Links

MikroTik

This article will guide you trough configuration of Branch Connector feature on MikroTik router.
Branch Connector interconnects your on premise network with GoodAccess using IKEv2 or IPsec tunnel and allows team members to access on premise LAN or defined systems remotely.

Connecting Mikrotik with IKEv2

  • Does not require on premise public static IP
  • IKEv2 configuration allows to use Mikrotik as main router (which is connected to internet) or place it local to your LAN behind main router

Step 1

Step 2

Enter details below:
  • Name: Choose name of new Branch
  • Type: Branch
  • Subnet: Private subnet of your Branch LAN behind the MikroTik (e.g. 192.168.88.1/24)
  • Gateway: Choose the GW you want to connect to
  • Protocol: IKEv2

Step 3

  • Safe all information from point 2 of the configuration guide
  • Download setup files
Please note: For security reasons, the password cannot be re-displayed after closing this window. If you lose your password, you can generate a new one. We highly recommend that you save it in a secure password manager.

Step 4

Open Mikrotik interface and upload following files to Mikrotik file folder:

Step 5

Open Mikrotik Terminal and run the following script:
/import ga-setup-branch.rsc

Step 6

Enter all requested details according to step 3:
  • Username - VPN username
  • Password - VPN password
  • Gateway address - Hostname of your GoodAccess Gateway
  • Gateway subnet - GoodAccess Gateway subnet
  • Your local network - Private subnet of the Branch LAN behind the MikroTik.
  • What is CA certificate name - Name of the CA Certificate file stored in your MikroTik files

Step 7

If you get the message "Script file loaded and executed successfully", check if the connection is active in Mikrotik interface (IP -> IPsec -> Policies and Active Peers)
​
You can check connection status in GoodAccess control panel in Clouds and Branches section.

Step 8

If you have not activated Access Control feature in GoodAccess control panel, every connected member will have full access to whole on premise LAN.
​
You can activate the access control according the guides for S​ystems and Access Control.
​
​