Well....I configured remote access VPN with L2TP+IPSec. It worked, but
while my client was connected to it I had weird performance issues and
TCP connections dropping. I took a packet capture showing out of order
packets. Someone on this list mentioned there was a bug with IPsec
hardware acceleration on the CCR and the symptom was out of order
packets. I created an identical L2TP+IPSec remote access configuration
on a MIPS routerboard and it works perfectly.
So I guess all I can say with certainty is that my particular L2TP+IPSec
remote access configuration worked for crap on my particular CCR and
that it did work better on a MIPS routerboard, and that this was
predicted by another party who presumably experienced something similar.
Maybe your application doesn't care about out of order packets, or maybe
the bug only presents itself in some configurations.
------ Original Message ------
From: "Dennis Burgess" <[email protected]>
To: "[email protected]" <[email protected]>
Sent: 12/12/2016 10:35:51 AM
Subject: Re: [AFMUG] Easiest VPN on mikrotik
I have IPSEC running on CCRS moving hundreds of megs?
Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE,
MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
Radio Frequiency Coverages: www.towercoverage.com
Office: 314-735-0270
E-Mail: [email protected]
From: Af [mailto:[email protected]] On Behalf Of Adam Moffett
Sent: Friday, December 9, 2016 1:16 PM
To:[email protected]
Subject: Re: [AFMUG] Easiest VPN on mikrotik
And yes Ken, I can attest that IPSec works for crap when the endpoint
is a CCR.
------ Original Message ------
From: "Ken Hohhof" <[email protected]>
To: [email protected]
Sent: 12/9/2016 1:05:28 PM
Subject: Re: [AFMUG] Easiest VPN on mikrotik
You mean no encryption, it would be secured with username/password,
right? Depends on what kind of security he is looking for. It would
be easy enough to set up an IPSEC VPN, the question is CPU load if the
encryption has to be done in software. Also, weren’t there some posts
about problems with hardware based encryption on some Mikrotik
platforms, maybe CCR?
It sounds like you are looking for a client based VPN, not a
site-site VPN? So you need something that will work with a client
that comes with Windows? That sounds like either PPTP or IPSEC.
From: Af [mailto:[email protected]] On Behalf Of Josh Reynolds
Sent: Friday, December 9, 2016 11:49 AM
To:[email protected]
Subject: Re: [AFMUG] Easiest VPN on mikrotik
No security though.
On Dec 9, 2016 11:47 AM, "Tushar Patel" <[email protected]> wrote:
PPTP on mikrotik. It will be same, IP address and username and
password.
Tushar
On Dec 9, 2016, at 11:42 AM, That One Guy /sarcasm
<[email protected]> wrote:
I have a non WISP customer with some cameras they monitor, not
NVR/DVR to speak of yet. The cameras are port forwarded (called
pinholes in their current router) individually, so theyre pretty
much exposed IoT targets.
Im putting a mikrotik in because the Fortigate solution is cost
prohibitive. Fortigates ssl vpn is slick, easy and end user friendly
(for the client)
Whats the easiest VPN/client on a mikrotik. It would be great if it
was as simple as the fortigate, they have a workstation client and
most phone apps, All I need to do is give them an IP/FQDN and their
username and password, its done.
--
If you only see yourself as part of the team but you don't see your
team as part of yourself you have already failed as part of the
team.
