I’m trying to become a PPTP VPN Service Provider for Oversea clients group.
Problem is, some of our client group in China complainning to me about unstable connection, low bandwidth, high latency.
for Fix this problem, I need any kind of solution.
Most of problems comming from oversea bandwidth between Korea-China. there are huge number of internet user who cunsumnmng bandwidth. but i can’t handle it. so i give up about this problem.
Actually from my office to end point of Korea’s internet jucktion is very fast(ping less then 11ms), and end point of China’s internet jucktion is also not bad(ping less then 50ms) but after then. it connect to Beijing(ping around 60ms) and ChangChun( pring around 70~130ms) and finally to YanJi(pring around 80~250ms)
this is Traceroute result of one of client IP from LG Telecom.(when most quite and calm time : 10A.M.)
No, the connection quality will not be dependent on how many routers or appliances you install - it will allways be dependent on the quality of the connection between two endpoints. YOu can try to compare the reliability of differentv VPN technologies over unstable and high-latency links and try to increase the eficiency of that VPN connection with higher-level protocol.
And Yes - you can use miktorik to create VPN endpoints - you have several VPN options including EoIP for ethernet frames tunneling over IP networks.
However, Finally i found solution. my major ISP LG telecom advice me as below.
ignore ping values of present route to client in China, If I have a server at fixed location in China, they can make most short and reliable route to that server and they guaranty minimum bandwidth or maximum latency.
LG telecom said they have a branch office in China which direct connected to all of Major Chinese ISP. so they can easily negotiate with those ISPs to ask optimize route between My china server and clients too.
Only problem is, If i don’t have any server or router in China, they must trace each client IP and fix route for each client. it is hard job and they can’t do for one customer like me.
they suggest if I install vpn concentrator in China IDC which they recommended, most of instability and high latency or delays problems will disappear.
seems not bad offer to me.
so. now i have new question for new network environment.
I will post when i’m ready to properly ask.
There are many option to using as a tunneling between two point.
Ipip,PPTP,L2TP,EoIP..etc
but which one is best for my case?
I want make fast & stable connection.include fail-over function. security is not a issue at this moment.
Day after tommorow(6Mar), I’m going to Shanghai to install one of ROS server with radius server at IDC Shanghai China. I need to make decision. please suggest to me.
I mean, if i find proper tunneling protocol, then maybe i can make 2 tunnels and make bonding too. that’s my guess.
and most of traffic is just brousing,internet banking and online gaming.
I plan each one ROS server in China need to handle 100M/100Mbps with 1000 Simultaneous PPTP connection.
I’m in airport now and waiting my flight to China.
Anyway I need to install my two servers in IDC as a co-location service.
One server installed ROS level 6 with 4 Gigabit etherport. at this time i will connect 2 ether port with 100M shared connection and static public IPs. and reserve 2 etherport for future expand.
Onother server installed Radius server (Radius manager 3.6.1) with 2 Gigabit ether port. i will connect 1 ether port with 100 shared connection adn static public IP. According to DMA softlab guy, it can handle 10000 Simultaneous client connection.
This co-location service are base on contract. so i can easily upgrade connection and add more server remotly.
I think preperation is OK now. only need proper setting up service.
If i can’t find proper solution then, i need try to find some Mikrotik certified consultant at MUM China. this is my plan B,
I’m ready to pay my bill. can anyone setting up for me?
(i send few emails to few consultant at list, and nobody answerd yet.)
Thanks for reply X187.
Yes your diagram show what exactly i want to do.
But i’m still need to decide which tunneling protocol to using between China-Korea.
after then need to setup static routing from China Router to Kores Router.
Jin Lee.
P.S. Which application using to make diagram? Visio? Concepdraw?
I’m still struggling to setup my service.
Now i’m almost knock downed.
Can anyone setting for me remotely?
I mean i want to hire some consultant.
please contact to me. seanlee0326@gmail.com +82)10-4605-8041 (24HR)
simple requirement as below.
I need setup 2 kind PPTP VPN service between Korea and China.
This is what I have at this moment.
In Korea
Public IP Block1.with 5 Dynamic Public IP 100mbps/100mbps total.(61.39.xxx.xxx/29) (IPB1)
Public IP Block2.with 5 Dynamic Public IP 100mbps/100mbps total.(210.51.xxx.xxx/29) (IPB2)
Public IP Block3.with 5 Static Public IP 50mbps/50mbps total.(112.216.xxx.xxx/29) (IPB3)
Public IP Block4.with 254 Static Public IP 50mbps/50mbps total.(218.234.xxx.xxx/24) (IPB4)
1 Radius Server with 1 Static Public IP at IDC (Radius1)
1 Router OS X86 Server license level 6 (Ver. 4.5)with 6 Ether port (Server1)
1 RB-450G Router license level 5 (Ver. 4.5) with 2 Static Public IP connected 1ther1,ether2 (Server2)
In China
1 Radius Server with 1 Static Public IP at IDC (Radius2)
1 Router OS X86 Server license level 6 (Ver. 4.5) with 2 Static Public IP connected ether1,ether2. (Server3)
1 RB-450G Router license level 5 (Ver. 4.5) with 2 Static Public IP connected ether1,ether2 (Server4)
I want setup 2 kind service.
For Normal Clients,(Maximum 1000 Client)
Make tunneling between ether2@Server1 and ether1@server3 Using IPB3@server1
Normal Clients group in China PPTP connect to ethr1@Server3
Radius1 handle authentication for Normal China Client Group
All Clients get Private IP from Server3
All client PPTP Traffic forward to Tunnel
Server1 load balancing ether2~ether6 connection with PCC. And forward back to tunnel.
For VIPClients (Maximum 250 client)
Make tunneling between ether1@Server2 and ether2@server4 Using IPB3@Server2
VIP Clients group in China PPTP connect to ether1@Server4
Radius2 handle authentication for VIP China Client Group
All Clients get Public IP from Server4 using IPB4
All client PPTP Traffic forward to Tunnel
Server2 connect to ether2 connection IPB4. And forward back to tunnel.
You might find someone quicker if you didn’t wait for a consultant to contact you, but rather went to the list of consultants (linked on www.mikrotik.com) and contacted them.
What point of tunneling and givving PPTP to users?
they will have the same speed @their fixed connection, not more not less. For example - users becomes 2mbps/1mbps for internet, so speed will be not more than these numbers, even if somewhere is 1gbps link available
Yes. You right.
But point of this service is not speed.
customer want using korean service. which not provide to oversea clients.
like a online banking, online gaming, online open market service.e-Government service.
Usually they don’t allow using from oversea for security reason.
but it’s not related with law, just a policy.
because of why. most of client in China they are KOREAN-CHINESE or KOREAN who live in CHINA.
We have few million oversea Korean diaspora base in China, US, Japan etc..
they want using Korean internet service.
My service is focused to Payment and Game.
and I also tried to contact few consultant who live in Asia via email from List.
(more then five) But, no one answered till now. that’s reason of why posting here
As has been posted before, there are many ways to do this. As your requirements are simple I would most likely use IPIP over IPSEC, terminate all PPTP tunnels in China and then route over the IPIP tunnel that is encrypted by IPSEC to Korea.
If you have a block of Korean IP addresses, you could even hand these out via PPTP in China and use BGP across the IPIP tunnel, but I am pretty sure this will be against the policies of APNIC.
You said.
“As has been posted before, there are many ways to do this. As your requirements are simple I would most likely use IPIP over IPSEC, terminate all PPTP tunnels in China and then route over the IPIP tunnel that is encrypted by IPSEC to Korea.”
Yes This is what i want to do. but security is not a matter. about IPSEC, is it requirement to this or just a option to make secure?
and I don’t want break any policy of international organization. so second option is not my interest.
Unfortunately I have too many client projects and cannot take any more on for the next month or so. Maybe one of the many other consultants on here can assist you.
