search
GoodAccess WebsiteRequest Free TrialDownload App

MikroTik

This guide will show you how to connect your MikroTik device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

circle-info

hashtag
Connecting MikroTik with IKEv2

  • Does not require on-premise public static IP

  • IKEv2 configuration allows you to use MikroTik as the main router (which is connected to internet) or place it locally in your LAN behind the main router

hashtag
Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter a Name (e.g., Prague Office), select the required Gateway, and define your local Subnets (using CIDR notation).

Choose IKEv2 Protocol, and click Submit to create the connection, or Continue to define optional Branch Segments for finer access control.

Once the connection is created, locate it in the list and click the Configuration Guide button to retrieve the parameters and configuration files for your device.

circle-info

You may return to the configuration via the Edit button of your Branch at any time.

hashtag
Step 2 - Uploading the script and setup files

Download a script for MikroTik:

Log in to your MikroTik device, and go to Files.

Upload the script and setup files from Step 1 (extract the files first).

Router's graphical user interface (GUI) with labeled elements highlighting key steps to uploading files to MikroTik.
Uploading the script and setup files

hashtag
Step 3 - Setting up a site-to-site connection

triangle-exclamation

Please note: Deploying the script on a already configured device could disrupt your existing setup. Please review the script thoroughly and ensure compatibility with your current configuration before deployment.

Go to Terminal and run the following script:

Enter the credentials from GoodAccess (Step 1):

  • VPN username

  • VPN password

  • Gateway address

  • Gateway subnet

  • What is your local network - Cloud/Branch subnet

  • What is CA certificate name - Name of the CA Certificate file stored in your MikroTik files

Router's Terminal showing configuration of a site-to-site connection.
Setting up the site-to-site connection

Connection is established when the message "Script file loaded and executed successfully" appears.

You have now successfully connected your device to GoodAccess.

circle-exclamation

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

circle-info

You may check the status of the connection in:

  • GoodAccess: Go to Control Panel > Network > Clouds & Branches to view the tunnel status. Use the Test Connection button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled).

  • MikroTik: Go to IP > IPSec > Policies and Active Peers.

PreviousFortiGateNextSonicWall

Last updated

Was this helpful?