Community discussions

MikroTik App
 
a13antichrist
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

Topology help - what should go where? (for best VPN performance ;) )

Fri Dec 25, 2020 10:37 pm

First, hi :)
Second, am very new to ROS, but have business experience in configuring networks incl. site-to-site IKEv2. Not any fancy routing or ISP setups though.

I am trying to piece together my home network in a sensible way - ultimate aim is to get the best throughput from my commercial VPN, at this point [REDACTED].

Here are the pieces I have:

- Mikrotik CRS-326 running ROS
- TP-Link Archer C2600 running OpenWRT
- Netgear R7800 running DDWRT
- Netgear R7000 running DDWRT
- D-link 868L running DDWRT
And also here, but trying to avoid using:
- Dell Powerconnect6248 w/ 2x twin 10Gb SFP+ modules (uses 80W at idle :E)
- Watchguard XTM 330 (noisy)

Internet connection 500/40. I'll be leaving the ISP modem in full mode in order to provide a Guest Wifi at this level.

So basically one of these guys needs to run the VPN tunnel. Or should I pick up an extra RB750Gr3 for example and let that handle all the VPN deals?

THanks in advance..
 
a13antichrist
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

Re: Topology help - what should go where? (for best VPN performance ;) )

Wed Dec 30, 2020 6:58 am

Thought designing something would be fun.. :/
 
mada3k
Member
Member
Posts: 308
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Topology help - what should go where? (for best VPN performance ;) )

Wed Dec 30, 2020 10:35 am

What kind of VPN tunnel?

I run a IPSec between two RB750Gr3. Basiclly maxes out the Internet connection.
Manages some CCR's, RB750Gr3, RB922 and wAP's
 
a13antichrist
just joined
Topic Author
Posts: 11
Joined: Fri Dec 25, 2020 9:21 pm

Re: Topology help - what should go where? (for best VPN performance ;) )

Tue Jan 05, 2021 8:19 pm

Commercial provider.. no Wireguard as yet.. I believe it's in the works though.

What speed is your connection? Any idea what an x86 with AES-NI will do on OpenVPN/WG? Guess I should be looking to the future...
 
mada3k
Member
Member
Posts: 308
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Topology help - what should go where? (for best VPN performance ;) )

Wed Jan 06, 2021 11:00 am

Okay, So not a site to site VPN but a commercial VPN breakout service. I run a site to site between two locations.

Well, openvpn works great with AES-NI on Linux, but OpenVPN is generally slow.
Wireguard can't use AES-NI at all (different ciphers). Router OS 7 will have Wireguard support.
Manages some CCR's, RB750Gr3, RB922 and wAP's
 
mkx
Forum Guru
Forum Guru
Posts: 5262
Joined: Thu Mar 03, 2016 10:23 pm

Re: Topology help - what should go where? (for best VPN performance ;) )

Wed Jan 06, 2021 11:29 am

BTW, the only ROS-running gadget from the list (CRS-326) doesn't have any HW support for encryption and a pretty slow CPU. So it will suck as VPN end-point big time regardless the VPN type chosen. And that's not likely to improve with ROS v7.
BR,
Metod

Who is online

Users browsing this forum: No registered users and 56 guests