ah...so you're saying it's not IPSec issue per se?
Do you know which encryption types are hardware accelerated?
------ Original Message ------
From: "Mike Hammett" <[email protected]>
To: [email protected]
Sent: 12/12/2016 1:48:39 PM
Subject: Re: [AFMUG] Easiest VPN on mikrotik
If you change the cipher to one that's not hardware encrypted, that
problem goes away, replaced with a new problem of CPU capacity.
-----
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
--------------------------------------------------------------------------------
From: "George Skorup" <[email protected]>
To: [email protected]
Sent: Monday, December 12, 2016 12:46:12 PM
Subject: Re: [AFMUG] Easiest VPN on mikrotik
MT made L2TP+IPsec w/ pre-shared key painless to configure around v6.30
or 6.32, somewhere in there. In winbox, PPP > LT2P Server, check Use
IPsec and fill in the IPsec Secret field. That's your pre-shared key.
No more manual IPsec config, all of that is handled dynamically now. So
it's just as easy to set up as PPTP.
I'm still running this on our NOC CCR for remote access, and yes, the
out of order packet issue is a problem especially with HTTPS, but I'm
not going back to PPTP.
If MT was smart, they would let us bypass the h/w accelerated
encryption and let it gobble up one of the 36 unused CPU cores. I don't
really care. At least that's an interim solution.
On 12/12/2016 10:42 AM, Jon Bruce wrote:
+1
It's right up there with WEP or locking your screen door.
Is OpenVPN an option on Mikrotik? I've run it for years on pfSense
and stand-alone and love it. Failing that, IPSec with a decent client
like Greenbow has also worked easily and well.
All of that being said, is easy what is best with security?
On 12/12/2016 11:30 AM, Mike Hammett wrote:
Not well.
-----
Mike Hammett
Intelligent Computing Solutions
Midwest Internet Exchange
The Brothers WISP
--------------------------------------------------------------------------------
From: "Dennis Burgess" mailto:[email protected]
To: [email protected]
Sent: Monday, December 12, 2016 9:35:51 AM
Subject: Re: [AFMUG] Easiest VPN on mikrotik
I have IPSEC running on CCRS moving hundreds of megs?
Dennis Burgess – Network Solution Engineer – Consultant
MikroTik Certified Trainer/Consultant – MTCNA, MTCRE, MTCWE, MTCTCE,
MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
Radio Frequiency Coverages: www.towercoverage.com
Office: 314-735-0270
E-Mail: [email protected]
From: Af [mailto:[email protected]] On Behalf Of Adam Moffett
Sent: Friday, December 9, 2016 1:16 PM
To:[email protected]
Subject: Re: [AFMUG] Easiest VPN on mikrotik
And yes Ken, I can attest that IPSec works for crap when the endpoint
is a CCR.
------ Original Message ------
From: "Ken Hohhof" <[email protected]>
To: [email protected]
Sent: 12/9/2016 1:05:28 PM
Subject: Re: [AFMUG] Easiest VPN on mikrotik
You mean no encryption, it would be secured with username/password,
right? Depends on what kind of security he is looking for. It
would be easy enough to set up an IPSEC VPN, the question is CPU
load if the encryption has to be done in software. Also, weren’t
there some posts about problems with hardware based encryption on
some Mikrotik platforms, maybe CCR?
It sounds like you are looking for a client based VPN, not a
site-site VPN? So you need something that will work with a client
that comes with Windows? That sounds like either PPTP or IPSEC.
From: Af [mailto:[email protected]] On Behalf Of Josh Reynolds
Sent: Friday, December 9, 2016 11:49 AM
To:[email protected]
Subject: Re: [AFMUG] Easiest VPN on mikrotik
No security though.
On Dec 9, 2016 11:47 AM, "Tushar Patel" <[email protected]> wrote:
PPTP on mikrotik. It will be same, IP address and username and
password.
Tushar
On Dec 9, 2016, at 11:42 AM, That One Guy /sarcasm
<[email protected]> wrote:
I have a non WISP customer with some cameras they monitor, not
NVR/DVR to speak of yet. The cameras are port forwarded (called
pinholes in their current router) individually, so theyre pretty
much exposed IoT targets.
Im putting a mikrotik in because the Fortigate solution is cost
prohibitive. Fortigates ssl vpn is slick, easy and end user
friendly (for the client)
Whats the easiest VPN/client on a mikrotik. It would be great if
it was as simple as the fortigate, they have a workstation client
and most phone apps, All I need to do is give them an IP/FQDN and
their username and password, its done.
--
If you only see yourself as part of the team but you don't see
your team as part of yourself you have already failed as part of
the team.
