I am wondering are EOIP tunnels, by default, secure?
We ordered 15 routers, setup eoip tunnels on them, JUST EOIP, no pptp, ppp, or anything.
Are these secure? Our person we bought that routers from says yes.
We just went into interfaces–>EOIP–>Add, created them there, NO OTHER TUNNELS.
So by default, are these secure? These are 15 routers, remote sites, talking to 1 router in another state.
Thanks fro your help!!
EoIP tunnels are not secure. If you want encrypted EoIP you have to run it through another secure tunnel, like ipsec.
So if I remove EOIP’s, setup pptp’s and then eoip on top, does it all route as easily as just a eoip tunnel?
These EOIP’s were so easy, just create, put route table, on other end put route in and then masquerade.
Better question, is the new gateway the other end off pptp tunnel then?
Yes it is also easy. run EoIP over any ppp tunnel and set up routes to reroute traffic over EoIP.
p.s. pptp is also not as secure as you may think.
IPSec in RouterOS unfortunately isn’t exposed as an interface, which is a shame. So that works differently. PPTP works as an interface so it is configured equivalent to EoIP, pretty much. That said IPSec isn’t rocket science to configure, and it is significantly more secure than PPTP. Once you overlay EoIP over IPSec (IPSec for IPv4 cannot transmit anything but unicasts, so that is a common solution) of course the routing portions and EoIP portion stay the same - you just take the generated EoIP packets that encapsulate the packets you routed into the EoIP tunnel and in turn encapsulate them in an encrypted payload. The other side decrypts that payload, sees that it is an EoIP tunnel packet, decapsulates that payload, and you have the original packet at the other side of the tunnel.