Build your own Cloud-Based VPN Server with MikroTik in minutes!
ฝัง
- เผยแพร่เมื่อ 1 ก.ค. 2024
- In this video, I'm going to show you how to easily set up a cloud-based VPN server with MikroTik in minutes!
If you're looking for a way to protect your privacy and secure your online traffic, then this video is for you! By following along, you'll be able to setup a cloud-based VPN server with MikroTik in minutes, providing you with enhanced security and privacy when browsing the internet. This is an easy tutorial that anyone can follow, so be sure to check it out!
IMPORTANT NOTE:
If you are planning to use this as your primary VPN server please ensure that you are eligible for the AWS Free tier that gives you 100GB of bandwidth and 750hrs of instance time each month for a year. If you are going to be exceeding those bandwidth limitations please use the AWS pricing calculator (In advanced mode) to see what the potential charges could be if you are someone doing Terabytes of data. Link below:
calculator.aws/#/addService/EC2
👊Thanks for taking time to watch my video. If you could, pressing LIKE and SUBSCRIBING helps with TH-cam's algorithm so that more people can discover my videos. Feel free to leave a comment for any other topics you would like to see me cover or what your general opinion is of the video.
🕘Timestamps🕘
📕00:00 - Introduction
📕01:18 - Configuring the Instance (VM)
📕10:04 - AWS CHR Config
📕12:02 - Explaining Licensing
📕14:37 - AWS Security Rules
📕16:38 - Wireguard Config
📕25:20 - Testing VPN
Support the Channel:
⭐Become a Patreon: / thenetworkberg
⭐Become a TH-cam Member: / @thenetworkberg
Social Media:
🌏 / thenetworkberg
🌏 / bergnetwork
🌏 / the-network-berg-39451...
MTCRE Playlist:
• Free MTCRE RoSv6
MTCNA Playlist:
• Free MTCNA RoSv6
Thanks again for watching
Things are simple: when I see my favourite network professional - teacher I hit like and subscribe! Thank you very much for your time and effort.
one thing is missing there
sniffing the traffic and show us the MTU resoult, before the mangle rule. well done!!
This was a great tute, both for basic AWS instance controls and Mikrotik CHR - thanks man much appreciated!
Your every video of this new series brings happiness
IMPORTANT NOTE:
If you are planning to use this as your primary VPN server please ensure that you are eligible for the AWS Free tier that gives you 100GB of bandwidth and 750hrs of instance time each month for a year. If you are going to be exceeding those bandwidth limitations please use the AWS pricing calculator (In advanced mode) to see what the potential charges could be if you are someone doing Terabytes of data. Link below:
calculator.aws/#/addService/EC2
I highly suggest licensing your CHR if you want to get the best out of it, all details can be found here:
wiki.mikrotik.com/wiki/Manual:CHR
Informative ... I was hooked to the whole video !
great job and thanks for putting this wonderful job out!
You are amazing man. Learn so much from you
Ty for the MSS clamping trick!
For whole subnets, worrying about local outgoing traffic, routes, table and routing rules makes sense. Mangling makes sense when you have a group of unconnected IPs (less than a subnet or some from a few subnets).
Hello,
You have done SUCH A GREAT JOB for this video.
I really appreciate your effort and time to make this!
Thank you very much for your kindness and supporting the channel I appreciate it very much!
Thanks!
Very nice explanations. Could you please show how to use the IPv6 with Wireguard on AWS please?
Thanks a lot for your awesome videos.
In minute 26:40 you mentioned that you can do it with allowed addresses instead of NATing, how that would work if we have more than 1 nodes connected to the client router?
Oracle cloud has arm instance eternally free. much easier install wireguard on linux there.
Hello Mr Berg...! very thanksful that's awesom..! so in your last rule that you created what if my wireguard is in windows machine for example is there is a way that i can do the same thing -(how can i change the MSS for it...?
Great demonstration.
In my country some websites are blocked, would you please explain how to get access to those websites through the wireguard VPN tunnel.
What I mean if I want to get access to those web sites I go through the VPN tunnel, while the other unblocked websites reach them through the normal routing.
Thanks.
If AWS has a free tier, then that makes my Discord bot hosting desires to be viable (at least at the start) :D And nice tutorial, I guess I'll try it out with VMware. If it works, then I guess trying it out with AWS will be the next step.
Yeah AWS with a discord bot on Free Tier sounds like a solid idea.
Please, can you elaborate more on the MSS clamping ? i always done that blindly, but i would like to know once and for all what that do.
in my personal experience, i have never seen applied that clamping just to syn... wondering why...
thanks :)
Nice
can you tell us about Openvpn server? Or how to put containers on chr, and in ovpn containers?
The hardest part of this is finding the applicable AWS selections that allow hosting CHR. Is it Amazon EC2, or Lightsail etc. None of which are obvious on the AWS selections page. Certainly doesnt come up via networking but through 'featured services' .
For Input rules on AWS, do they accept domain names (aka resolve them - thinking using iP cloud name )
I was wondering, is it possible to configure an CHR instance on cloud and use it as a VPN relay? for example if i have site A (internet behind cgnat) and Site B (internet behind cgnat) and i would like to create a site to site tunnel between A & B, could i use a cloud instance that is not behind cgnat in order to tunnel these 2 sites?
During the live comments some chap recommended LightSail, but there is no way I can see to add MT OS to light sail. It only has linux or some derivative and Windows Servers for options ????
Is it possible to setup a radius server on chr and use it to authenticate hotspot users in other mikrotik routers?
Anyone knows how to handle MTU issue on Keenetics? I have Mikrotik set up on AWS as in video and home Keenetics router as a winguard client, is there same setting? I found somewhere and set MTU=1300 on Keenetics - seems like works ok, but would like to use proper solution.
what if via cloudflare tunnel?
Can I open Mikrotik via Winbox?
If you open the proxy via web based there is no problem
Pls add video,how install sstp service. Full video
Quick question, I have been fiddling this for quick some time and I gotta ask you this. if we want to use our Mobile Wireguard app, is there any option in the settings of the app to give mobile hotspot ips of the subnet we are using to connect?
For example i use my phone (road warrior) as a mobile hotspot. I want everyone who connects to my hotspot to be tunneled via wireguard. Is that possible?
Yes this is possible with various ways, easiest would be to just masquerade traffic from the hotspot range as the WG tunnel IP
great tutorial! any chance not being lazy and explain marking and routing specific traffic over the tunnel?
Could definitely create a video specifically for marking and routing using a similar setup with Wireguard
I found Contabo to be the cheapest hosting service, the latency sucks for South African users though @ 172ms to my server.
Is there any another way to host Mikrotik on cloud or VPN server for free or cheap? Prefer cheap only. AWS is good but there need credit/debit card and auto renewal. So that's the catch I don't want to go there.
Watch the video three times, Followed to a T, ,Still no traffic passing.
What about docker-container SNORT for MT router video??
That is a very interesting idea, I will try to set this up in a lab sometime soon!
How did you activate the containers? To activate them, you need to hard-turn off or restart the virtual machine from the hoster. In most cases, this is not possible. I was able to do this on my computer, because after activating the command, I just turned off vmware. But the hoster for some reason does not know how.
/system/device-mode/update container=yes
I didn't do anything with containers, Wireguard runs natively on Rosv7
Hi NetworkBerg, Where can I get a L2 Cisco switch image for my eve-ng?
You would have to get the images from the vendor directly which means logging into the partner portal for Cisco, if you don't have partner portal access then you might have to ask a friend or colleague to help you out (Otherwise you will have to search on the net, but some sites hosting images can be linked to malware)
@@TheNetworkBerg thank you
Need more clarity on 1500 issues on bottom end. ??
Thanks for the video, but
1. Shit - use wireguard\openvpn\etc. installing on EC2 instance (12Months of free tier AWS 750H/M of EC2 it's enough)
2. Licensing ROS CHR it's money + AWS fee for using it
3. Need to create separate SG from ALL to ALL to that cloud router + ROS FW or SG with rules + ROS FW what demonstrates the absurdity of idea
It's useful when you do not want things like IGW from AWS... with more functionality and routing firstly but for me it's seems like 50/50.
Maybe i'm wrong.
Well done for using AWS and not sullying your good name walking the M$ road. #netscape #novell
I won't lie I was a little tempted to demo this on Azure after AWS left a bit of a bitter taste in my mouth where they wanted to interview me for a position but no one showed up to the interview. But I don't hold grudges and the platform itself is great ;D!
please make solution for mikrotik ovpn 2fa authentication 10000 point
AWS will punish you with bandwidth cost. So you'll be very limited with downloads.
You might want to assess other CSPs for "free of charge home usage" VPN
Hmmmmm I've been trying to figure out exactly what AWS will charge on bandwidth, I know the free tier offers 750hrs of an instance for free (basically a month) and 100GB of bandwidth every month for a year. From the pricing it seems to indicate that they charge between 0,05c and 0,09c per GB to the internet. So depending on how heavily you use the internet these costs will shuffle a lot, if you don't see yourself exceeding 100GB every month over the next year then it's practically free.
Though you may be a heavy user doing heavy downloads and trying to stream stuff in 4k which can easily run between 2 - 3 TB a month, in that case you can rack up quite a hefty bill of easily between $200 - $300 USD, I will add the price calculator with a suggestion in the pinned comment and in the video description as well. I'm also going to leave my own instance running over the next month and see what the charges actually look like.
AWS Free Tier is a trap due to bandwidth costs. You might be safer with Linode
Hi great videos, i want to connect a wireguard vpn from one site with opublic ip to other site before cgnat, i want to use in the middle a chr vps to bypass the cgnat from starlink and connect susseful the wireguard but i cant do it can i contact you to help?