NEED HELP WITH VPN AND IPSEC SETUP
WHO CAN LOG INTO MY MIKROTIK AND GET ME THIS VPN GOING PLEASE?
If you would like some training material, I have a video with slides on my blog. Check the link in my sig. 
If you are running dynamic IPs, IPSec is pretty useless in MT.
Static works like a champ and is really easy. What are you trying to do?
Greg, thanks for the videos. They are very informative and in-depth. I watched half of the VPN video yesterday and got an IPSEC tunnel set up very quickly. Will definitely watch the others. Thanks again!
If you are running dynamic IPs, IPSec is pretty useless in MT.
Static works like a champ and is really easy. What are you trying to do?
Greg has updated his already excellent guide to include dynamic addressing, I have been using this fine over a dynamic IP aDSL line.
Thanks Greg!
How well does it work with over 100 remote vpn endpoints all on dynamic IPs?
Pass, don’t have that many …
I just looked at it and it looks like it would work, but would be a real pain in the arse to administer. I just wish MT would handle IPSEC a little better. Certificate authentication should identify how the tunnel should be configured and what is routing through it. It has been several years, but I know I have setup Freeswan or Openswan in that manner using static concentrator and dynamic endpoints.
OpenVPN is working fine for now and I love it, but as I get more devices on my RB1000, im sure I would enjoy having the hardware IPSEC acceleration. Some of the stuff I am going to be rolling out will end up bursting upwards of 50-100mbit of AES-256 encryption across 100+ clients.
The other reason I would prefer to use IPSEC is main stream acceptance. Every other time a customer undergoes a security audit, I have to TEACH someone about OpenVPN. If I tell them it is certificate authenticated IPSEC w/ 3DES/SHA, they dont ask any more questions.
Hopefully, SSTP will work out good and I can just use that.
OCSP support would be nice. 