hi community,
apologies if this has already been asked before.
we are an isp and have a project of connecting 10 branch ofc to the hq.
all these branches and hq fall inside our wireless tower network.
each site requires 3Mbps link to hq.
i know just setting up a private subnet on their branches and hq is allowing them to communicate.
but we want to secure the setup using mikrotiks, and at the same time also make the branches visible to hq & vice versa.
should we setup a pptp srvr at hq and let the branches dial in? or eoip? but read that eoip consumes alot of cpu.
any suggestions? also advise on something that can dial in automatically, as there are several power cuts in the region.
thanking you all.

hi
pptp - insecure
EoIP - it's best to use it when you need to get one broadcast domain between, and between the routers there is an Internet network.

If I understand you correctly, then you will be approached by the VPLS as the fastest tunnel

SSTP works pretty well as a VPN that branches can "dial" back into a central location.

Benefits are:

1) AES256 encryption - can be cert based
2) Uses TCP/443 so having ports blocked for VPN is rarely an issue
3) Is a native protocol on Microsoft operating systems and can be setup very easily in windows without additional software

Thank you all for the suggestions, just wanted to clarify that all these sites are connected on our network. So internet not required to reach from the branch to the HQ.
Just for their LAN security, we want to know if PPTP or EOIP? or any other suggestion. Something that is not heavy weight and auto connects.