If you change the cipher to one that's not hardware encrypted, that
problem goes away, replaced with a new problem of CPU capacity.
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"George Skorup" <[email protected] <mailto:[email protected]>>
*To: *[email protected] <mailto:[email protected]>
*Sent: *Monday, December 12, 2016 12:46:12 PM
*Subject: *Re: [AFMUG] Easiest VPN on mikrotik
MT made L2TP+IPsec w/ pre-shared key painless to configure around
v6.30 or 6.32, somewhere in there. In winbox, PPP > LT2P Server,
check Use IPsec and fill in the IPsec Secret field. That's your
pre-shared key. No more manual IPsec config, all of that is handled
dynamically now. So it's just as easy to set up as PPTP.
I'm still running this on our NOC CCR for remote access, and yes,
the out of order packet issue is a problem especially with HTTPS,
but I'm not going back to PPTP.
If MT was smart, they would let us bypass the h/w accelerated
encryption and let it gobble up one of the 36 unused CPU cores. I
don't really care. At least that's an interim solution.
On 12/12/2016 10:42 AM, Jon Bruce wrote:
+1
It's right up there with WEP or locking your screen door.
Is OpenVPN an option on Mikrotik? I've run it for years on
pfSense and stand-alone and love it. Failing that, IPSec with a
decent client like Greenbow has also worked easily and well.
All of that being said, is easy what is best with security?
On 12/12/2016 11:30 AM, Mike Hammett wrote:
Not well.
-----
Mike Hammett
Intelligent Computing Solutions <http://www.ics-il.com/>
<https://www.facebook.com/ICSIL><https://plus.google.com/+IntelligentComputingSolutionsDeKalb><https://www.linkedin.com/company/intelligent-computing-solutions><https://twitter.com/ICSIL>
Midwest Internet Exchange <http://www.midwest-ix.com/>
<https://www.facebook.com/mdwestix><https://www.linkedin.com/company/midwest-internet-exchange><https://twitter.com/mdwestix>
The Brothers WISP <http://www.thebrotherswisp.com/>
<https://www.facebook.com/thebrotherswisp>
<https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg>
------------------------------------------------------------------------
*From: *"Dennis Burgess" mailto:[email protected]
*To: *[email protected]
*Sent: *Monday, December 12, 2016 9:35:51 AM
*Subject: *Re: [AFMUG] Easiest VPN on mikrotik
I have IPSEC running on CCRS moving hundreds of megs?
*/_Dennis Burgess_/**–**Network Solution Engineer –
Consultant ***
MikroTik Certified Trainer/Consultant
<http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5>
– MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE
For Wireless Hardware/Routers visit www.linktechs.net
<http://www.linktechs.net/>
Radio Frequiency Coverages: www.towercoverage.com
<http://www.towercoverage.com/>
Office: 314-735-0270
E-Mail: [email protected]
<mailto:[email protected]>
*From:*Af [mailto:[email protected]] *On Behalf Of *Adam
Moffett
*Sent:* Friday, December 9, 2016 1:16 PM
*To:* [email protected]
*Subject:* Re: [AFMUG] Easiest VPN on mikrotik
And yes Ken, I can attest that IPSec works for crap when the
endpoint is a CCR.
------ Original Message ------
From: "Ken Hohhof" <[email protected] <mailto:[email protected]>>
To: [email protected] <mailto:[email protected]>
Sent: 12/9/2016 1:05:28 PM
Subject: Re: [AFMUG] Easiest VPN on mikrotik
You mean no encryption, it would be secured with
username/password, right? Depends on what kind of
security he is looking for. It would be easy enough to
set up an IPSEC VPN, the question is CPU load if the
encryption has to be done in software. Also, weren’t
there some posts about problems with hardware based
encryption on some Mikrotik platforms, maybe CCR?
It sounds like you are looking for a client based VPN,
not a site-site VPN? So you need something that will
work with a client that comes with Windows? That sounds
like either PPTP or IPSEC.
*From:*Af [mailto:[email protected]
<mailto:[email protected]>] *On Behalf Of *Josh Reynolds
*Sent:* Friday, December 9, 2016 11:49 AM
*To:* [email protected] <mailto:[email protected]>
*Subject:* Re: [AFMUG] Easiest VPN on mikrotik
No security though.
On Dec 9, 2016 11:47 AM, "Tushar Patel" <[email protected]
<mailto:[email protected]>> wrote:
PPTP on mikrotik. It will be same, IP address and
username and password.
Tushar
On Dec 9, 2016, at 11:42 AM, That One Guy /sarcasm
<[email protected]
<mailto:[email protected]>> wrote:
I have a non WISP customer with some cameras
they monitor, not NVR/DVR to speak of yet. The
cameras are port forwarded (called pinholes in
their current router) individually, so theyre
pretty much exposed IoT targets.
Im putting a mikrotik in because the Fortigate
solution is cost prohibitive. Fortigates ssl vpn
is slick, easy and end user friendly (for the
client)
Whats the easiest VPN/client on a mikrotik. It
would be great if it was as simple as the
fortigate, they have a workstation client and
most phone apps, All I need to do is give them
an IP/FQDN and their username and password, its
done.
--
If you only see yourself as part of the team but
you don't see your team as part of yourself you
have already failed as part of the team.
