Archive for the ‘Mikrotik’ Category

Mikrotik et EURO 2016 Championnat d’Europe de Football

mardi, juillet 5th, 2016

Post to Twitter

mikrotik-euro2016

Pourquoi ne pas profiter de l’été pour regarder le championnat d’Europe de football depuis le fond de son jardin ?

Pour cela Mikrotik arrive avec une solution clef en main pour une retransmission de l’événement via une télévision internet.

Les deux Mikrotik établissent une liaison wifi en mode bridge. Le décodeur est rattaché à sa box ADSL via le wifi.

  • Connectez deux Mikrotik en wifi
  • Connectez votre décodeur TV au Mikrotik distant
  • Connectez votre box ADSL au Mikrotik central
  • Profitez du match

Sur le Mikrotik central

Créer un bridge wds-bridge.

mikrotik-wifi-bridge-01

Ajouter les ports ether1 et wlan1 dans le bridge

mikrotik-wifi-bridge-02

mikrotik-wifi-bridge-03

Configurer l’interface wlan1 en mode bridge

mikrotik-wifi-bridge-04

mikrotik-wifi-bridge-05

mikrotik-wifi-bridge-06

Configurer le profil de sécurité pour chiffrer la liaison

mikrotik-wifi-bridge-07

Sur le Mikrotik distant

Créer un bridge wds-bridge.

mikrotik-wifi-bridge-01

Ajouter les ports ether1 et wlan1 dans le bridge

mikrotik-wifi-bridge-02

mikrotik-wifi-bridge-03

Configurer l’interface wlan1 en mode station wds

mikrotik-wifi-bridge-04

mikrotik-wifi-bridge-08

mikrotik-wifi-bridge-09

Configurer le profil de sécurité pour chiffrer la liaison

mikrotik-wifi-bridge-07

Etablissement de la liaison

Interface wireless du Mikrotik Central

mikrotik-wifi-bridge-10

Mikrotik MUM France Paris 2016

vendredi, mai 13th, 2016

Post to Twitter

Le 13 Mai 2016 a eu lieu le premier MUM Mikrotik organisé en France. Il a eu lieu à l’hotel Melia à la Defense à Paris. L’occasion pour Mikrotik de rappeler les derniers produits sortis, ainsi que l’exposé de différentes présentations des acteurs francophones sur les produits Mikrotik.

Alsacecom était présent pour cette occasion. Un événement attendu de longue date et qui prouve si il le fallait que les produits Mikrotik ont un avenir certain, considérant les capacités techniques qu’ils peuvent apporter, et les solutions apportées à nombre de situations techniques rencontrées par les entreprises en terme de réseau, d’infrastructure et d’interconnexion.

En attendant le prochain MUM en France, celui-ci restera dans les annales. Merci à Mikrotik pour cet événement mémorable.

http://mum.mikrotik.com/2016/FR/agenda

Mikrotik MUM Europe 2016 MUMEU16

vendredi, mars 4th, 2016

Post to Twitter

MUMEU16

New Light Head Grid Antenna

Mikrotik User Meeting (MUM) Europe 2016 was on in Ljubljana, Slovenia from the 25th to the 26th of February. Two days of conferences on different topics around Mikrotik products, starting with what’s up with the new products.

Mikrotik released the new Light Head Grid (LHG5), an antenna built into a wireless unit at a very affordable price.

Mikrotik announced also that from now on all Mikrotik products would include free software upgrades for life, and all products would run the same RouterOS software. 

The management software The Dude was also announced to run now on servers as a regular RouterOS package, development has resumed and great new features would come soon.

As always, the Mikrotik MUM was a great time to meet Mikrotik users/fans and get a few goodies on the way

MUMEU16

Dude now running on RouterOS

MUMEU16

New RouterOS Feature : Wireless Repeater

Support of 64bit !

Support of 64bit !

And of course, the goodies...

And of course, the goodies…

Mikrotik RB951-2n le routeur que vous attendiez!

mardi, octobre 16th, 2012

Post to Twitter

Mikrotik sort un nouveau routeur wi-fi, le RB951-2n particulièrement adapté à un petit local d’entreprise (bureau ou agence). Avec cinq ports ethernet à 100Mbps et une antenne wi-fi pouvant fournir jusqu’à 150Mbps de débit, ce routeur convient pour  toute entreprise désirant relier ses agences à Internet et en réseau via des VPN, tout en fournissant un service local d’accès sans fil. Fonctionnant avec le firmware routerOS, ce routeur est facilement manageable via une interface web, un accès telnet ou ssh,  ou avec le logiciel gratuit Winbox de Mikrotik.

http://alsacecom.fr/go/rb951-2n

Mikrotik RouterOS Site-to-Site configuration for Peers with Dynamic IP

jeudi, mai 24th, 2012

Post to Twitter

Source: This solution is based on the following post : http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_DNSoMatic.com_behind_NAT

Overview:
In case you need to implement a Site-to-Site VPN link between two sites that are connected to the Internet only via dynamic IP address, you need to resolve two issues for each site:

  1. monitor the other peer public IP address so you can catch that it has changed
  2. monitor your own public IP address so you can reset the encrypted keys and re-establish the tunnel

Design:

Details:

The two issues are resolved by using two scripts that run every minute on each RouterOS.

  • first script checks the other peer public IP address with a DNS name resolution and it compares the result with the old IP address. If it has changed, than it modifies the RouterOS configuration by changing the ipsec peer IP address.
  • second script checks the site public IP address by using an http request to checkip.dyndns.org and compares the result with the old IP address. If it has changed, than it resets the ipsec connections in order to re-establish the vpn tunnel.

IP Configuration:

Router1

/ip address
add address=10.0.3.1/24 comment=interco disabled=no interface=ether1 network=10.0.3.0
add address=192.168.1.1/24 comment=HQ disabled=no interface=ether2 network=192.168.1.0

Router2

/ip address
add address=10.0.4.1/24 comment=interco disabled=no interface=ether1 network=10.0.4.0
add address=192.168.2.1/24 comment=Factory disabled=no interface=ether2 network=192.168.2.0

IPSec Configuration:

Router 1:

/ip ipsec peer
add address=10.0.2.1/32 auth-method=pre-shared-key dh-group=modp1024 disabled=no \
   dpd-interval=disable-dpd dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main \
   generate-policy=no hash-algorithm=md5 lifebytes=0 lifetime=1d my-id-user-fqdn="" \
   nat-traversal=yes port=500 proposal-check=obey secret=mysecret send-initial-contact=yes

/ip ipsec policy
add action=encrypt disabled=no dst-address=192.168.2.0/24 dst-port=any ipsec-protocols=esp \
   level=require priority=0 proposal=default protocol=all sa-dst-address=10.0.2.1 \
   sa-src-address=10.0.3.1 src-address=192.168.1.0/24 src-port=any tunnel=yes

Router2:

/ip ipsec peer
add address=10.0.1.1/32 auth-method=pre-shared-key dh-group=modp1024 disabled=no \
   dpd-interval=2m dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main \
   generate-policy=no hash-algorithm=md5 lifebytes=0 lifetime=1d my-id-user-fqdn="" \
   nat-traversal=yes port=500 proposal-check=obey secret=mysecret send-initial-contact=yes

/ip ipsec policy
add action=encrypt disabled=no dst-address=192.168.1.0/24 dst-port=any ipsec-protocols=esp \
   level=require priority=0 proposal=default protocol=all sa-dst-address=10.0.1.1 \
   sa-src-address=10.0.4.1 src-address=192.168.2.0/24 src-port=any tunnel=yes

Script Configuration:

Router1:

The following script checks if the Factory public IP address has changed, and if so, modifies the configuration in order to re-establish the vpn tunnel.

/system script
add name=checkmypeer-router-update policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
 \n:global currentpeerip [:resolve router2.alsacecom.fr]\r\
 \n:global previouspeerip\r\
 \n:if (\$currentpeerip != \$previouspeerip) do={\r\
 \n:log info \"CHECKPEERIP: Update required \$currentpeerip\"\r\
 \n:set previouspeerip \$currentpeerip\r\
 \n/ip ipsec policy set 0 sa-dst-address=\$currentpeerip sa-src-address=10.0.3.1\r\
 \n/ip ipsec peer set 0 address=\"\$currentpeerip/32\" port=500\r\
 \n/ip ipsec remote-peers kill-connections\r\
 \n}"

The following script checks if the HQ public IP address has changed, and if so, resets the ipsec keys in order to re-establish the vpn tunnel.

/system script
add name=checkmyip-router-update policy=\
 ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
 \n:global previousmyip\r\
 \n# Print values for debug\r\
 \n# get the current IP address from the internet (in case of double-nat)\r\
 \n/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" url=\"http://checkip.dyndns.org/dyndns.checkip.html\"\r\
 \n:local result [/file get dyndns.checkip.html contents]\r\
 \n# parse the current IP result\r\
 \n:local resultLen [:len \$result]\r\
 \n:local startLoc [:find \$result \": \" -1]\r\
 \n:set startLoc (\$startLoc + 2)\r\
 \n:local endLoc [:find \$result \"</body>\" -1]\r\
 \n:global currentmyip [:pick \$result \$startLoc \$endLoc]\r\
 \n:if (\$currentmyip != \$previousmyip) do={\r\
 \n:set previousmyip \$currentmyip\r\
 \n:log info \"CHECKMYIP: Update required \$currentmyip\"\r\
 \n/ip ipsec remote-peers kill-connections\r\
 \n}"

Each script then runs every minute:

/system scheduler
add comment="" disabled=no interval=1m name=checkmypeer-schedule on-event=\
   "checkmypeer-router-update" policy=\
   ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive \
   start-date=jan/01/1970 start-time=00:00:01

/system scheduler
add comment="" disabled=no interval=1m name=checkmyip-schedule on-event=checkmyip-router-update \
   start-date=jan/01/1970 start-time=00:00:01

Router2:

The following script checks if the HQ public IP address has changed, and if so, modifies the configuration in order to re-establish the vpn tunnel.

/system script
add name=checkmypeer-router-update policy=\
  ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
  \n:global currentpeerip [:resolve router1.alsacecom.fr]\r\
  \n:global previouspeerip\r\
  \n:if (\$currentpeerip != \$previouspeerip) do={\r\
  \n:log info \"CHECKPEERIP: Update required \$currentpeerip\"\r\
  \n:set previouspeerip \$currentpeerip\r\
  \n/ip ipsec policy set 0 sa-dst-address=\$currentpeerip sa-src-address=10.0.4.1\r\
  \n/ip ipsec peer set 0 address=\"\$currentpeerip/32\" port=500\r\
  \n/ip ipsec remote-peers kill-connections\r\
  \n}"

The following script checks if the Factory public IP address has changed, and if so, resets the ipsec keys in order to re-establish the vpn tunnel.

/system script
add name=checkmyip-router-update policy=\
  ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive source="\
  \n:global previousmyip\r\
  \n# Print values for debug\r\
  \n# get the current IP address from the internet (in case of double-nat)\r\
  \n/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" url=\"http://checkip.dyndns.org/dyndns.checkip.html\"\r\
  \n:local result [/file get dyndns.checkip.html contents]\r\
  \n# parse the current IP result\r\
  \n:local resultLen [:len \$result]\r\
  \n:local startLoc [:find \$result \": \" -1]\r\
  \n:set startLoc (\$startLoc + 2)\r\
  \n:local endLoc [:find \$result \"</body>\" -1]\r\
  \n:global currentmyip [:pick \$result \$startLoc \$endLoc]\r\
  \n:if (\$currentmyip != \$previousmyip) do={\r\
  \n:set previousmyip \$currentmyip\r\
  \n:log info \"CHECKMYIP: Update required \$currentmyip\"\r\
  \n/ip ipsec remote-peers kill-connections\r\
  \n}"

Each script then runs every minute:

/system scheduler
add comment="" disabled=no interval=1m name=checkmypeer-schedule on-event=\
   "checkmypeer-router-update" policy=\
   ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive \
   start-date=jan/01/1970 start-time=00:00:01

/system scheduler
add comment="" disabled=no interval=1m name=checkmyip-schedule on-event=checkmyip-router-update \
   start-date=jan/01/1970 start-time=00:00:01
/ip ipsec peer
add address=10.0.1.1/32 auth-method=pre-shared-key dh-group=modp1024 disabled=no dpd-interval=2m \
   dpd-maximum-failures=5 enc-algorithm=3des exchange-mode=main generate-policy=no hash-algorithm=md5 \
   lifebytes=0 lifetime=1d my-id-user-fqdn="" nat-traversal=yes port=500 proposal-check=obey secret=test \
   send-initial-contact=yes