Community discussions

 
n4p
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Wed Nov 25, 2015 9:54 pm

What L2-VPN should be used?

Tue Apr 10, 2018 7:44 pm

Hi there,
i am searching for the best vpn-standart to realise a layer 2 vpn tunnel between 1 headstation and 2-3 substations.
Those substations a connectet redudand to the headstation and using ospf.

It should be much secure as possible and made no problems if the routing from ospf changes.

Layer3 VPN is likley no option.

I already played around with openvpn tap but i can't get it working correctly, the connection established but no traffic going trough the tunnel.

Thanks for your help!
 
lambert
Long time Member
Long time Member
Posts: 526
Joined: Fri Jul 23, 2010 1:09 am

Re: What L2-VPN should be used?

Tue Apr 10, 2018 10:00 pm

Insufficient requirements listed.

"Which VPN is best?" is likely to a religious question. Many people could be harmed in the overheated arguments about that. It's the same as "vi" vs "emacs".

If you can fully explain what you are trying to accomplish (who should be able to communicate with who and what all the network links are), we *may* be able to give you a few ways to accomplish the task and you can pick the best method for you.
 
n4p
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Wed Nov 25, 2015 9:54 pm

Re: What L2-VPN should be used?

Tue Apr 10, 2018 10:48 pm

I wouldn't think so. Because for L2 VPN the options are limited as far as I know.

What I need is L2 Transparenz between head and substation. And that secure.
The bandwidth I had to go through this tunnel is very small.
Max. 1mbit. (limited by the wan connections)

So what you need more?

 
User avatar
Anumrak
Forum Veteran
Forum Veteran
Posts: 970
Joined: Fri Jul 28, 2017 2:53 pm

Re: What L2-VPN should be used?

Wed Apr 11, 2018 4:20 pm

EoIP over IPsec. If optical links between cities would be yours, then VPLS.
 
n4p
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Wed Nov 25, 2015 9:54 pm

Re: What L2-VPN should be used?

Wed Apr 11, 2018 8:55 pm

Yes I have optical links. But I won't use mpls or vpls.
Today I tried eoip + ipsec secret with rstp and multiple links. It works fine.

I also tried openvpn with tap tunnel and rstp it also works very well. (aes256)

So if I understand you correctly you would prefer eoip over ipsec instead of eoip with ipsec secret.

It would be nice if it would be possible to adjust the encryption with eoip and secret. But you can only use 3des,aes128 and sha1

Thanks!
 
User avatar
Anumrak
Forum Veteran
Forum Veteran
Posts: 970
Joined: Fri Jul 28, 2017 2:53 pm

Re: What L2-VPN should be used?

Thu Apr 12, 2018 10:11 am

I meant EoIP + IPsec secret. Default is sha1/aes128cbc.
 
n4p
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Wed Nov 25, 2015 9:54 pm

Re: What L2-VPN should be used?

Thu Apr 12, 2018 6:14 pm

Is there any possibility to increase the encryption if I use eoip + ipsec secret?

Sha1 is already know as vulnerable. And as far as I know routeros support's sha256 and more.

Thanks

Gesendet von meinem HUAWEI GRA-L09 mit Tapatalk

 
User avatar
Anumrak
Forum Veteran
Forum Veteran
Posts: 970
Joined: Fri Jul 28, 2017 2:53 pm

Re: What L2-VPN should be used?

Fri Apr 13, 2018 12:59 pm

No. Then use custom IPsec profile.
 
n4p
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Wed Nov 25, 2015 9:54 pm

Re: What L2-VPN should be used?

Fri Apr 13, 2018 4:06 pm

So you mean at first ipsec side to side and then over that eoip? Correct?
Thanks!
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 1263
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Randburg
Contact:

Re: What L2-VPN should be used?

Sun Apr 15, 2018 4:47 pm

Why do you want L2? It will mean all broadcasting data will also go across link
MTCNA, MTCTCE, MTCRE & MTCINE
 
User avatar
Anumrak
Forum Veteran
Forum Veteran
Posts: 970
Joined: Fri Jul 28, 2017 2:53 pm

Re: What L2-VPN should be used?

Mon Apr 16, 2018 5:07 pm

So you mean at first ipsec side to side and then over that eoip? Correct?
Thanks!
Correct :)
 
n4p
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 98
Joined: Wed Nov 25, 2015 9:54 pm

Re: What L2-VPN should be used?

Tue Apr 17, 2018 7:19 am

@czfan

Yes I know, that's what I need. I'm running very special components behind the tiks and those need L2 transparency.
Otherwise they need to be rekonfigured an that's a really really hard job now and can issue instability.



Gesendet von meinem HUAWEI GRA-L09 mit Tapatalk

Who is online

Users browsing this forum: No registered users and 8 guests