Community discussions

MikroTik App
 
atakacs
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Mon Mar 07, 2016 5:39 pm

Best site to site sertup

Thu Nov 25, 2021 10:16 pm

I’d be interested to hear about your opinion about the best protocol to use to site to site VPN.

This is Mikrotik to Mikrotik.
Each side has multiple subnets.

By “best” I mean
  1. Easy to setup
  2. Performance
  3. Reliability

I have a few IPSec setups that work but

  1. I find them rather hard to setup - and some just won’t work for some reason
  2. Performance is “good enough” when using CCR
  3. Reliability is NOT that great - I’d say I have a “hang” (tunnel up but no traffic) every 2 weeks or so. Not terrible but definitely could be better.

Many thanks in advance for your feedback
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19176
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Best site to site sertup

Fri Nov 26, 2021 3:14 pm

Wireguard for the untrained,
Ipsec VPN works great for those that are trained.
 
atakacs
Member Candidate
Member Candidate
Topic Author
Posts: 121
Joined: Mon Mar 07, 2016 5:39 pm

Re: Best site to site sertup

Fri Nov 26, 2021 3:23 pm

Thanks - didn't realise Wireguard was now proposed by RouterOS.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19176
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Best site to site sertup

Fri Nov 26, 2021 5:02 pm

Only on the beta firmware but they are up to RC7 I think. Its getting refined..........
 
spynappels
Member Candidate
Member Candidate
Posts: 106
Joined: Mon Oct 25, 2021 12:32 pm
Location: Northern Ireland
Contact:

Re: Best site to site sertup

Fri Nov 26, 2021 6:21 pm

I have several point to point WireGuard tunnels running on RC6 and have had no issues with them at all.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Best site to site sertup

Fri Nov 26, 2021 9:04 pm

I can't complain about IPSec for site to site.

1) It may not be easy and intuitive at first, but once you figure it out, it's ok.
2) AFAIK it's the only hardware accelerated VPN in RouterOS (if CPU supports it), so you can't get better performance from anything else. I didn't yet compare it with Wireguard, it should have good performance too, but I'd guess that not as good as accelerated IPSec (correct me if I'm wrong).
3) Reliability is mostly good. I had problems with that only few times, when ISP was doing some weird filtering, but there it didn't work from the start. If it does work, it's set it & forget it.

Who is online

Users browsing this forum: NLH and 40 guests