Community discussions

MUM Europe 2020
 
slech
Long time Member
Long time Member
Topic Author
Posts: 534
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Mikrotik RB1200 as VPN Solution

Wed Nov 16, 2011 11:29 pm

Hello Everyone.
I tried RouterBoard 1200 as VPN Solution for our Office.
Test was produced between RB1200 and Windows7 Ultimate SP1 Pro and Windows XP SP3 Home and Ubunru 9.10.
For speed testing I used iperf and wget:
Server: iperf.exe -s
Client: iperf.exe -c 192.168.0.2 -P 15 -w 10000
#
wget ftp://test:test@192.168.0.22/routeros-5.8.arc
#2011-11-16 23:01:30 (3.14 MB/s) - `routeros-5.8.arc' saved [81351895]
RB1200
Anyone have a RB1200 in a rack?
Restart RB1200 every day, aleatory - resolved !
RB1200 ROS 5.0 - up to 5.5 - randomly reboots (BGPv4 and v6) - resolved !
RouterBoard 1200
Hardware error RB1200
RB1200 PPPoE Server
RB1200 IPSec perfomance issue

Genaral VPN issues
VPN clients and DNS Suffix
dns problem for incomming vpn users
pptp vpn client connection - dns suffix ?

PPTP Server

L2TP Server
L2TP have trouble with Windows XP behind NAT. Also is not possible to connect two client from one NAT'ed location.
NAT-T & IPSec Issues still exist
MTik L2TP/IPSec VPN server for Win clients behind NAT
L2TP/ipsec problems with windows 7 / vista when behind NAT

SSTP Server
SSTP: sstp-client for linux not working properly?

OpenVPN Server
Open VPN in ROS not supporting now:
1. Certificate based authentication.
2. UDP.
3. Compression.
4. Push route.
Configuring OpenVPN
Feature Request: OpenVPN [ovpn] udp tunnels
OpenVPN - TCP
OPEN VPN PUSHING ROUTES
Sometimes I enabled OpenVPN but it works only after RB reboot :(

Maybe this is not a good idea to switch or current OpenVPN Server on CentOS to RB1200 ?
Can someone share their experience ?

Thank you.
You do not have the required permissions to view the files attached to this post.
Last edited by slech on Wed Mar 28, 2012 10:19 am, edited 18 times in total.
sorry for my english
 
slech
Long time Member
Long time Member
Topic Author
Posts: 534
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: RB1200 as VPN Solution

Thu Nov 17, 2011 12:01 am

Attached RB1200-As-VPN-Solution.xlsx
You do not have the required permissions to view the files attached to this post.
Last edited by slech on Tue Mar 27, 2012 11:17 pm, edited 1 time in total.
sorry for my english
 
snoms
just joined
Posts: 17
Joined: Tue Nov 30, 2010 1:15 pm

Re: RB1200 as VPN Solution

Sat Dec 03, 2011 7:47 am

Thaank you very much for your work. I really expected to see higher numbers on the RB1200. I still have some Cisco 3000 VPN concentrators working which I wanted to replace. But I definitely need more throughput. Looking at Mikrotik´s support for SSTP, I reaaly considered those. Well, it would be interesting to see what VPN throughput the RB1100AHx2 will have.
An alternate solution would be to use Windows Server 2008 R2 (enterprise) on a 1HE Intel Xeon E3-1230 based server, where one could use PPtP, SSTP and L2TP/IPSec (with e.g. certificate based authentication).
 
User avatar
macgaiver
Forum Guru
Forum Guru
Posts: 1730
Joined: Wed May 18, 2005 5:57 pm
Location: Sol III, Sol system, Sector 001, Alpha Quadrant

Re: RB1200 as VPN Solution

Mon Dec 05, 2011 8:55 am

I have several questions:

1) do you run tests from and to the router or through the router? - it must be through
2) Do you single or multiple simultaneous TCP connections? - it must be multiple TCP or UDP, to avoid protocol limitation.
3) Are you sure there are no MTU (MSS) problems with setups?
With great knowledge comes great responsibility, because of ability to recognize id... incompetent people much faster.
 
slech
Long time Member
Long time Member
Topic Author
Posts: 534
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: RB1200 as VPN Solution

Mon Dec 05, 2011 2:28 pm

macgaiver
1) do you run tests from and to the router or through the router? - it must be through
RB1200 as VPN solution. I tested it as VPN Server.
Speed test was performed through VPN on RB1200.
Client --- Internet ---- RB1200 ---- LAN ---- Server
2) Do you single or multiple simultaneous TCP connections? - it must be multiple TCP or UDP, to avoid protocol limitation.
As described in the first post i used iperf:
Client: iperf.exe -c 192.168.0.2 -P 15 -w 10000
-P, --parallel # number of parallel client threads to run
In my case P=15.
3) Are you sure there are no MTU (MSS) problems with setups?
How I can verify this ?

Can you share you experience with RB1200 ?
sorry for my english
 
User avatar
otgooneo
Trainer
Trainer
Posts: 570
Joined: Tue Dec 01, 2009 3:24 am
Location: Mongolia
Contact:

Re: RB1200 as VPN Solution

Fri Dec 09, 2011 3:45 am

As far as I know RB1200 has serious issues.

1. When total traffic is 100kbps and cpu usage is 1%, ICMP latency still 17-18ms.
2. Low ipsec performance: Using AES-128 and MD5, TCP traffic max 20-30Mbps. At this moment, CPU usage is not high and packet loss occurs.
3. If I create IPSec tunnel for dst-address=0.0.0.0/0 src-address=192.168.100.0/24, after tunnel establishes can`t access from 192.168.100.0/24 network to 192.168.100.1, which is address of RB1200. Also routerboard can`t access to 192.168.100.0/24 network. But if I try to access to remote network from 192.168.100.0/24, it is okay. No problem. Also from my remote network can access to 192.168.100.0/24 network.
----------------------------
Want to learn more and more...
 
slech
Long time Member
Long time Member
Topic Author
Posts: 534
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: Mikrotik RB1200 as VPN Solution

Mon Mar 05, 2012 4:31 pm

Great news ! SSTP Client on linux
SSTP: sstp-client for linux not working properly?
sorry for my english

Who is online

Users browsing this forum: Google [Bot] and 20 guests