Securing MikroTik Routers With VPN PPTP Connections A Step-by-Step Guide

Have you ever wondered how to connect a Mikrotik router installed on your premises to an AWS Cloud hosted Mikrotik router using a Site-to-Site VPN connection? Do not worry, we have got you covered!

Setting up a Site-to-Site VPN connection between an On-Premise Mikrotik router and an AWS Cloud Hosted Mikrotik router is not as difficult as it seems. In this article, we will discuss how it can be done in a few simple steps.

Requirements

Before we start, we need to make sure we have everything we need to set up the Site-to-Site VPN connection:

An AWS account with a Cloud Hosted Mikrotik Router CHR instance set up
A Mikrotik Router installed and configured on premises
Basic knowledge of Mikrotik RouterOS commands
Internet connection on both ends
A static IP Address on each end. If you do not have one, a dynamic DNS client can be used on both ends.

Step 1: Configure AWS Cloud hosted route

The first step is to configure the AWS Cloud Hosted Mikrotik Router CHR instance to act as one of the endpoints of the Site-to-Site VPN connection. This can be done by following these steps:

Log in to your AWS Management Console and navigate to the EC2 Dashboard.
Click on the Launch Instance button to create a new instance.
Select the Mikrotik Router CHR instance from the AWS Marketplace and click the Launch button.
Follow the prompts to set up the instance.
Make sure to assign a static IP address to the instance or configure a dynamic DNS client.
Define security groups and networking as per your requirements.

Step 2: Configure On-Premise Mikrotik Router

The next step is to configure the On-Premise Mikrotik Router to act as the other endpoint of the Site-to-Site VPN connection. Follow these steps:

Log in to the Mikrotik Router installed On-Premises using Winbox or SSH.
Configure the WAN interface with a static or dynamic IP address.
Configure a NAT rule to allow traffic flow through the Mikrotik Router.
Create a new IPSec policy that will be used for the Site-to-Site VPN connection.
Create a new IPSec Peer to define the AWS Cloud hosted Mikrotik Router as the remote end of the Site-to-Site VPN connection.
Define a reachable target IP address. If the AWS Mikrotik router has a static IP, use that. Otherwise, use the hostname or dynamic DNS address.
Define the IPSec policy created earlier as the policy for the IPsec Peer.
Define the pre-shared key (PSK) for the connection.
Create a new Firewall rule to allow traffic through the VPN connection.

Step 3: Connect the Mikrotik Routers using Site-to-Site VPN

After successfully configuring both the AWS Cloud hosted Mikrotik Router CHR instance and the On-Premise Mikrotik Router, it is time to establish the Site-to-Site VPN connection. This can be done by following these steps:

Log in to the On-Premise Mikrotik Router using Winbox or SSH.
Test the reachability of the AWS Cloud hosted Mikrotik Router CHR instance by using the Ping command with its IP address or dynamic DNS hostname.
Check the IPSec status on the On-Premise Mikrotik Router to confirm that the connection is established. This can be done by checking Status > IPsec > Peers.
Test the connectivity between the On-Premise Mikrotik Router and the AWS Cloud hosted Mikrotik Router CHR instance by using the Ping command with IP addresses or hostnames on both ends.

Conclusion

Setting up a Site-to-Site VPN connection between an On-Premise Mikrotik Router and an AWS Cloud Hosted Mikrotik Router is relatively simple and can be done in just a few steps. With proper knowledge and understanding of Mikrotik RouterOS commands and AWS Management Console configurations, you can establish a secure, reliable, and affordable VPN connection between your premises and AWS cloud hosting.

If you have any questions or issues with setting up the Site-to-Site VPN connection, do not hesitate to contact us, and we will be happy to assist you.