Build your own Cloud-Based VPN Server with MikroTik in minutes!

Things are simple: when I see my favourite network professional - teacher I hit like and subscribe! Thank you very much for your time and effort.

This was a great tute, both for basic AWS instance controls and Mikrotik CHR - thanks man much appreciated!

one thing is missing there
sniffing the traffic and show us the MTU resoult, before the mangle rule. well done!!

Ty for the MSS clamping trick!

Your every video of this new series brings happiness

great job and thanks for putting this wonderful job out!

You are amazing man. Learn so much from you

Informative ... I was hooked to the whole video !

For whole subnets, worrying about local outgoing traffic, routes, table and routing rules makes sense. Mangling makes sense when you have a group of unconnected IPs (less than a subnet or some from a few subnets).

IMPORTANT NOTE:
If you are planning to use this as your primary VPN server please ensure that you are eligible for the AWS Free tier that gives you 100GB of bandwidth and 750hrs of instance time each month for a year. If you are going to be exceeding those bandwidth limitations please use the AWS pricing calculator (In advanced mode) to see what the potential charges could be if you are someone doing Terabytes of data. Link below:
calculator.aws/#/addService/EC2
I highly suggest licensing your CHR if you want to get the best out of it, all details can be found here:
wiki.mikrotik.com/wiki/Manual:CHR

Hello,
You have done SUCH A GREAT JOB for this video.
I really appreciate your effort and time to make this!

Thanks!

Hello Mr Berg...! very thanksful that's awesom..! so in your last rule that you created what if my wireguard is in windows machine for example is there is a way that i can do the same thing -(how can i change the MSS for it...?

Please, can you elaborate more on the MSS clamping ? i always done that blindly, but i would like to know once and for all what that do.
in my personal experience, i have never seen applied that clamping just to syn... wondering why...
thanks :)

For Input rules on AWS, do they accept domain names (aka resolve them - thinking using iP cloud name )

Thanks a lot for your awesome videos.
In minute 26:40 you mentioned that you can do it with allowed addresses instead of NATing, how that would work if we have more than 1 nodes connected to the client router?

Great demonstration.
In my country some websites are blocked, would you please explain how to get access to those websites through the wireguard VPN tunnel.
What I mean if I want to get access to those web sites I go through the VPN tunnel, while the other unblocked websites reach them through the normal routing.
Thanks.

Very nice explanations. Could you please show how to use the IPv6 with Wireguard on AWS please?

If AWS has a free tier, then that makes my Discord bot hosting desires to be viable (at least at the start) :D And nice tutorial, I guess I'll try it out with VMware. If it works, then I guess trying it out with AWS will be the next step.

I was wondering, is it possible to configure an CHR instance on cloud and use it as a VPN relay? for example if i have site A (internet behind cgnat) and Site B (internet behind cgnat) and i would like to create a site to site tunnel between A & B, could i use a cloud instance that is not behind cgnat in order to tunnel these 2 sites?

can you tell us about Openvpn server? Or how to put containers on chr, and in ovpn containers?

Oracle cloud has arm instance eternally free. much easier install wireguard on linux there.

Nice

During the live comments some chap recommended LightSail, but there is no way I can see to add MT OS to light sail. It only has linux or some derivative and Windows Servers for options ????

Is it possible to setup a radius server on chr and use it to authenticate hotspot users in other mikrotik routers?

The hardest part of this is finding the applicable AWS selections that allow hosting CHR. Is it Amazon EC2, or Lightsail etc. None of which are obvious on the AWS selections page. Certainly doesnt come up via networking but through 'featured services' .

Anyone knows how to handle MTU issue on Keenetics? I have Mikrotik set up on AWS as in video and home Keenetics router as a winguard client, is there same setting? I found somewhere and set MTU=1300 on Keenetics - seems like works ok, but would like to use proper solution.

Quick question, I have been fiddling this for quick some time and I gotta ask you this. if we want to use our Mobile Wireguard app, is there any option in the settings of the app to give mobile hotspot ips of the subnet we are using to connect?
For example i use my phone (road warrior) as a mobile hotspot. I want everyone who connects to my hotspot to be tunneled via wireguard. Is that possible?

what if via cloudflare tunnel?
Can I open Mikrotik via Winbox?
If you open the proxy via web based there is no problem

Hi NetworkBerg, Where can I get a L2 Cisco switch image for my eve-ng?

How did you activate the containers? To activate them, you need to hard-turn off or restart the virtual machine from the hoster. In most cases, this is not possible. I was able to do this on my computer, because after activating the command, I just turned off vmware. But the hoster for some reason does not know how.
/system/device-mode/update container=yes

Pls add video,how install sstp service. Full video

What about docker-container SNORT for MT router video??

Is there any another way to host Mikrotik on cloud or VPN server for free or cheap? Prefer cheap only. AWS is good but there need credit/debit card and auto renewal. So that's the catch I don't want to go there.

I found Contabo to be the cheapest hosting service, the latency sucks for South African users though @ 172ms to my server.

great tutorial! any chance not being lazy and explain marking and routing specific traffic over the tunnel?

Watch the video three times, Followed to a T, ,Still no traffic passing.

Need more clarity on 1500 issues on bottom end. ??

Thanks for the video, but
1. Shit - use wireguard\openvpn\etc. installing on EC2 instance (12Months of free tier AWS 750H/M of EC2 it's enough)
2. Licensing ROS CHR it's money + AWS fee for using it
3. Need to create separate SG from ALL to ALL to that cloud router + ROS FW or SG with rules + ROS FW what demonstrates the absurdity of idea
It's useful when you do not want things like IGW from AWS... with more functionality and routing firstly but for me it's seems like 50/50.
Maybe i'm wrong.

please make solution for mikrotik ovpn 2fa authentication 10000 point

Well done for using AWS and not sullying your good name walking the M$ road. #netscape #novell

AWS will punish you with bandwidth cost. So you'll be very limited with downloads.
You might want to assess other CSPs for "free of charge home usage" VPN

Hi great videos, i want to connect a wireguard vpn from one site with opublic ip to other site before cgnat, i want to use in the middle a chr vps to bypass the cgnat from starlink and connect susseful the wireguard but i cant do it can i contact you to help?