MikroTik

Hello there

We are opening second office and I have a task to make a stable, secured connections between them.

Both offices have 80/8mbit vdsl2 connections.

Now, what would you advise for a VPN: L2TP/IPSec or SSTP?

We have people working remotely using SSTP and Certs and it's work great.

But which one is more stable, have less overhead and it's overall better from your point of view?

Bart

i am using site to site sstp for almost a year with out any problem.
although, SSTP is using more overhead than l2tp but again i did not face any problem.


Sent from my SM-N910C using Tapatalk

SSTP uses TCP as a transport, so it may suffer from TCP-over-TCP meltdown problem, especially taking into account that your channel is somewhat narrow (you're effectively limited to 8 Mbps each way).

For Site-to-site VPN I'd recommend going with the pure policy-based IPsec. Using L2TP over IPsec layer won't give you any advantage here.

One more vote for pure IPsec, at most clients we are running pure IPsec site-to-site MikroTIk->MikroTik and MikroTik->Many other vendors, no problem at all. L2TP and other protocols would be useful if you would run some dynamic routing protocols over site-to-site.

Thank you for your answers. One more thing, both sites have ADSL with dynamic IPs.

Quesion is: Can I use dns names in IPSec configuration instead of static IPs?