I have a Mikrotik RB2011iAS 2HnD-IN (the one with wireless). There is a Windows file and MS SQL Server behind router on internal company network.
I have some remote workers who would like to VPN in to access services on the server, so likely TCP should be enough. I would like the router to perform VPN server duties as I don’t have a room for dedicated 1U or minITX VPN server. Also router is easier to reboot, backup config and restore to spare router.
What is the best secure VPN in private network through Mikrotik to implement?
Hi,
I assume those remote workers are road warriors, so I would suggest either SSTP (this is an SSL-based VPN) or L2TP with IPsec.
The RB2011 doesn’t support IPSec hardware acceleration, so throughput might be a bit slow, but I think for general use it will be fine
I need 443 for one service accessing one service inside so L2TP with IPSEC is better. Also while I’m using 2011 now because I have a spare one to figure out how to do it, I can actually buy a better router for actual implementation.
Which recent guide would you recommend for L2TP / IPSEC and if I will buy a new router, which models have acceleration for IPSEC?
I recommend doing IPSec XAuth mode-config instead of L2TP/IPSec.
It solves multiple issues that L2TP/IPSec has.
Here is a presentation that you teach you how to properly set it up:
https://youtu.be/QlkIbx0Jpoo
(IPsec XAuth mode-config deep-dive)
Getting a router with IPSec acceleration is also highly recommended.
Don’t expect more than 20Mbps of IPSec traffic on the 2011 before hitting 100% CPU utilization.