Community discussions

MikroTik App
 
Kekegenkai
just joined
Topic Author
Posts: 1
Joined: Wed Jun 09, 2021 2:37 pm

Hardware based secured virtual connexion

Wed Jun 09, 2021 2:50 pm

Hello everyone,
I am the guy who manage the information infrastructure of a very small business. Mainly for security all my network is not cennected to internet. Due to the covid I would like to allow some colleagues to work at home with a PC joined to the domain. In fact I would like to create a kind of secured virtual ethernet cable between the company and the user's PC, all this without any leak between the internet side and the "out of internet" side, both at the office and at the user's home.
I tried to make a diagram showing what I want to do:
Image

Is it possible to do that, knowing I don't have advanced skills?
Thank you very much for your advice.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Hardware based secured virtual connexion

Wed Jun 09, 2021 3:20 pm

Is possible to do that: YES

Is it possible to do that, knowing I don't have advanced skills?
Sorry, no.
Hire someone.
It's too complicated whit this premises...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hardware based secured virtual connexion

Wed Jun 09, 2021 4:59 pm

What I would recommend is Wireguard but thats in beta only so not available as its doable/ easy enough / to get you where you need to be ........ DONT RECOMMEND using beta firmware for work, or even stable (prefer long term version).
Anything else I agree you need professional help.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Hardware based secured virtual connexion

Wed Jun 09, 2021 5:06 pm

If your network structure was used to external attacks, there would be no problem.
But if you have never thought of exposing it on the Internet, even putting it in part,
on a single PC that goes on the Internet before making the VPN, is extremely risky.

It is, to stay on the subject with anav, as when the "Conquistadores" met the indigenous Americans for the first time,
they killed many with the now banal viruses to which the European population was now "accustomed" ...
 
mada3k
Long time Member
Long time Member
Posts: 687
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Hardware based secured virtual connexion

Wed Jun 09, 2021 6:07 pm

Yes, of course it's possible!

1) With L2 EoIP-tunnels and Bridges
2) With L3 IPIP/GRE-tunnels and VRF

One issue may be that your "hub" site is behind NAT(?), this may cause issues with tunnels and IPSec in general.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Hardware based secured virtual connexion

Wed Jun 09, 2021 7:27 pm

Good advice!! Eoip is Mikrotiks proprietary method of sharing LANs across the net so as long as you have two MT routers at either end, good to go.
However you should put a layer of encryption on it.
https://help.mikrotik.com/docs/display/ROS/EoIP

Who is online

Users browsing this forum: mkx, norepto, svh79 and 73 guests