Tuesday, March 17, 2015

Simulasi PPTP Server Melalui PPPoE

Kelanjutan dari postingan sebelumnya. Kita tambahkan beberapa perangkat lain, dan akan terlihat network seperti pada gambar di bawah ini.
PPPoE dan PPTP dengan Cisco & Mikrotik

Nantinya akan ada server PPTP yang akan diakses oleh PC1. Apa itu PPTP ?
PPTP is a secure tunnel for transporting IP traffic using PPP. PPTP encapsulates PPP in virtual lines that run over IP. PPTP incorporates PPP and MPPE (Microsoft Point to Point Encryption) to make encrypted links. The purpose of this protocol is to make well-managed secure connections between routers as well as between routers and PPTP clients (clients are available for and/or included in almost all OSs including Windows). (wiki.mikrotik.com)


The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.(wikipedia.org)

Intinya PPTP itu tunneling, salah satu dari VPN (Virtual Private Network). Daripada semakin bingung dengan pengertiannya, kita langsung ke konfigurasi. Uraiannya tidak usah panjang-panjang, karena masih banyak simulasi yang ngantri... :)

ISP backhaul.
Tidak ada settingan spesial disini. Hanya setting ip address biasa saja, tanpa routing. Masih sederhana.
ISP-BACKHAUL#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
ISP-BACKHAUL(config)#inter fa0/0
ISP-BACKHAUL(config-if)#desc ##CONNECT-TO-PPTP-SERVER##
ISP-BACKHAUL(config-if)#ip address 172.16.2.2 255.255.255.252
ISP-BACKHAUL(config-if)#no shut
ISP-BACKHAUL(config-if)#inter fa1/0
ISP-BACKHAUL(config-if)#desc ##CONNECT-TO-PPPOE-SERVER##
ISP-BACKHAUL(config-if)#ip add 172.16.1.2 255.255.255.252
ISP-BACKHAUL(config-if)#no shut
ISP-BACKHAUL(config-if)#do wr
Building configuration...
[OK]

PPTP-Server.
Konfigurasi interfacenya, dan jangan lupa tambahkan routing default ke arah ISP backhaul.
PPTP-SERVER#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
PPTP-SERVER(config)#inter fa0/0
PPTP-SERVER(config-if)#des ##LAN-CONNECT-TO-SERVER##
PPTP-SERVER(config-if)#ip address 10.10.10.1 255.255.255.0
PPTP-SERVER(config-if)#no shut
PPTP-SERVER(config-if)#inter fa1/0
PPTP-SERVER(config-if)#desc  ##WAN-CONNECT-TO-ISP-BH##
PPTP-SERVER(config-if)#ip address 172.16.2.1 255.255.255.252
PPTP-SERVER(config-if)#no shut
PPTP-SERVER(config-if)#exit
PPTP-SERVER(config)#ip route 0.0.0.0 0.0.0.0 172.16.2.2

Lanjutkan dengan mensetting pptp
PPTP-SERVER#config ter
Enter configuration commands, one per line.  End with CNTL/Z.
PPTP-SERVER(config)#vpdn enable
PPTP-SERVER(config)#vpdn-group 1
PPTP-SERVER(config-vpdn)#accept-dialin
PPTP-SERVER(config-vpdn-acc-in)#protocol pptp
PPTP-SERVER(config-vpdn-acc-in)#virtual-template 1
PPTP-SERVER(config-vpdn-acc-in)#exit
PPTP-SERVER(config-vpdn)#exit
PPTP-SERVER(config)#inter virtual-template 1
PPTP-SERVER(config-if)#ip unnumbered fa0/0
PPTP-SERVER(config-if)#peer default ip address pool pptp-pool
PPTP-SERVER(config-if)#no keepalive
PPTP-SERVER(config-if)#ppp encrypt mppe 128
PPTP-SERVER(config-if)#ppp authentication ms-chap ms-chap-v2
PPTP-SERVER(config-if)#exit
PPTP-SERVER(config)#ip local pool pptp-pool 10.10.10.10 10.10.10.254
PPTP-SERVER(config)#username user1 password 12345
PPTP-SERVER(config)#do wr
Building configuration...
[OK]
PPTP-SERVER(config)#

Selesai. PPTP-Server sudah dikonfigurasi. Dan sudah ready.

Mikrotik Client (PPPoe Client Mikrotik)
Pada postingan sebelumnya, sudah disetting router Mikrotik client, tinggal ditambahkan beberapa baris konfigurasi saja. Setting pptp-client.
/interface pptp-client
add add-default-route=no allow=pap,chap,mschap1,mschap2 \
    connect-to=172.16.2.1 dial-on-demand=no disabled=no \
    name=pptp-out1 password=12345 profile=default-encryption user=user1

Seting firewall nat dan routing untuk IP yang mengarah ke PPTP-Server.
/ip firewall nat
add action=masquerade chain=srcnat disabled=no dst-address=10.10.10.0/24 \
    out-interface=pptp-out1 src-address=192.168.10.0/24
/ip route
add disabled=no distance=1 dst-address=10.10.10.0/24 gateway=10.10.10.1 \
    scope=30 target-scope=10
Cek Status dan Test Ping
Cek status dari router Mikrotik Client. Jika berhasil, seharusnya akan ada tambahan IP address pada interface pptp-out1.
Cek Address List


Setting dulu IP address di Server dan User PC1.
SERVER> ip 10.10.10.2/24 10.10.10.1
Checking for duplicate address...
PC1 : 10.10.10.2 255.255.255.0 gateway 10.10.10.1

SERVER>
PC1> ip 192.168.10.2/24 192.168.10.1
Checking for duplicate address...
PC1 : 192.168.10.2 255.255.255.0 gateway 192.168.10.1

Dan lakukan test ping dari User PC1 ke IP 172.16.2.1 (Router PPTP-Server) dan 10.10.10.2 (Main Server).
PC1> ping 172.16.2.1
84 bytes from 172.16.2.1 icmp_seq=1 ttl=252 time=45.506 ms
84 bytes from 172.16.2.1 icmp_seq=2 ttl=252 time=52.506 ms
84 bytes from 172.16.2.1 icmp_seq=3 ttl=252 time=16.002 ms
84 bytes from 172.16.2.1 icmp_seq=4 ttl=252 time=29.004 ms
84 bytes from 172.16.2.1 icmp_seq=5 ttl=252 time=23.003 ms

PC1> ping 10.10.10.2
10.10.10.2 icmp_seq=1 timeout
84 bytes from 10.10.10.2 icmp_seq=2 ttl=62 time=94.512 ms
84 bytes from 10.10.10.2 icmp_seq=3 ttl=62 time=80.510 ms
84 bytes from 10.10.10.2 icmp_seq=4 ttl=62 time=69.009 ms
84 bytes from 10.10.10.2 icmp_seq=5 ttl=62 time=68.008 ms

Ok.. berhasil... mudah sekali bukan... ??
By di
Label: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)