Implementing Site-to-Site VPNs With MikroTik Routers

Working remotely has become increasingly popular in today's business world, and with that comes the need for secure and reliable virtual private networks (VPNs). One such VPN protocol that has gained popularity over the years is the Secure Socket Tunneling Protocol (SSTP). In this post, we will explore how to configure a site-to-site SSTP VPN between two MikroTik RouterOS devices. We will cover the configuration steps, as well as provide tips and tricks to ensure a successful implementation. Before we dive into the configuration, let's first understand what SSTP is and how it differs from other VPN protocols. ## What is SSTP? SSTP is a VPN protocol that was introduced by Microsoft. It uses Secure Sockets Layer (SSL) to encrypt traffic and provide a secure connection between two devices. One of the benefits of SSTP is that it can bypass firewalls and network restrictions, making it a popular choice for users who need to access restricted resources. SSTP is available on Windows operating systems and can also be configured on other platforms, including MikroTik RouterOS. Now that we understand what SSTP is, let's move on to the configuration steps. ## Step 1: Configure IP Addresses The first step in configuring a site-to-site SSTP VPN is to ensure that both devices have a valid IP address. In this example, we will use the following IP addresses: - MikroTik Router1: 192.168.1.1/24 - MikroTik Router2: 192.168.2.1/24 To configure the IP addresses, follow these steps: 1. Login to MikroTik RouterOS 2. Navigate to IP > Addresses 3. Click on the "+" button to add a new IP address 4. Enter the IP address and subnet mask for each device Once both devices have a valid IP address, we can move on to the next step. ## Step 2: Configure SSTP on MikroTik Router1 The next step is to configure SSTP on the first MikroTik router. Follow these steps to complete the configuration: 1. Navigate to PPP > SSTP Server 2. Click on the "+" button to add a new SSTP server 3. Choose the interface that you will use for the SSTP connection (in this example, we will use the WAN interface) 4. Enter a name for the SSTP server 5. Check the "Enabled" box to enable the SSTP server 6. Enter a valid SSL certificate for the server 7. Choose the IP address that you want to use for the SSTP connection (in this example, we will use the IP address of MikroTik Router1) Once these settings have been configured, we can move on to the next step. ## Step 3: Configure SSTP on MikroTik Router2 The third step is to configure SSTP on the second MikroTik router. Follow these steps to complete the configuration: 1. Navigate to PPP > SSTP Client 2. Click on the "+" button to add a new SSTP client 3. Choose the interface that you will use for the SSTP connection (in this example, we will use the WAN interface) 4. Enter a name for the SSTP client 5. Enter the IP address of the first MikroTik router that you want to connect to (in this example, it is 192.168.1.1) 6. Enter the username and password for the SSTP connection 7. Check the "Enabled" box to enable the SSTP client Once these settings have been configured, we can move on to the next step. ## Step 4: Configure Firewall Rules The fourth and final step in configuring a site-to-site SSTP VPN is to ensure that the necessary Firewall rules are in place. Follow these steps to complete the configuration: 1. Navigate to IP > Firewall 2. Click on the "+" button to add a new Firewall rule 3. Choose the chain and action for the rule (in this example, we will use the input chain and accept action) 4. Enter the IP address of the other MikroTik router 5. Choose the TCP or UDP protocol (in this example, we will use TCP) 6. Enter the SSTP port number (in this example, we will use port 443) 7. Click "OK" to save the Firewall rule Once these settings have been configured, your site-to-site SSTP VPN should be up and running. To test the connection, try to ping the IP address of the other MikroTik router. If the ping is successful, then the connection has been established. ## Tips and Tricks for a Successful Configuration - Make sure that the IP addresses are valid and unique - Use strong SSL certificates for the SSTP servers - Ensure that the firewall rules are correct and in place - Test the connection before deploying the site-to-site VPN in a production environment - Monitor the connection and troubleshoot issues as they arise In conclusion, configuring a site-to-site SSTP VPN between two MikroTik RouterOS devices is a relatively simple process. By following the steps outlined above and using the tips and tricks provided, you can ensure a successful implementation. Good luck and happy networking! implementing site to site vpns on cisco ios routers