LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Step 1 - Creating a new branch connection
  • Step 2 - Uploading the script and setup files
  • Step 3 - Setting up a site-to-site connection

Was this helpful?

  1. Configuration guides
  2. Branch Connector

MikroTik

This guide will show you how to connect your MikroTik device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

PreviousFortiGateNextSonicWall

Last updated 3 months ago

Was this helpful?

Connecting MikroTik with IKEv2

  • Does not require on-premise public static IP

  • IKEv2 configuration allows you to use MikroTik as the main router (which is connected to internet) or place it locally in your LAN behind the main router

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IKEv2 Protocol, and click Save.

Click the Edit button of your Branch, and navigate to the Configuration Guide.

Save your Credentials and Download setup files.

You may return to the configuration via the Edit button of your Branch at any time.

Step 2 - Uploading the script and setup files

Download a script for MikroTik:

Log in to your MikroTik device, and go to Files.

Step 3 - Setting up a site-to-site connection

Please note: Deploying the script on a already configured device could disrupt your existing setup. Please review the script thoroughly and ensure compatibility with your current configuration before deployment.

Go to Terminal and run the following script:

/import ga-setup-branch.rsc
  • VPN username

  • VPN password

  • Gateway address

  • Gateway subnet

  • What is your local network - Cloud/Branch subnet

  • What is CA certificate name - Name of the CA Certificate file stored in your MikroTik files

Connection is established when the message "Script file loaded and executed successfully" appears.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • MikroTik - IP > IPSec > Policies and Active Peers

Upload the script and setup files from (extract the files first).

Enter the credentials from GoodAccess :

🖥️
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
RouterOS v6 (6.46 and newer)
RouterOS v7
Step 1
(Step 1)
Uploading the script and setup files
Setting up the site-to-site connection
Router's graphical user interface (GUI) with labeled elements highlighting key steps to uploading files to MikroTik.
Router's Terminal showing configuration of a site-to-site connection.