Hello.

It is possible to encrypt a nstreme2-connection with WPA or anything else, which is not demanding for "much" cpu power?

I can't use security profiles for wlan interfaces, because "Many parameters from /interface wireless menu are ignored, using the nstreme2" (documentation of Nstreme2 Group Settings). And security profiles are not available at the nstreme interface. (Mikrotik version 2.9.30.)

IPSec needs to much cpu power, because we are useing RouterBoards with limited cpu power.

How do you encrypt your nstreme2 connections?

Thanks in advance for any helping hints.
Insel

I'm not really sure that you can set any encryption at all.
If it's a dual link running nstreme it's going to be really hard to figure out whats going over that link anyway.
You've got one channel for the tx and one for the rx so thats going to be hard to sniff in a usable way and then your running as a point to point so they can't connect to it and your also running a very obscure protocol.
I'm not sure you would need it. But I guess it's better to have it then not if you get hacked. At least you could say you had it encrypted so no fingers point back to you.

Anyway, what tcp speeds do you get through that link.
bandwidth test receive/send/both?

you could always find some kind of mini-itx board 1ghz+ board and do the ipsec...or try a vpn tunnel and see how that is on load...i know i have a vpn server to vpn client, RB532 to RB 532 (Wired OVer the internet) connection and i can push 15mbit /sec across that vpn tunnel and see 50% cpu usage on the snmp cpu util graphs.

how much bw do you need to deliver?


EDIT: or buy a 2nd 532 and see if you can mount that some where (they are small) and have that do the encryption and leave the NS2 and wifi to the other one.

I use Nstreme2 with WPA2 encyrption.
To encrypt you just set the security profile in the wireless device settings.
I believe you can actually set 2 different encryption profiles, one for rx, and one for tx if you so desired.

First: Thanks for your fast replies. I was quite busy developing and testing some solutions and don't have comparable bandwidth results right now.

What I have now:
- One configuration with Nstreme2, PPTP and EoIP
- An other configuration (ap-station) with WPA2 and EoIP.

I'll write a little bit more about the Nstreme2-configuration if I have more time to do this.

A few things, which could be helpfull to others to optimize their configuration:

- If you don't need connection tracking (enabled by default): I got more Mbps with an other testsystem (ethernet configuration) without it.
Disabled it with "/ip firewall connection tracking set enabled=no"
See http://www.mikrotik.com/docs/ros/2.9/ip/flow#6.35.3

- The RB500 is runnung with 264 MHz by default. You can try to increase speed to 330 MHz within the RB500-BIOS.
See Users Manual on http://www.routerboard.com/rb500.html ("Changing CPU Frequency")

Insel

As promised my Nstreme2 configuration:

Two Mikrotik systems: 10.10.0.120 and 10.10.0.121

Step by step (networking/connection have to work after each step)

Configured Nstreme2 between the two systems. IP-Adresses for the nstreme-interfaces: 172.16.0.120 (on 10.10.0.120) and 172.16.0.121 (on 10.10.0.121).

PPTP-Server on 10.10.0.121, Client on 10.10.0.120.
The client connects to 172.16.0.121 (remote nstreme2 interface).
IP-Addresses assigned: 10.10.103.1 (PPTP server IP address) and 10.10.103.2 (PPTP client)

Static routes:
- On the system with PPTP client (10.10.0.120):
Destination: 10.10.0.121 (remote system)
Gateway: 10.10.103.1 (remote PPTP-interface)
Pref. Src: 10.10.103.2 (local PPTP-interface)
- On the system with PPTP server (10.10.0.121):
Destination: 10.10.0.120
Gateway: 10.10.103.2
Pref. Src: 10.10.103.1

Bridge between ethernet and one EoIP-interface.
IP address of that bridge: 10.10.0.120 (and 10.10.0.121 on the other system).
Remote address for EoIP is 10.10.0.121 (and 10.10.0.120 on the other system).

That's Nstreme2, secured by PPTP. But I think, we'll use the combination AP-Station with WPA2 because of required cpu power by this solution.

insel