Hello ,
I'm looking for mikrotik router to replace my current Cisco VPN router. It should be able to provide (OpenVP) site-to-site for about 30 clients and about 5-6 mobile VPN client ( 100M/100M traffic).
Hadware acceleration would be in advance. Are CCR1009-7G or CCR1016-12G good enough ?
Thank you ,
Tanyo
Re: Which mikrotik router for OpenVPN
To date none of the Mikrotik routers supports hardware encryption for OpenVPN, those which do have CPUs with hardware encryption can currently only use it for IPsec.
In addition to that, RouterOS only supports TCP transport for OpenVPN, so the network between the clients and the server must have enough capacity and quality not to drop packets. As soon as packets get dropped and retransmissions become necessary, the connections over any VPN using TCP transport become very bad. So if you prefer Mikrotik, use IPsec (and benefit from the hardware acceleration by choosing a model like hAP ac² or hEX S); if you prefer OpenVPN, don't use Mikrotik.
In addition to that, RouterOS only supports TCP transport for OpenVPN, so the network between the clients and the server must have enough capacity and quality not to drop packets. As soon as packets get dropped and retransmissions become necessary, the connections over any VPN using TCP transport become very bad. So if you prefer Mikrotik, use IPsec (and benefit from the hardware acceleration by choosing a model like hAP ac² or hEX S); if you prefer OpenVPN, don't use Mikrotik.
Re: Which mikrotik router for OpenVPN
currently (in ROS 6) no HW acceleration.
if you want to push 100/100mbps via OpenVPN i recommend 1100AHx4 what has a quad core 1400MHz CPU (what also can be overclocked with 20% - no problem if you have proper cooling of rack).
more MHz is better than more cores in this, so 1100AHx4 would be better if you have few clients doing more speed.
CCR1009 (active cooling) may would be better with more clients, less speed per client.
if you want to push 100/100mbps via OpenVPN i recommend 1100AHx4 what has a quad core 1400MHz CPU (what also can be overclocked with 20% - no problem if you have proper cooling of rack).
more MHz is better than more cores in this, so 1100AHx4 would be better if you have few clients doing more speed.
CCR1009 (active cooling) may would be better with more clients, less speed per client.
Re: Which mikrotik router for OpenVPN
I would strongly advise against OpenVPN on Mikrotik for the above reasons. Performance is very poor with TCP-in-TCP, see http://sites.inka.de/bigred/devel/tcp-tcp.html for explanations.
Re: Which mikrotik router for OpenVPN
Since 2010, Mikrotik is no longer developing their OpenVPN implementation. Expect the limitations to be permanent. Use IPSec, or GRE/IPSec if you want an interface to work with (I think Cisco supports GRE/IPSec?)
Re: Which mikrotik router for OpenVPN
I easily can pass ~120mbps TCP traffic, what would answer _this_ question.I would strongly advise against OpenVPN on Mikrotik for the above reasons. Performance is very poor with TCP-in-TCP, see http://sites.inka.de/bigred/devel/tcp-tcp.html for explanations.
Re: Which mikrotik router for OpenVPN
Don´t use Mikrotik for substitute the Cisco VPN.
Good luck if you want to use Mikrotik with IPSec Hardware Accelerate for VPN site-to-site.
Choose the best hardware and multiple for 4.
configure only the basic manuals, do not try to reinvent, nor try to use dynamic routing.
Good luck if you want to use Mikrotik with IPSec Hardware Accelerate for VPN site-to-site.
Choose the best hardware and multiple for 4.
configure only the basic manuals, do not try to reinvent, nor try to use dynamic routing.
Re: Which mikrotik router for OpenVPN
So, no way to substitute my current site-to-site Cisco EZVPN with Mikrotik VPN solution ?
Re: Which mikrotik router for OpenVPN
There is, but OpenVPN is not the best choice. IPsec with or without a GRE tunnel is the best setup in Mikrotik context.