Community discussions

 
User avatar
metron6
newbie
Topic Author
Posts: 41
Joined: Sat Nov 16, 2013 3:41 pm

Which VPN type to choose..

Fri Jul 20, 2018 6:34 pm

Hello all,

I want to create a VPN cloud Mt router, connected to our Local Mt router, so other Mikrotik routers and individual devices can connect and join the network.
You can see in the picture what i want to do.. My question is, what type of VPN to use ?
I have now some laptops with l2tp vpn, but when they are in some hotels, etc., they cant connect..
I configured a Mikrotik router to connect, but when the customer took it to his local network, it was not working.. Probably his ISP was firewalling vpns..

what's your opinion on this.. Except site2site connections with Mt Routers, i have customers with mobile phones, tablets, laptops, etc..

embryolab2.png
You do not have the required permissions to view the files attached to this post.
Mikro-tickling since 2003...
http://twmn.net
 
Paternot
Long time Member
Long time Member
Posts: 573
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: Which VPN type to choose..

Fri Jul 20, 2018 6:52 pm

The bullet prof option (connection wise) is OpenVpn. It transverses NAT and double NAT without problems. You can pile any number of clients behind a single NATed IP, and it will work . It has clients to Windows, Linux, Android, MacOS and (I think) IoS.

But it is not without problems.

1) Mikrotik doesn't do hardware acceleration. So, the CPU usage is higher.
2) Mikrotik implementation is TCP only. This gives You a slower speed than would be achievable with a UDP solution.
3) Mikrotik implementation doesn't have compression, so it's more bandwidth usage than with compression.
4) The only way to use IPv6 inside an OpenVpn tunnel is using the TAP interface, and attaching it to a bridge. But this is a layer 2 interface, so you don't get client isolation.

The efficient option would be IPsec. You can use it pure or encapsulate something in it. L2TP/IPsec is quite popular. It is UDP, fast, has hardware acceleration and works very well.

But it is not without problems.

1) The setup is more complex
2) Doesn't play very well with single NAT, and double NAT is out of the question.
3) You can't just pile how many clients You want, behind a single NATed IP.
4) Sometimes it gets blocked by firewalls. This can be a problem for your road warriors.

There are some other options. I'm sure someone will help with them here.
 
User avatar
AlainCasault
Trainer
Trainer
Posts: 587
Joined: Fri Apr 30, 2010 3:25 pm
Location: Laval, QC, Canada
Contact:

Re: Which VPN type to choose..

Fri Jul 20, 2018 7:23 pm

One thing to point out also is if the hotel or other site you're at when launching the vpn has the same ip addresses as you, that would cause problems. That might explain why it would not work on occasions.

Sent from Tapatalk

___________________________
Alain Casault, Eng.
If I helped you, let me know!
 
User avatar
metron6
newbie
Topic Author
Posts: 41
Joined: Sat Nov 16, 2013 3:41 pm

Re: Which VPN type to choose..

Fri Jul 20, 2018 7:32 pm

Some providers, here in Greece, are not allowing pptp connections.. This started to happen a month ago..
I had many customer's routers connected to my CHR router and suddenly ..no connections..
I changed to l2tp, but i don't know for how long they will allow it..

As far as i understood, Openvpn is one-way solution and if Mt adds udp and compression, it will be the only solution :)

thank you all for the support..
Mikro-tickling since 2003...
http://twmn.net

Who is online

Users browsing this forum: No registered users and 52 guests