MikroTik

This article will guide you trough configuration of Branch Connector feature on MikroTik router.
Branch Connector interconnects your on premise network with GoodAccess using IKEv2 or IPsec tunnel and allows team members to access on premise LAN or defined systems remotely.



Connecting Mikrotik with IKEv2
Does not require on premise public static IP
IKEv2 configuration allows to use Mikrotik as main router (which is connected to internet) or place it local to your LAN behind main router
                                  
Step 1
Login to GoodAccess control panel at https://sign.goodaccess.com/​
Go to Clouds and Branches section and click Add new button
Step 2
Enter details below:
Name: Choose name of new Branch
Type: Branch
Subnet: Private subnet of your Branch LAN behind the MikroTik (e.g. 192.168.88.1/24)
Gateway: Choose the GW you want to connect to
Protocol: IKEv2
Step 3
Safe all information from point 2 of the configuration guide
Download setup files
Please note: For security reasons, the password cannot be re-displayed after closing this window. If you lose your password, you can generate a new one. We highly recommend that you save it in a secure password manager.
Step 4 
Open Mikrotik interface and upload following files to Mikrotik file folder:
Setup files from previous step (extract the files before uploading)
Download a script for Mikrotik FW version 6.46 to FW version 7 or for FW version 7.1.1 and later and upload it to Mikrotik file folder 
Step 5
Open Mikrotik Terminal and run the following script:
/import ga-setup-branch.rsc
Step 6
Enter all requested details according to step 3:
Username - VPN username 
Password - VPN password 
Gateway address - Hostname of your GoodAccess Gateway
Gateway subnet - GoodAccess Gateway subnet
Your local network - Private subnet of the Branch LAN behind the MikroTik.
What is CA certificate name - Name of the CA Certificate file stored in your MikroTik files 
Step 7
If you get the message "Script file loaded and executed successfully", check if the connection is active in Mikrotik interface (IP -> IPsec -> Policies and Active Peers)
​
You can check connection status in GoodAccess control panel in Clouds and Branches section.
Step 8
If you have not activated Access Control feature in GoodAccess control panel, every connected member will have full access to whole on premise LAN. 
​
You can activate the access control according the guides for S​ystems and Access Control.
​
​
Branches (On-premise)
Cisco
Last modified 9mo ago