Windows XP has PPPoE client installed by default VRProService Co.,Ltd. Most operating systems have PPPoE client software.
22Ģ3 PPPoE tunnels PPPoE works in OSI 2nd (data link) layer PPPoE is used to hand out IP addresses to clients based on the user authentication PPPoE requires a dedicated access concentrator (server), which PPPoE clients connect to. 21Ģ2 User Access Control Controlling the Hardware Static IP and ARP entries DHCP for assigning IP addresses and managing ARP entries Controlling the Users PPPoE requires PPPoE client configuration HotSpot redirects client request to the sign-up page PPTP requires PPTP client configuration VRProService Co.,Ltd. 20Ģ1 Optional: Advanced VPN Lab Restore system backup (slide 12) Create secure L2TP tunnel with your neighbor Create EoIP tunnel over the L2TP tunnel Bridge your networks together! VRProService Co.,Ltd. 19Ģ0 PPTP Server Lab Create a PPTP server Create one user in PPP Secret Configure your laptop to connect to your PPTP server Make necessary adjustments to access the Internet via the tunnel Create PPP Profile for the router to use encryption Configure PPTP-client on the laptop accordingly VRProService Co.,Ltd. 16ġ9 Creating PPTP/L2TP server VRProService Co.,Ltd. 15ġ6 L2TP Tunnels PPTP and L2TP have mostly the same functionality L2TP traffic uses UDP port 1701 only for link establishment, further traffic is using any available UDP port L2TP don't have problems with NATed clients it don't required NAT helpers Configuration of the both tunnels are identical in RouterOS VRProService Co.,Ltd. 13ġ4 P P TP a n d L 2 TP Point-to-Point Tunnelling Protocol and Layer 2 Tunnelling Protocol VRProService Co.,Ltd.ġ5 PPTP Tunnels PPTP uses TCP port 1723 and IP protocol 47/ GRE There is a PPTP-server and PPTP-clients PPTP clients are available for and/or included in almost all OS You must use PPTP and GRE NAT helpers to connect to any public PPTP server from your private masqueraded network VRProService Co.,Ltd. 12ġ3 Change TCP MSS Big 1500 byte packets have problems going trought the tunnels because: Standard Ethernet MTU is 1500 bytes PPTP and L2TP tunnel MTU is 1460 bytes PPPOE tunnel MTU is 1488 bytes By enabling change TCP MSS option, dynamic mangle rule will be created for each active user to ensure right size of TCP packets, so they will be able to go through the tunnel VRProService Co.,Ltd. 7ġ2 Dynamic address-list It is also possible to implement custom QoS structures Every time new user connects RouterOS will create new address-list entry Address-list then can be utilized by mange facility for packet marking. 6ħ PPP Secret PPP secret (aka local PPP user database) stores PPP user access records Make notice that user passwords are displayed in the plain text anyone who has access to the router are able to see all passwords It is possible to assign specific /32 address to both ends of the PPTP tunnel for this user Settings in /ppp secret user database override corresponding /ppp profile settings VRProService Co.,Ltd.
4ĥ L o c a l Use r D a t a b a s e PPP Profile, PPP Secret VRProService Co.,Ltd.Ħ Point-to-Point protocol tunnels A little bit sophisticated in configuration Capable of authentication and data encryption Such tunnels are: PPPoE (Point-to-Point Protocol over Ethernet) PPTP (Point-to-Point Tunneling Protocol) L2TP (Layer 2 Tunneling Protocol) You should create user information before creating any tunnels VRProService Co.,Ltd. 3Ĥ Point-to-Point Protocols PPTP, PPPoE, L2TP, BCP, MLPPP, MRRU, Interface routing, Dynamic address-lists, Dynamic simple queues VRProService Co.,Ltd.
Example: 00_Janis Upgrade your router to the latest Mikrotik RouterOS version 3.x Upgrade your Winbox loader version Set up NTP client use as server Create a configuration backup and copy it to the laptop (it will be default configuration) VRProService Co.,Ltd. 3 Class setup Lab (cont.) Set system identity of the board and wireless radio name to XY_.