Best site to site sertup

RouterOS Beginner Basics
1

I’d be interested to hear about your opinion about the best protocol to use to site to site VPN.

This is Mikrotik to Mikrotik.
Each side has multiple subnets.

By “best” I mean

  1. Easy to setup
  2. Performance
  3. Reliability

I have a few IPSec setups that work but


  1. I find them rather hard to setup - and some just won’t work for some reason
  2. Performance is “good enough” when using CCR
  3. Reliability is NOT that great - I’d say I have a “hang” (tunnel up but no traffic) every 2 weeks or so. Not terrible but definitely could be better.

Many thanks in advance for your feedback

2

Wireguard for the untrained,
Ipsec VPN works great for those that are trained.

3

Thanks - didn’t realise Wireguard was now proposed by RouterOS.

4

Only on the beta firmware but they are up to RC7 I think. Its getting refined…

5

I have several point to point WireGuard tunnels running on RC6 and have had no issues with them at all.

6

I can’t complain about IPSec for site to site.

  1. It may not be easy and intuitive at first, but once you figure it out, it’s ok.
  2. AFAIK it’s the only hardware accelerated VPN in RouterOS (if CPU supports it), so you can’t get better performance from anything else. I didn’t yet compare it with Wireguard, it should have good performance too, but I’d guess that not as good as accelerated IPSec (correct me if I’m wrong).
  3. Reliability is mostly good. I had problems with that only few times, when ISP was doing some weird filtering, but there it didn’t work from the start. If it does work, it’s set it & forget it.