In the past I had IPSec tunnels connecting my various RouterOS gateways to my management center. These tunnels are in constant use for monitoring and management access. We had a lot of problems with load and performance with IPSec on routerboards and switched to IPIP (on the recommendation from an MT consultant). That was a good quick fix, but I’d like to get encryption back into the mix.
So, I know IPSec hits the routerboards pretty hard. What about OpenVPN? PPtP? The gateways are 532’s (various revisions, and no, replacing with 300 or 400-series boards is not practical at this point).
We just use PPTP for all of our management outside of our network, it’s simple and is encrypted sufficiently for management traffic. We have around 30 sites connected currently without issue on a mix of 2.9.x and 3.x
It’s especially handy if you have dynamic IP’s out there as well because you don’t need to trust the IP at the CPE end to connect.
I’ve just completed setting up a site to site VPN for my office. I’m using L2TP with encryption and it works rather well. It’s MPPE 128 stateless and whilst it may not be quite IPSec, it’s pretty good although I’m no security expert so flame away if you disagree.
My home router is a 532 running 2.9.51 and this connects to my office running an x86 3.11 router.
When I switch my laptop on at home, even my AD login scripts run and apart from the obvious LAN vs DSL speed, it’s the same as if I was at the office.
Perhaps this is not what you’re looking for but I first tried PPTP then L2TP and found this to be suitable for me.