I need to set up a tunnel and I’m wondering what the best option would be. I have cameras and an NVR on a mountain top, that signal comes down from the mountain top Wireless to a friends house. he does not have that wireless connection connected to his home network so I figured I will but another MikroTik router and create a tunnel so that I can have a direct connection to the NVR on the mountain top and my MikroTik at home. Security isn’t a big issue with this, so it doesn’t need to be overly complicated. Is an IPSec tunnel my best option? are there any good tutorials that can help me fully wrap my head around the concept?
Hello,
An easy way is using PPTP, but if you want to use IPsec you have the option of using L2TP with IPSec.
The Wiki has setup example, on youtube you will find step by step
For camera’s I would be using L2TP with or without IPSec
The reason being that L2TP is the only UDP based VPN that Mikrotik supports
Camera’s usually stream at a constant bitrate without stopping, if you have a situation where your link becomes a little bit flakey (even just for a moment) then you’re going to have TCP transmission problems.
The 30 second rundown if you are unfamiliar with TCP vs UDP is that TCP establishes connections, ensures packets arrive in order and will retransmit packets get lost or dropped along the way. Really important for data streams to ensure i.e. your document file didn’t get corrupted and its all there. But not at all important for phone calls (who cares if you missed a syllable that was said 2 seconds ago) and arguably not always important for camera streams.
However most camera’s use TCP by default. The camera stores information in a memory buffer and will retransit any missing picture information if it was lost. This is perfectly fine for i.e. a file transfer that just slows itself down until it can catch up again, but the camera doesn’t stop transmitting. It’ll keep going so you havn’t missed any frames. So if your bitrate is say 4mbit/s then it can spike to say 8mbit/s if it has to retransmit a second worth of data. This can spike up quite a bit if there’s a dodgy connection or it drops entirely for a few seconds. Now combine this with a TCP based VPN. The VPN will also retransmit frames that were lost, so you are ‘at least’ doubling your data again (the VPN retransits the data that was corrupted/lost, and the camera also retransits as it didnt hear a response saying “a-ok!” soon enough). This can quickly cause a huge bandwidth spike, exceed the capacity of the link repeatedly causing massive retransmissions and totally overwhelm the link
So unless you have oodles of bandwidth for overhead I would highly suggest a UDP based VPN so that the VPN itself never retransmits lost frames and doesn’t cause this perpetual traffic congestion that crumbles itself if the link gets a bit dodgy, let just 1 device do this (the Camera) and personally I prefer UDP camera streams as well so that camera data remains in realtime and I don’t have a 30 second buffer due to delayed frames. But if completion of footage is more important to you (watching a crim and ensuring all data gets there for evidence is probably more important than any delay) then stick with TCP camera streams
millenium7, that answer is is a lot more in depth than what I was expecting to get, but was absolutely perfect. You covered a few things that I had as afterthoughts. so The NVR is recording on the mountain top, so all I am really after is a constant stream to push to my website. The Link is wireless, so there isn’t a lot of bandwidth, and it can get a little choppy at times. I would rather it just picks up where it can after the signal drops out and not worry about trying to recover lost data. If I need the lost 10 second clip, I will pull it from the NVR. I will start looking into the L2TP setup between 2 routers. I have set up a few clients on L2TP just not never router to router. I expect to stumble a few times, but Ill get it eventually. Thanks for the info.