Hi, I am new to this.
I need to set a secure VPN between three sites.
Two branch offices that has to connect to my server behind my firewall
Each one has a public IP
Example
Head office WAN 190.40.79.41/30
LAN 10.1.0.0/24
My Server 10.1.0.2 that I need to access
Branch 1 WAN 191.128.110.190/30
LAN 10.0.6.0/24
Branch 2 WAN 190.38.113.28/30
LAN 10.0.7.0/24
What is by best option, and any suggestions o links to do this will be appreciated
IPSec in tunnel mode would be my choice. Using pre-shared keys (PSK) is convenient and easy, otherwise certificates are considered more secure. IPSec in tunnel mode uses the UDP protocol, so better VPN performance than TCP based VPNs. IPSec uses policies to route traffic over the tunnel, which I find slightly more semantic than other VPN types. The rest of the VPN types create an interface, then you have to set up NAT and routing.
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
PPTP uses encryption but considered weak. It’s easy to setup and is based on the GRE protocol so in theory likely to perform better than TCP based VPNs.
SSTP is very secure but will perform worse than IPSec and PPTP. You need to add certificates to your Mikrotiks. SSTP is good for getting around outbound firewalls since it’s encrypted and normally transported over port 443.
OpenVPN on a Mikrotik is limited to using TCP only. Articles online will say OpenVPN performs better than others but that’s when in UDP mode.
EOIP operates at the Ethernet layer and will send broadcasts over your tunnel. It also does not encrypt. You can add encryption with IPSec but EOIP is typically used as a layer 2 bridge between lans.
As for performance, I haven’t actually done performance tests.
I implemented L2TP + IPSEC on RB922, but found that it’s performance was asymmetrical and it reduced the performance of traffic from the router to my PC by a factor of 100 which made it practically unusable. OpenVPN is the way to go. It’s secure, and fast.