Hello, this is my first topic. I’m new in this Mikrotik world and have a dillema.
As I can see there are 12 different VPN systems integrated in RouterOSv7.
I would like to ask experienced Mikrotik admins and users which VPN to choose for a
direct connection on two or more Mikrotik routers?
Right at the moment I have three RB4011 devices.
Every one of them has it’s own public static IP address and are physically on different remote locations.
Every one of them has LAN’s behind them with different DHCP subnets (192.168.0.1/24, 192.168.1.1/24 and 192.168.2.1/24).
Which is the “simplest” or most efficient way to make all three of them work “as one”? To make all the computers be able to see each other as they do on the same Local Area Network?
I understand that every case or use scenario is different, like the needs of particular situations, so we can use one of the 12 available options.
But, I’m trying to understand what option would be most suitable just for this one particular purpose? No streaming, no IP phones, no nothing…just plain old pc 2 pc communication, like in the simplest LAN there is…
Wireguard: Where one router will act as the server and the other two routers will connect to the single (server for handshake) router. The two client routers will be able to see each other via the primary router. All subnets will be available based on allowed firewall rules, Ip routes for the subnets and proper allowed IP settings. Remote single users can wireguard into the primary router and reach all subnets and all routers for config purposes, based on the permissions you set.
In other words, this is like adding a vlan which comes under ROS rules for routing L3 traffic and Firewall rules.
Note1: Completely self-contained within your routers.
Note2: What I would also do is establish a secondary wireguard connection between the two secondary routers, in case the primary went down for any reason and you still wanted to be able to have the two routers see each other and for road warriors to connect to the routers for config purposes or to visit subnets, etc…
Zerotier: Allows one to stitch together all your subnets as if they were on the same subnet, L2 connection. Great for multicasting etc but harder to separate out users from each other as its one happy LAN.
Clarification: Wireguard is not a client/server protocol (though many people try to use it that way). If you have three LANs that all need to talk to each other, set them all up as peers to each other so that connections between two of the LANs don’t have to go through the “server”.
Don’t understand your solution?
One needs only one wireguard interface to connect the three routers.
For backup if the MIDDLE (connecting router) is not available, then one needs a second wireguard interface on routers 2,3.
If 2 goes down 1-3 already talk, if 3 goes down 1-2 already talk.
That’s not entirely true. ZeroTier defaults to IP routing using whatever virtual subnet you prefer although it’s possible to configure L2 bridging. Additionally, there is a very flexible rule engine that, using Flow Rules, can handle almost anything you might want in terms of enabling or filtering protocols, tags, addresses, etc. As an alternative to ZeroTier Central, you might self-host your own ZeroTier infrastructure.
Ok, so I should focus on Wireguard and it’s features. It’s a start…thank you
As I can understand, Wireguard and ZeroTier are newest additions to Mikrotik technology.
Already, I don’t like ZeroTier since I read there is a big dependency on exernal third party services which
are to be subcsribed to. I wanted to use only what is free and fully operational in Mikrotik router and it’s OS
as it is - no additional equimpment or services.
