Build an accessible network environment using RouterOS and OpenVPN

RouterOS is a very powerful routing system. With the hardware of MikroTik, you can save a lot of cost and implement superior functions such as routing, multiple upstream lines, multiple wireless transceiver, BGP, and OSPF. You can even set a connection to a specific VPN and use the VPN as the default route across network barriers and support OpenVPN. It can be said that it is a civil-level price, enterprise-level function. Given the high reliance on the latest technology, shooter technology also uses RouterOS as a key component of the network environment. A wireless uplink node WiFi is used at the same time) and a network leased line wired ). Downlink is connected to a Gigabit Switch for intra-network Gigabit communication.

RouterOS features a high level of configuration complexity. First, briefly introduce the configuration points of OpenVPN:
1. Drag the Certificate file to the WinBox file (Files) project.
2. Import the Certificate file you just created in the System-Certificates Project
3. Create an OpenVPN connection under the PPP project and use the certificate just imported
Note that currently, RouterOS only supports tcp and does not enable lzo compression for OpenVPN servers.

Then configure the route table. The idea may be contrary to the intuition of most people. It is to set the default route as the gateway of OpenVPN, but the value of Distance is higher, that is, the priority is lower ). The default leased line gateway is used to set routes for IP addresses in China. Of course, the IP address of the OpenVPN server must also be set as a direct connection route ). This is because overseas IP addresses are not directly blocked, but are still affected by keywords. In addition, the number of IP segments in China is small, which is relatively easy to maintain.

Because the route table is still large, use the command line/ip route to enter the console:
Modify the file and change GateWay = ether1 to the name of the real line router Interface. And paste all the content to the console.

Then the entire network environment is accessible. Of course, common websites such as wikipedia and msdn are recommended to use image cache systems such as varnish to build self-built images on the Intranet to save traffic.
 

Edit recommendations]