Hi
Could someone let me know the best way to route our traffic from remote hotspot sites to our main colo tele house for logging/proxy/content filtering.
Currently we have an X86 ROS box running on a VM ESXI which acts as core router.
Each remote site has a PPTP tunnel (Mikrotik RB450G or better) to the core router (192.168.1.1 being the core router), 192.168.x.1 being the sites.
I now want to send all port 80 traffic from each site through the proxy/content fllter which is set up hanging off one of the X86 ethernet ports.
At present, the remote sites simply run a NAT rule and web proxy to route all traffic to the parent tele house based proxy using its external internet facing IP - works well. However, it does mean running the proxy internet and I'm getting lots of people using it that shouldn't.
Rather than setting up lots of firewall rules to allow each site access, it seems I could simply send everything down a tunnel onto the core router , and from there to the proxy , keeping the proxy on the internal network so to speak.
Would the existing PPTP link be Ok to use, of are there better methods (such as EoIP ) ?
-
-
TheWiFiGuy
Member
- Posts: 351
- Joined:
- Location: UK
-
-
TheWiFiGuy
Member
- Posts: 351
- Joined:
- Location: UK
Re: Best way to route traffic to main proxy server over inte
Anyone? Is PPTP ok to use or is there a better method?
Re: Best way to route traffic to main proxy server over inte
EoIP provides no security whatsoever. PPTP mostly does. Without knowing what kind of requirements you have for the tunnel it's kind of hard to give a recommendation.
Do you need security? That would rule out EoIP.
Do you need broadcast and multicast packets to traverse the tunnel? That would rule out IPsec without an underlying, wrapped tunnel in addition to IPsec.
And so on.
Do you need security? That would rule out EoIP.
Do you need broadcast and multicast packets to traverse the tunnel? That would rule out IPsec without an underlying, wrapped tunnel in addition to IPsec.
And so on.
-
-
TheWiFiGuy
Member
- Posts: 351
- Joined:
- Location: UK
Re: Best way to route traffic to main proxy server over inte
Hi Fewi
No security required whatsoever, its simply a way to get port 80 traffic from a wifi hotspot at the remote site to port 8080 on our proxy server at the colo. Id prefer to keep the proxy server on an internal IP address at the COLO , rather than run it on the WAN with firewall rules for each site, as some sites have dynamic WAN addresses.
By throwing it all down a pptp tunnel i can just set up a pptp client on the remote sites and I'm good to go.
If PPTP is ok, i'll use that , as each site already has a routed pptp link to the core router anyhow for managment.
No security required whatsoever, its simply a way to get port 80 traffic from a wifi hotspot at the remote site to port 8080 on our proxy server at the colo. Id prefer to keep the proxy server on an internal IP address at the COLO , rather than run it on the WAN with firewall rules for each site, as some sites have dynamic WAN addresses.
By throwing it all down a pptp tunnel i can just set up a pptp client on the remote sites and I'm good to go.
If PPTP is ok, i'll use that , as each site already has a routed pptp link to the core router anyhow for managment.
Re: Best way to route traffic to main proxy server over inte
You could use PPTP - but if you don't need security you may want to evaluate how much traffic you are going to push down the tunnel. PPTP has encryption, which uses more CPU resources than a non-encrypted link. Maybe use the built in bandwidth test tool down the PPTP tunnel during off hours to simulate the amount of traffic you expect, and evaluate if your routers can handle it or if it would be better to build additional EoIP tunnels instead to save on CPU cycles.