How to configure the Mikrotik CHR on MVPS

H

By default, the Mikrotik CHR has no configuration added. The default user is admin and there is no password (press enter when asked for password).

As soon as your Mikrotik VPS is ready, go to the Servers page, search for your Mikrotik VPS and click on the “Details” button. You will be taken to the VPS management page where you will have access to the web console and you will be able to see the network details as in the image below. Please take note of the IP address and of the gateway (the prefix is always /24)

From the left menu, click on the Console button as shown below:

A new window will be opened with the novnc console. The first thing to do is to login. Enter admin as the username and just press enter when asked for the password.

You will then be asked to set a new admin password (Please use a really strong password).

The WAN interface (which should be the only one) is ether1. We next configure the IP address on this interface

/ip address add address="2.56.212.40/24" interface=ether1

We add the default route

/ip route add dst-address=0.0.0.0/0 gateway=2.56.212.1

And we set up DNS (we recommend google dns)

/ip dns set servers=8.8.8.8,8.8.4.4

And we block remote DNS requests to prevent amplification attacks:

/ip dns set allow-remote-requests=no

You should now be able to connect using winbox.

You should now create a firewall and block all input traffic except for your trusted IPs. If you do not have static IPs, block all ports and leave only Winbox (tcp/8291) open.

Don’t forget to update the CHR to the latest version and set up the firewall to only accept access from your trusted IPs (Don’t leave everything exposed).

We recommend to read and follow this guide for securing your mikrotik router.

Keep in mind that you will need a Mikrotik CHR License if you plan to use it with more than 1Mbps after the trial license expires.

About the author

By mvps

Recent Posts

Archives

Categories