Community discussions

 
lotnybartek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Wed Apr 16, 2014 3:22 pm

Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?

Tue Nov 29, 2016 10:24 am

Hello there

We are opening second office and I have a task to make a stable, secured connections between them.

Both offices have 80/8mbit vdsl2 connections.

Now, what would you advise for a VPN: L2TP/IPSec or SSTP?

We have people working remotely using SSTP and Certs and it's work great.

But which one is more stable, have less overhead and it's overall better from your point of view?

Bart
 
User avatar
razavim
Trainer
Trainer
Posts: 99
Joined: Sun Sep 27, 2015 1:43 pm
Location: Turkey
Contact:

Re: Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?

Tue Nov 29, 2016 2:23 pm

i am using site to site sstp for almost a year with out any problem.
although, SSTP is using more overhead than l2tp but again i did not face any problem.


Sent from my SM-N910C using Tapatalk
MikroTik Trainer
Drone Developer
Artificial Intelligence(Deep Neural Network)
 
andriys
Forum Guru
Forum Guru
Posts: 1186
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?

Tue Nov 29, 2016 2:40 pm

SSTP uses TCP as a transport, so it may suffer from TCP-over-TCP meltdown problem, especially taking into account that your channel is somewhat narrow (you're effectively limited to 8 Mbps each way).

For Site-to-site VPN I'd recommend going with the pure policy-based IPsec. Using L2TP over IPsec layer won't give you any advantage here.
 
tr00g33k
Frequent Visitor
Frequent Visitor
Posts: 84
Joined: Sun Mar 29, 2015 3:58 pm

Re: Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?

Tue Nov 29, 2016 6:06 pm

One more vote for pure IPsec, at most clients we are running pure IPsec site-to-site MikroTIk->MikroTik and MikroTik->Many other vendors, no problem at all. L2TP and other protocols would be useful if you would run some dynamic routing protocols over site-to-site.
 
lotnybartek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 95
Joined: Wed Apr 16, 2014 3:22 pm

Re: Connect Two RB2011 via VPN tunnel. L2TP/IPSEC or SSTP?

Tue Nov 29, 2016 11:31 pm

Thank you for your answers. One more thing, both sites have ADSL with dynamic IPs.

Quesion is: Can I use dns names in IPSec configuration instead of static IPs?

Who is online

Users browsing this forum: MSN [Bot] and 129 guests