Build your own Cloud-Based VPN Server with MikroTik in minutes!

Рет қаралды 25,420

Күн бұрын

Пікірлер: 57

@netrionio1 2 жыл бұрын

Things are simple: when I see my favourite network professional - teacher I hit like and subscribe! Thank you very much for your time and effort.

@nikolashuminosky6987 2 жыл бұрын

one thing is missing there sniffing the traffic and show us the MTU resoult, before the mangle rule. well done!!

@TheNetworkBerg 2 жыл бұрын

IMPORTANT NOTE: If you are planning to use this as your primary VPN server please ensure that you are eligible for the AWS Free tier that gives you 100GB of bandwidth and 750hrs of instance time each month for a year. If you are going to be exceeding those bandwidth limitations please use the AWS pricing calculator (In advanced mode) to see what the potential charges could be if you are someone doing Terabytes of data. Link below: calculator.aws/#/addService/EC2 I highly suggest licensing your CHR if you want to get the best out of it, all details can be found here: wiki.mikrotik.com/wiki/Manual:CHR

@seantellsit1431 2 жыл бұрын

Ty for the MSS clamping trick!

@Ljuuk Жыл бұрын

Informative ... I was hooked to the whole video !

@ahmadkakarr 2 жыл бұрын

Your every video of this new series brings happiness

@Anavllama 2 жыл бұрын

For whole subnets, worrying about local outgoing traffic, routes, table and routing rules makes sense. Mangling makes sense when you have a group of unconnected IPs (less than a subnet or some from a few subnets).

@DaveFamalam 2 жыл бұрын

This was a great tute, both for basic AWS instance controls and Mikrotik CHR - thanks man much appreciated!

@joaoeduardo82 2 жыл бұрын

Oracle cloud has arm instance eternally free. much easier install wireguard on linux there.

@alimibrahem8120 Жыл бұрын

Hello Mr Berg...! very thanksful that's awesom..! so in your last rule that you created what if my wireguard is in windows machine for example is there is a way that i can do the same thing -(how can i change the MSS for it...?

@hiwaamiri 8 ай бұрын

Thanks a lot for your awesome videos. In minute 26:40 you mentioned that you can do it with allowed addresses instead of NATing, how that would work if we have more than 1 nodes connected to the client router?

@XZIBIT256 Жыл бұрын

Hello, You have done SUCH A GREAT JOB for this video. I really appreciate your effort and time to make this!

@TheNetworkBerg Жыл бұрын

Thank you very much for your kindness and supporting the channel I appreciate it very much!

@borgeshq 10 ай бұрын

Very nice explanations. Could you please show how to use the IPv6 with Wireguard on AWS please?

@Joshv918 2 жыл бұрын

You are amazing man. Learn so much from you

@ezatalhamody9334 2 жыл бұрын

Great demonstration. In my country some websites are blocked, would you please explain how to get access to those websites through the wireguard VPN tunnel. What I mean if I want to get access to those web sites I go through the VPN tunnel, while the other unblocked websites reach them through the normal routing. Thanks.

@gionag 2 жыл бұрын

Please, can you elaborate more on the MSS clamping ? i always done that blindly, but i would like to know once and for all what that do. in my personal experience, i have never seen applied that clamping just to syn... wondering why... thanks :)

@CZghost 2 жыл бұрын

If AWS has a free tier, then that makes my Discord bot hosting desires to be viable (at least at the start) :D And nice tutorial, I guess I'll try it out with VMware. If it works, then I guess trying it out with AWS will be the next step.

@TheNetworkBerg 2 жыл бұрын

Yeah AWS with a discord bot on Free Tier sounds like a solid idea.

@mpdroza 2 жыл бұрын

great job and thanks for putting this wonderful job out!

@XZIBIT256 Жыл бұрын

Quick question, I have been fiddling this for quick some time and I gotta ask you this. if we want to use our Mobile Wireguard app, is there any option in the settings of the app to give mobile hotspot ips of the subnet we are using to connect? For example i use my phone (road warrior) as a mobile hotspot. I want everyone who connects to my hotspot to be tunneled via wireguard. Is that possible?

@TheNetworkBerg Жыл бұрын

Yes this is possible with various ways, easiest would be to just masquerade traffic from the hotspot range as the WG tunnel IP

@Anavllama 2 жыл бұрын

What about docker-container SNORT for MT router video??

@TheNetworkBerg 2 жыл бұрын

That is a very interesting idea, I will try to set this up in a lab sometime soon!

@antoniomax3163 2 жыл бұрын

can you tell us about Openvpn server? Or how to put containers on chr, and in ovpn containers?

@Haris013gr 2 жыл бұрын

I was wondering, is it possible to configure an CHR instance on cloud and use it as a VPN relay? for example if i have site A (internet behind cgnat) and Site B (internet behind cgnat) and i would like to create a site to site tunnel between A & B, could i use a cloud instance that is not behind cgnat in order to tunnel these 2 sites?

@Anavllama 2 жыл бұрын

For Input rules on AWS, do they accept domain names (aka resolve them - thinking using iP cloud name )

@obi-wan_cannotbe 2 жыл бұрын

great tutorial! any chance not being lazy and explain marking and routing specific traffic over the tunnel?

@TheNetworkBerg 2 жыл бұрын

Could definitely create a video specifically for marking and routing using a similar setup with Wireguard

@antoniomax3163 2 жыл бұрын

Pls add video,how install sstp service. Full video

@Anavllama 2 жыл бұрын

During the live comments some chap recommended LightSail, but there is no way I can see to add MT OS to light sail. It only has linux or some derivative and Windows Servers for options ????

@kijokobojong Жыл бұрын

what if via cloudflare tunnel? Can I open Mikrotik via Winbox? If you open the proxy via web based there is no problem

@Anavllama 2 жыл бұрын

The hardest part of this is finding the applicable AWS selections that allow hosting CHR. Is it Amazon EC2, or Lightsail etc. None of which are obvious on the AWS selections page. Certainly doesnt come up via networking but through 'featured services' .

@artpietahcreative9356 Жыл бұрын

Is it possible to setup a radius server on chr and use it to authenticate hotspot users in other mikrotik routers?

@EvgenyJK Жыл бұрын

Anyone knows how to handle MTU issue on Keenetics? I have Mikrotik set up on AWS as in video and home Keenetics router as a winguard client, is there same setting? I found somewhere and set MTU=1300 on Keenetics - seems like works ok, but would like to use proper solution.

@wentzelstaffen180 2 жыл бұрын

I found Contabo to be the cheapest hosting service, the latency sucks for South African users though @ 172ms to my server.

@XZIBIT256 Жыл бұрын

Thanks!

@elrinconurbano 2 жыл бұрын

Hi NetworkBerg, Where can I get a L2 Cisco switch image for my eve-ng?

@TheNetworkBerg 2 жыл бұрын

You would have to get the images from the vendor directly which means logging into the partner portal for Cisco, if you don't have partner portal access then you might have to ask a friend or colleague to help you out (Otherwise you will have to search on the net, but some sites hosting images can be linked to malware)

@elrinconurbano 2 жыл бұрын

@@TheNetworkBerg thank you

@dlupascu 2 жыл бұрын

Thanks for the video, but 1. Shit - use wireguard\openvpn\etc. installing on EC2 instance (12Months of free tier AWS 750H/M of EC2 it's enough) 2. Licensing ROS CHR it's money + AWS fee for using it 3. Need to create separate SG from ALL to ALL to that cloud router + ROS FW or SG with rules + ROS FW what demonstrates the absurdity of idea It's useful when you do not want things like IGW from AWS... with more functionality and routing firstly but for me it's seems like 50/50. Maybe i'm wrong.

@MangoTreeCB Жыл бұрын

Is there any another way to host Mikrotik on cloud or VPN server for free or cheap? Prefer cheap only. AWS is good but there need credit/debit card and auto renewal. So that's the catch I don't want to go there.

@leetasfuk 9 ай бұрын

Watch the video three times, Followed to a T, ,Still no traffic passing.

@antoniomax3163 2 жыл бұрын

How did you activate the containers? To activate them, you need to hard-turn off or restart the virtual machine from the hoster. In most cases, this is not possible. I was able to do this on my computer, because after activating the command, I just turned off vmware. But the hoster for some reason does not know how. /system/device-mode/update container=yes

@TheNetworkBerg 2 жыл бұрын

I didn't do anything with containers, Wireguard runs natively on Rosv7

@Anavllama 2 жыл бұрын

Need more clarity on 1500 issues on bottom end. ??

@mfaheem5694 2 жыл бұрын

Nice

@GiovanniColella Жыл бұрын

please make solution for mikrotik ovpn 2fa authentication 10000 point

@defaultroute 2 жыл бұрын

Well done for using AWS and not sullying your good name walking the M$ road. #netscape #novell

@TheNetworkBerg 2 жыл бұрын

I won't lie I was a little tempted to demo this on Azure after AWS left a bit of a bitter taste in my mouth where they wanted to interview me for a position but no one showed up to the interview. But I don't hold grudges and the platform itself is great ;D!

@MyAeroMove 2 жыл бұрын

AWS will punish you with bandwidth cost. So you'll be very limited with downloads. You might want to assess other CSPs for "free of charge home usage" VPN

@TheNetworkBerg 2 жыл бұрын

Hmmmmm I've been trying to figure out exactly what AWS will charge on bandwidth, I know the free tier offers 750hrs of an instance for free (basically a month) and 100GB of bandwidth every month for a year. From the pricing it seems to indicate that they charge between 0,05c and 0,09c per GB to the internet. So depending on how heavily you use the internet these costs will shuffle a lot, if you don't see yourself exceeding 100GB every month over the next year then it's practically free. Though you may be a heavy user doing heavy downloads and trying to stream stuff in 4k which can easily run between 2 - 3 TB a month, in that case you can rack up quite a hefty bill of easily between $200 - $300 USD, I will add the price calculator with a suggestion in the pinned comment and in the video description as well. I'm also going to leave my own instance running over the next month and see what the charges actually look like.

@PaulDickson7 Жыл бұрын

AWS Free Tier is a trap due to bandwidth costs. You might be safer with Linode

@josejuanmalfavoniturralde6462 Жыл бұрын

Hi great videos, i want to connect a wireguard vpn from one site with opublic ip to other site before cgnat, i want to use in the middle a chr vps to bypass the cgnat from starlink and connect susseful the wireguard but i cant do it can i contact you to help?