection will go through WAN 1, under VPN Dial-Out Through: WAN 1 First. Mục Call Direction: Dial-Out
 
In section 2. Dial-out setting.

We choose the VPN connection method to the Mikrotik router using L2TP With IPSec Policy.
– L2TP account: anz / anz
– Tunnel key: Pre-Shared Key = ahuAsx09A
– Tunnel security method: IPSec Security Method
 
Cautious!
Most L2TP or IPSec issues fail in this section:
IPSec Security Method
– Due to its unique nature, each row has its own default security methods
. Therefore, if you leave the default value between
routers, there is a possibility of error.
 
A small comparison of defaults in IPSec between Draytek Router and Mikrotik Router.

We will have some consensus in the IPSec settings on the Draytek Router.
IPSec security methods on Draytek Router are implemented by us in Mikrotik Router, by:

Note!

We try to synchronize the authentication & encryption methods on the Draytek Router with the Mikrotik Router.
The IPSec tuner cards in Mikrotik Router belong to the IP Menu – IPSec.
Check.
By default, the L2TP/IPSec pot connection on the Draytek router will not be able to perform automatically. To make this connection, we enter the VPN & Remote Access Menu again > the Connection Management tab. Click Dial to start the connection & click Refresh to view status information.

To maintain these connections continuously, we have 2 ways.
 
Way 1. Calibrate connection information on Draytek Router according to Always on

Way 2. Calibration in the L2TP Server Service on the Mikrotik Router.

Thank you for following cctvit.net article!

 

Leave a Reply

Your email address will not be published. Required fields are marked *