Scribd
Upload
213 views31 pages

Mikrotik VPN For Widows Domain Remote Users

The document discusses setting up a Mikrotik VPN server for remote access to a Windows domain network. It includes configuring a Windows 2012 server with Active Directory and Network Policy Server, setting up the Mikrotik router as an L2TP/IPSec VPN edge with RADIUS authentication, and configuring Windows clients to connect via L2TP/IPSec VPN using their domain credentials.

Uploaded by

innovativekalu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
213 views31 pages

Mikrotik VPN For Widows Domain Remote Users

The document discusses setting up a Mikrotik VPN server for remote access to a Windows domain network. It includes configuring a Windows 2012 server with Active Directory and Network Policy Server, setting up the Mikrotik router as an L2TP/IPSec VPN edge with RADIUS authentication, and configuring Windows clients to connect via L2TP/IPSec VPN using their domain credentials.

Uploaded by

innovativekalu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Mikrotik VPN for

windows domain
Remote users
MUM 2016 LEBANON-BEIRUT
By: Eng. Afif Darwich

About Me

Afif Ahmad Darwich

MTCNA, MTCRE, MTCWE,


MTCTCE, MTCINE

Mikrotik Academy Trainer

Cisco, Microsoft, Linux

Ehorizon Cofounder 2014

Tamkeen Vocational Institute


Executive Manager 2016

Contents

Introduction

Windows Network Policy Server setup

Mikrotik VPN server configuration

Windows VPN client Configuration

Network Diagram
Mikrotik
Internet
192.168.100.1

10.1.1.1

AD/NPS
192.168.100.10

192.168.100.1/24

Network Resources

192.168.200.10

Setup and roles

Windows server 2012:

Active directory

DNS

NPS

Mikrotik Router

L2TP/IPSEC VPN Edge

RADIUS client

Windows Client

L2TP/IPSEC VPN client

Windows domain user

Benefits
One centralized User Authentication database.
No need to create PPP secrets on Mikrotik
Users will use their windows credentials to
connect to VPN and Active directory
Group policy will be applied to connected users
Remote users will get benefit of all network
resources
Securing remote user connection using good
security standards

Windows server 2012 Configuration

Same secret to be
Set on mikrotik Radius configuration

5
3

Make sure the user is member of


the groups allowed to connect

Mikrotik Router Configuration

Create IP pool

Create a PPP profile

L2TP/IPSEC VPN server

Firewall Configuration
/ip firewall filter

add chain=input protocol=udp port=1701,500,4500


add chain=input protocol=ipsec-esp

Windows VPN client configuration

Same pershared key on mikrotik

Verify / test

Verify / test

Thank you

You might also like