Hello
Please can someone tell me about which is the best VPN company (IPVanish-NordVPN-ExpressVPN etc.) for mikrotik setup?
What is your definition of “the best”?
BestVPN is one you make yourself, host CHR somewhere and use native Mikrotik protocols (EoIP, IPIP, etc.)
Generally avoid TCP based protocols (SSTP, OpenVPN) for performance reasons (single TCP connection), always prefer UDP ones (PPTP, L2TP,…).
Obviously it all depends on what you are trying to do.
True.
This often depends on what the clients will be…
Phones, Laptops, servers, firewalls??
You also need to consider the type of Internet connection the clients will be coming from - in some cases, TCP/443 behind NAT is all you are allowed to use.
UDP based VPNs are great if they meet the requirements listed above, if not, then select a VPN for connectivity first, then performance.
I think he is (like most new users) not looking for a VPN in the traditional meaning (to make a virtual network between two routers he is both managing), but the “new meaning” of “route all my internet traffic to some more-or-less trusted party who will route it to internet, instead of doing that directly via my ISP”.
This really only makes sense when done from endpoint devices (like a PC or Phone), but for some reason people want to do that from their router too.
If they support L2TP and will happily give you a username, password and IPSEC key then they should be fine.
Yeah, but that is less and less popular for that kind of service. They move towards IKEv2, OpenVPN, Wireguard etc.
Now that OpenVPN has UDP support in ROSv7, I expect we’ll see a large migration to that once ROSv7 is prod and stable.
We’ve scaled OpenVPN to more than 100,000 clients with MikroTik for IoT solutions…it works really well
I wouldn’t celebrate yet, there’s udp in v7, but it wasn’t the only missing feature. So it’s great step for own use, but not much changed for interoperability with someone else’s service using standard OpenVPN.
Since v7 and Spinrite 6.1 seem to be a long way off, what is a good secure Mikrotik to Mikrotik VPN that also lets road warriors in, or are we talking 2 different situations?
thanks
For roadwarrior clients I normally use L2TP/IPsec.
A single IPsec PSK is shared between all clients and each client has a username/password.
Of course when you want you can add the extra complexity of using certificates, and/or maybe IKEv2.
We’ve been able to interop with non-MikroTik OpenVPN linux builds. It takes a little work but is completely doable.
The question is more: is it interoperable with existing OpenVPN server deployments as they are commonly made, without server-side changes.
Until then, there will be issues when connecting to servers that are outside your own control for management/configuration.
It would be best when MikroTik just used the existing OpenVPN code, as far as that is possible w.r.t. licensing.
Many of them work with wireguard…
I’ve tried ProtonVPN, Mullvad and IVPN using Wireguard, all of them work well!
I have used Ivacy VPN that’s why I am suggesting Ivacy VPN
I have also used Nord VPN, it is also an excellent VPN for Mikrotik Router.
Doing it on your router allows you to use the VPN services on devices that don’t have their own clients. Also allows the device to be “always” connected to the VPN as long as it is on. No waiting for the OS to fully load so that the user can then start a connection, leaking traffic before this happens.
But then you again have a path that you cannot trust, because others could be looking at the traffic in your router.
Well, I don’t think that whole VPN circus makes sense anyway. You move the possibility of the traffic monitoring off your ISP, on to “a VPN provider”.
Some people think that a VPN provider with a shiny website and some “we don’t log” claim has any credibility and can be held to their promises, but in fact it could just as well be the secret service that is running it and is logging all your internet traffic, without even having to go to the trouble to ask for a tap at your ISP.
For me, it does not add any value. I only use VPN technology in the classical meaning of the word.