Hi,
I recently set up VPN on my hAP AC^2 to get access to monitoring/NAS from the world. From what I heard this is the best solution to access private environment insted of exposing it directly to the internet via public IP. I am not networking pro so I used new Mikrotik Home app and checked “enabled” under VPN option. After that I edited L2TP and VPN secrets and changed them to 12+ characters, nondictionary passwords and also edited standard vpn profile name used to login to some uncommon one. Everything is working fine, connection from my Android phone is flawless, but in logs I see a lot of new red lines, which makes me a bit sceptic. I know there will be attempts like that, but I want to be sure I am in comply with best practices.
I would be worried about the fact that besides L2TP over IPSEC, you are also hosting PPTP. I would disable the latter, that will safe you a lot of logmessages.
Thank You, disabled. And how about SSTP?
I see that enabling VPN via app enabled those three together.
Would just use LT2P over IPSEC, that will do just fine.
Thank you, less of scary logs indeed.
You are very welcome!
First of all, don’t use pptp 'cause it’s too much insecure.
Second, a good L2TP over IPsec is the right choice for your vpn or, if you are not using in an “enterprise” way, openvpn server on Mikrotik with certificates and you’re way good ahead