Community discussions

 
virtman
newbie
Topic Author
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

SSTP Mikrotik-to-Mikrotik with RC4

Wed Mar 01, 2017 2:15 pm

Hi,

I like to use SSTP for a VPN over TCP, as it uses only one TCP port and it's very easy to setup. Now I have running one VPN of this kind, but I don't know how to change the ENCRYPTION algorithm. I like to use RC4 (aka Arcfour128) as it's less CPU consuming than AES256 (the default). In the documentation is described that Windows clients using SSTP connect to the Mikrotik server using RC4. So, I can assume that RC4 is supported. Then, how to force RC4 between two Mikrotik routers?

I wait for your comments.
Regards.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: SSTP Mikrotik-to-Mikrotik with RC4

Wed Mar 01, 2017 2:20 pm

SSTP will always try to use AES. It will try to switch to RC4 only if AES fails. There is no configuration option to force RC4 on RouterOS.
 
virtman
newbie
Topic Author
Posts: 31
Joined: Mon Dec 12, 2016 11:31 am

Re: SSTP Mikrotik-to-Mikrotik with RC4

Wed Mar 01, 2017 2:32 pm

SSTP will always try to use AES. It will try to switch to RC4 only if AES fails. There is no configuration option to force RC4 on RouterOS.
So, I think this can be improved... AES uses much more CPU than RC4. Why not include the option for forcing RC4?
Perhaps the best solution is provide the option for selecting a list of enabled algorithms, like: RC4->AES256->AES512.

You will consider it?
 
mpreissner
Member
Member
Posts: 356
Joined: Tue Mar 11, 2014 11:16 pm
Location: Columbia, MD

Re: SSTP Mikrotik-to-Mikrotik with RC4

Wed Mar 01, 2017 3:02 pm

I would recommend against anything meant to intentionally weaken encryption. RC4 is a deprecated protocol. All the major browsers and OS's have dropped support for it. If you're concerned about AES eating up too much CPU, then use a stronger router. The cost is inconsequential compared to the cost of a security breach.
Michael Preissner
CISSP, CCSP, CEH, PMP

Who is online

Users browsing this forum: No registered users and 96 guests