GNS3 VM

Refer to:

https://hk.saowen.com/a/173d18c5e945d28fbba47abb94e70f9707cf8e4aff6ab570eaab94659f9ab7bc
https://www.jianshu.com/p/d4528e5383c5
https://brezular.com/2014/07/09/running-mikrotik-routeros-x86-on-gns3/
https://blog.csdn.net/shile/article/details/49179627
https://blog.csdn.net/hreoghost/article/details/2670492
http://www.360doc.com/content/16/0618/11/1394672_568736798.shtml


MikroTik Router OS VM

After that, add virtual Mikrotik as below

Choose one to download, after downloading import it and then continue to the end.

Diagram as below

Open MikriTik's console,login as admin,no passwd, and set ip address e.g.
eth1 192.168.6.254/24
eth2 192.168.10.254/24

username:admin
passwd:
setup
a
enable interface ether1
ip address/netmask: 192.168.6.254/24
x
enable interface: ether2
ip address/netmask: 192.168.10.254/24
x

Wherein eth1 connect to PC's local loop ethernet,and its ip 192.168.6.2, we can login GUI by WinBox as below on PC.


Secret
routeros


Actual MiKroTik

Reset
Long press key rest, keep; power on ROS(MikroTik RouterOS), wait ACL light up til light off;

Add ip address 192.168.10.1/24

RouterOS IPSec

refer tips:

http://www.rosjb.com/764.html
prj6_1_RouterOS_IPSec
fail...

https://wenku.baidu.com/view/6b0e391a0740be1e650e9a22.html
prj6_21_RouterOS_IPSec success, as below
PC1 ping PC2 OK

#R1
[admin@MikroTik] > export
# aug/25/2018 06:49:02 by RouterOS 6.33.3
# software id =
#
/ip address
add address=192.168.11.11/24 comment="added by setup" interface=ether1 network=192.168.11.0
add address=192.168.89.1/24 comment="added by setup" interface=ether2 network=192.168.89.0
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall nat
add chain=srcnat dst-address=192.168.90.0/24 src-address=192.168.89.0/24
add chain=srcnat
/ip ipsec peer
add address=192.168.11.18/32 nat-traversal=no secret=123456
/ip ipsec policy
add comment=tmz dst-address=192.168.90.0/24 src-address=192.168.89.0/24 template=yes
/ip route
add comment="added by setup" distance=1 gateway=192.168.11.18

#R2
[admin@MikroTik] > export
# aug/25/2018 06:51:11 by RouterOS 6.34
# software id =
#
/ip address
add address=192.168.11.18/24 comment="added by setup" interface=ether1 network=192.168.11.0
add address=192.168.90.1/24 comment="added by setup" interface=ether2 network=192.168.90.0
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall nat
add chain=srcnat dst-address=192.168.89.0/24 src-address=192.168.90.0/24
add chain=srcnat
/ip ipsec peer
add address=192.168.11.11/32 nat-traversal=no secret=123456
/ip ipsec policy
add comment=tmz dst-address=192.168.89.0/24 src-address=192.168.90.0/24 template=yes
/ip route
add comment="added by setup" distance=1 gateway=192.168.11.11

Try2 Prj6_11_RouterOS OK

system->reset

#R1
[admin@MikroTik] > export
# aug/25/2018 07:38:30 by RouterOS 6.33.3
# software id =
#
/ip address
add address=192.168.11.11/24 comment="added by setup" interface=ether1 network=192.168.11.0
add address=192.168.89.1/24 comment="added by setup" interface=ether2 network=192.168.89.0
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall nat
add chain=srcnat dst-address=192.168.90.0/24 src-address=192.168.89.0/24
add action=masquerade chain=srcnat src-address=192.168.89.0/24
/ip ipsec peer
add address=192.168.11.18/32 enc-algorithm=3des secret=yus
/ip ipsec policy
add dst-address=192.168.90.0/24 src-address=192.168.89.0/24 template=yes
/ip route
add distance=1 gateway=192.168.11.18

#R2
[admin@MikroTik] > export
# aug/25/2018 07:38:08 by RouterOS 6.34
# software id =
#
/ip address
add address=192.168.11.18/24 comment="added by setup" interface=ether1 network=192.168.11.0
add address=192.168.90.1/24 comment="added by setup" interface=ether2 network=192.168.90.0
/ip dhcp-client
add disabled=no interface=ether1
/ip firewall nat
add chain=srcnat dst-address=192.168.89.0/24 src-address=192.168.90.0/24
add action=masquerade chain=srcnat src-address=192.168.90.0/24
/ip ipsec peer
add address=192.168.11.11/32 enc-algorithm=3des secret=yus
/ip ipsec policy
add dst-address=192.168.89.0/24 src-address=192.168.90.0/24 template=yes
/ip route
add comment="added by setup" distance=1 gateway=192.168.11.11

Try3 Prj6_3_RouterOS_winPC

L2TP/IPsec connection
Reference

http://www.rosjb.com/764.html


#R1
[admin@MikroTik] > export
# aug/25/2018 09:32:19 by RouterOS 6.33.3
# software id =
#
/ip pool
add name=l2tp ranges=192.168.10.2-192.168.10.254
/ppp profile
set *FFFFFFFE local-address=192.168.10.1 remote-address=l2tp
/interface l2tp-server server
set enabled=yes ipsec-secret=yusong use-ipsec=yes
/ip address
add address=10.200.15.228/24 comment="added by setup" interface=ether1 network=10.200.15.0
/ip dhcp-client
add dhcp-options=hostname,clientid disabled=no interface=ether1
/ip ipsec peer
add address=10.200.15.59/32 enc-algorithm=3des generate-policy=port-strict nat-traversal=no secret=yusong
/ppp secret
add name=123 password=123 profile=default-encryption

WinPC






Also Check on RouterOS:

posted @ 2020-07-12 18:59  HenryCh  阅读(627)  评论(0编辑  收藏  举报