Things are simple: when I see my favourite network professional - teacher I hit like and subscribe! Thank you very much for your time and effort.
@nikolashuminosky69872 жыл бұрын
one thing is missing there sniffing the traffic and show us the MTU resoult, before the mangle rule. well done!!
@TheNetworkBerg2 жыл бұрын
IMPORTANT NOTE: If you are planning to use this as your primary VPN server please ensure that you are eligible for the AWS Free tier that gives you 100GB of bandwidth and 750hrs of instance time each month for a year. If you are going to be exceeding those bandwidth limitations please use the AWS pricing calculator (In advanced mode) to see what the potential charges could be if you are someone doing Terabytes of data. Link below: calculator.aws/#/addService/EC2 I highly suggest licensing your CHR if you want to get the best out of it, all details can be found here: wiki.mikrotik.com/wiki/Manual:CHR
@XZIBIT2562 жыл бұрын
Thanks!
@seantellsit14312 жыл бұрын
Ty for the MSS clamping trick!
@Ljuuk Жыл бұрын
Informative ... I was hooked to the whole video !
@ahmadkakarr2 жыл бұрын
Your every video of this new series brings happiness
@DaveFamalam2 жыл бұрын
This was a great tute, both for basic AWS instance controls and Mikrotik CHR - thanks man much appreciated!
@XZIBIT2562 жыл бұрын
Hello, You have done SUCH A GREAT JOB for this video. I really appreciate your effort and time to make this!
@TheNetworkBerg2 жыл бұрын
Thank you very much for your kindness and supporting the channel I appreciate it very much!
@Joshv9182 жыл бұрын
You are amazing man. Learn so much from you
@hiwaamiri9 ай бұрын
Thanks a lot for your awesome videos. In minute 26:40 you mentioned that you can do it with allowed addresses instead of NATing, how that would work if we have more than 1 nodes connected to the client router?
@Anavllama2 жыл бұрын
For whole subnets, worrying about local outgoing traffic, routes, table and routing rules makes sense. Mangling makes sense when you have a group of unconnected IPs (less than a subnet or some from a few subnets).
@CZghost2 жыл бұрын
If AWS has a free tier, then that makes my Discord bot hosting desires to be viable (at least at the start) :D And nice tutorial, I guess I'll try it out with VMware. If it works, then I guess trying it out with AWS will be the next step.
@TheNetworkBerg2 жыл бұрын
Yeah AWS with a discord bot on Free Tier sounds like a solid idea.
@borgeshq11 ай бұрын
Very nice explanations. Could you please show how to use the IPv6 with Wireguard on AWS please?
@mpdroza2 жыл бұрын
great job and thanks for putting this wonderful job out!
@alimibrahem8120 Жыл бұрын
Hello Mr Berg...! very thanksful that's awesom..! so in your last rule that you created what if my wireguard is in windows machine for example is there is a way that i can do the same thing -(how can i change the MSS for it...?
@ezatalhamody93342 жыл бұрын
Great demonstration. In my country some websites are blocked, would you please explain how to get access to those websites through the wireguard VPN tunnel. What I mean if I want to get access to those web sites I go through the VPN tunnel, while the other unblocked websites reach them through the normal routing. Thanks.
@gionag2 жыл бұрын
Please, can you elaborate more on the MSS clamping ? i always done that blindly, but i would like to know once and for all what that do. in my personal experience, i have never seen applied that clamping just to syn... wondering why... thanks :)
@joaoeduardo822 жыл бұрын
Oracle cloud has arm instance eternally free. much easier install wireguard on linux there.
@miankamran80211 күн бұрын
port forwarding is not working on CHR. I have deployed the same as you but port forwarding is not working. Can you please make videos of how to port forward on CHR on AWS?
@Anavllama2 жыл бұрын
During the live comments some chap recommended LightSail, but there is no way I can see to add MT OS to light sail. It only has linux or some derivative and Windows Servers for options ????
@kijokobojong Жыл бұрын
what if via cloudflare tunnel? Can I open Mikrotik via Winbox? If you open the proxy via web based there is no problem
@antoniomax31632 жыл бұрын
can you tell us about Openvpn server? Or how to put containers on chr, and in ovpn containers?
@Anavllama2 жыл бұрын
What about docker-container SNORT for MT router video??
@TheNetworkBerg2 жыл бұрын
That is a very interesting idea, I will try to set this up in a lab sometime soon!
@Anavllama2 жыл бұрын
For Input rules on AWS, do they accept domain names (aka resolve them - thinking using iP cloud name )
@XZIBIT256 Жыл бұрын
Quick question, I have been fiddling this for quick some time and I gotta ask you this. if we want to use our Mobile Wireguard app, is there any option in the settings of the app to give mobile hotspot ips of the subnet we are using to connect? For example i use my phone (road warrior) as a mobile hotspot. I want everyone who connects to my hotspot to be tunneled via wireguard. Is that possible?
@TheNetworkBerg Жыл бұрын
Yes this is possible with various ways, easiest would be to just masquerade traffic from the hotspot range as the WG tunnel IP
@artpietahcreative9356 Жыл бұрын
Is it possible to setup a radius server on chr and use it to authenticate hotspot users in other mikrotik routers?
@Haris013gr2 жыл бұрын
I was wondering, is it possible to configure an CHR instance on cloud and use it as a VPN relay? for example if i have site A (internet behind cgnat) and Site B (internet behind cgnat) and i would like to create a site to site tunnel between A & B, could i use a cloud instance that is not behind cgnat in order to tunnel these 2 sites?
@EvgenyJK Жыл бұрын
Anyone knows how to handle MTU issue on Keenetics? I have Mikrotik set up on AWS as in video and home Keenetics router as a winguard client, is there same setting? I found somewhere and set MTU=1300 on Keenetics - seems like works ok, but would like to use proper solution.
@elrinconurbano2 жыл бұрын
Hi NetworkBerg, Where can I get a L2 Cisco switch image for my eve-ng?
@TheNetworkBerg2 жыл бұрын
You would have to get the images from the vendor directly which means logging into the partner portal for Cisco, if you don't have partner portal access then you might have to ask a friend or colleague to help you out (Otherwise you will have to search on the net, but some sites hosting images can be linked to malware)
@elrinconurbano2 жыл бұрын
@@TheNetworkBerg thank you
@MangoTreeCB Жыл бұрын
Is there any another way to host Mikrotik on cloud or VPN server for free or cheap? Prefer cheap only. AWS is good but there need credit/debit card and auto renewal. So that's the catch I don't want to go there.
@Anavllama2 жыл бұрын
The hardest part of this is finding the applicable AWS selections that allow hosting CHR. Is it Amazon EC2, or Lightsail etc. None of which are obvious on the AWS selections page. Certainly doesnt come up via networking but through 'featured services' .
@antoniomax31632 жыл бұрын
How did you activate the containers? To activate them, you need to hard-turn off or restart the virtual machine from the hoster. In most cases, this is not possible. I was able to do this on my computer, because after activating the command, I just turned off vmware. But the hoster for some reason does not know how. /system/device-mode/update container=yes
@TheNetworkBerg2 жыл бұрын
I didn't do anything with containers, Wireguard runs natively on Rosv7
@CT-Channel44218 күн бұрын
Hi is this can remote access my miktorik in anywhere?
@TheNetworkBerg14 күн бұрын
You could use this to create VPN tunnels to all your MikroTIks and access it from anywhere I suppose.
@leetasfuk9 ай бұрын
Watch the video three times, Followed to a T, ,Still no traffic passing.
@obi-wan_cannotbe2 жыл бұрын
great tutorial! any chance not being lazy and explain marking and routing specific traffic over the tunnel?
@TheNetworkBerg2 жыл бұрын
Could definitely create a video specifically for marking and routing using a similar setup with Wireguard
@antoniomax31632 жыл бұрын
Pls add video,how install sstp service. Full video
@wentzelstaffen1802 жыл бұрын
I found Contabo to be the cheapest hosting service, the latency sucks for South African users though @ 172ms to my server.
@Anavllama2 жыл бұрын
Need more clarity on 1500 issues on bottom end. ??
@dlupascu2 жыл бұрын
Thanks for the video, but 1. Shit - use wireguard\openvpn\etc. installing on EC2 instance (12Months of free tier AWS 750H/M of EC2 it's enough) 2. Licensing ROS CHR it's money + AWS fee for using it 3. Need to create separate SG from ALL to ALL to that cloud router + ROS FW or SG with rules + ROS FW what demonstrates the absurdity of idea It's useful when you do not want things like IGW from AWS... with more functionality and routing firstly but for me it's seems like 50/50. Maybe i'm wrong.
@mfaheem56942 жыл бұрын
Nice
@GiovanniColella Жыл бұрын
please make solution for mikrotik ovpn 2fa authentication 10000 point
@MyAeroMove2 жыл бұрын
AWS will punish you with bandwidth cost. So you'll be very limited with downloads. You might want to assess other CSPs for "free of charge home usage" VPN
@TheNetworkBerg2 жыл бұрын
Hmmmmm I've been trying to figure out exactly what AWS will charge on bandwidth, I know the free tier offers 750hrs of an instance for free (basically a month) and 100GB of bandwidth every month for a year. From the pricing it seems to indicate that they charge between 0,05c and 0,09c per GB to the internet. So depending on how heavily you use the internet these costs will shuffle a lot, if you don't see yourself exceeding 100GB every month over the next year then it's practically free. Though you may be a heavy user doing heavy downloads and trying to stream stuff in 4k which can easily run between 2 - 3 TB a month, in that case you can rack up quite a hefty bill of easily between $200 - $300 USD, I will add the price calculator with a suggestion in the pinned comment and in the video description as well. I'm also going to leave my own instance running over the next month and see what the charges actually look like.
@PaulDickson7 Жыл бұрын
AWS Free Tier is a trap due to bandwidth costs. You might be safer with Linode
@defaultroute2 жыл бұрын
Well done for using AWS and not sullying your good name walking the M$ road. #netscape #novell
@TheNetworkBerg2 жыл бұрын
I won't lie I was a little tempted to demo this on Azure after AWS left a bit of a bitter taste in my mouth where they wanted to interview me for a position but no one showed up to the interview. But I don't hold grudges and the platform itself is great ;D!
@josejuanmalfavoniturralde6462 Жыл бұрын
Hi great videos, i want to connect a wireguard vpn from one site with opublic ip to other site before cgnat, i want to use in the middle a chr vps to bypass the cgnat from starlink and connect susseful the wireguard but i cant do it can i contact you to help?