So, I'm getting the general consensus is there is no general consensus and end users configuring their client is simple as long as they are sysadmins
On Dec 12, 2016 5:46 PM, "Chris Wright" <[email protected]> wrote: > It took me about an hour of trial-and-error to come to that conclusion a > few months ago. L > > > > Glad someone else might benefit from it and save them from the headache I > got! > > > > Chris Wright > > Network Administrator > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *George Skorup > *Sent:* Monday, December 12, 2016 11:24 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] Easiest VPN on mikrotik > > > > 6.32.2... > [admin@NOC] /ip ipsec> export > /ip ipsec proposal > set [ find default=yes ] enc-algorithms=3des,aes-256-cbc > > I forget what blog or whatever I found this on, but that's what Windows > wants to see. > > On 12/12/2016 1:05 PM, George Skorup wrote: > > And that's where one problem is. The Android native L2TP/IPsec client > doesn't complain too much, but the Windows 10 native client wants some > specific combination. I forget what it is, but I fought with it for a > couple days. > > On 12/12/2016 12:54 PM, Adam Moffett wrote: > > ah...so you're saying it's not IPSec issue per se? > > Do you know which encryption types are hardware accelerated? > > > > ------ Original Message ------ > > From: "Mike Hammett" <[email protected]> > > To: [email protected] > > Sent: 12/12/2016 1:48:39 PM > > Subject: Re: [AFMUG] Easiest VPN on mikrotik > > > > If you change the cipher to one that's not hardware encrypted, that > problem goes away, replaced with a new problem of CPU capacity. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > > *From: *"George Skorup" <[email protected]> > *To: *[email protected] > *Sent: *Monday, December 12, 2016 12:46:12 PM > *Subject: *Re: [AFMUG] Easiest VPN on mikrotik > > MT made L2TP+IPsec w/ pre-shared key painless to configure around v6.30 or > 6.32, somewhere in there. In winbox, PPP > LT2P Server, check Use IPsec and > fill in the IPsec Secret field. That's your pre-shared key. No more manual > IPsec config, all of that is handled dynamically now. So it's just as easy > to set up as PPTP. > > I'm still running this on our NOC CCR for remote access, and yes, the out > of order packet issue is a problem especially with HTTPS, but I'm not going > back to PPTP. > > If MT was smart, they would let us bypass the h/w accelerated encryption > and let it gobble up one of the 36 unused CPU cores. I don't really care. > At least that's an interim solution. > > On 12/12/2016 10:42 AM, Jon Bruce wrote: > > +1 > > It's right up there with WEP or locking your screen door. > > Is OpenVPN an option on Mikrotik? I've run it for years on pfSense and > stand-alone and love it. Failing that, IPSec with a decent client like > Greenbow has also worked easily and well. > > All of that being said, is easy what is best with security? > > On 12/12/2016 11:30 AM, Mike Hammett wrote: > > Not well. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > <https://www.facebook.com/ICSIL> > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> > <https://www.linkedin.com/company/intelligent-computing-solutions> > <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > <https://www.facebook.com/mdwestix> > <https://www.linkedin.com/company/midwest-internet-exchange> > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > <https://www.facebook.com/thebrotherswisp> > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > > *From: *"Dennis Burgess" mailto:[email protected] > <[email protected]> > *To: *[email protected] > *Sent: *Monday, December 12, 2016 9:35:51 AM > *Subject: *Re: [AFMUG] Easiest VPN on mikrotik > > I have IPSEC running on CCRS moving hundreds of megs? > > > > > > *Dennis Burgess** –** Network Solution Engineer – Consultant * > > MikroTik Certified Trainer/Consultant > <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – > MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE > > > > For Wireless Hardware/Routers visit www.linktechs.net > > Radio Frequiency Coverages: www.towercoverage.com > > Office: 314-735-0270 <(314)%20735-0270> > > E-Mail: [email protected] > > > > *From:* Af [mailto:[email protected] <[email protected]>] *On > Behalf Of *Adam Moffett > *Sent:* Friday, December 9, 2016 1:16 PM > *To:* [email protected] > *Subject:* Re: [AFMUG] Easiest VPN on mikrotik > > > > And yes Ken, I can attest that IPSec works for crap when the endpoint is a > CCR. > > > > ------ Original Message ------ > > From: "Ken Hohhof" <[email protected]> > > To: [email protected] > > Sent: 12/9/2016 1:05:28 PM > > Subject: Re: [AFMUG] Easiest VPN on mikrotik > > > > You mean no encryption, it would be secured with username/password, > right? Depends on what kind of security he is looking for. It would be > easy enough to set up an IPSEC VPN, the question is CPU load if the > encryption has to be done in software. Also, weren’t there some posts > about problems with hardware based encryption on some Mikrotik platforms, > maybe CCR? > > > > It sounds like you are looking for a client based VPN, not a site-site > VPN? So you need something that will work with a client that comes with > Windows? That sounds like either PPTP or IPSEC. > > > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *Josh Reynolds > *Sent:* Friday, December 9, 2016 11:49 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] Easiest VPN on mikrotik > > > > No security though. > > > > On Dec 9, 2016 11:47 AM, "Tushar Patel" <[email protected]> wrote: > > PPTP on mikrotik. It will be same, IP address and username and password. > > Tushar > > > > > On Dec 9, 2016, at 11:42 AM, That One Guy /sarcasm < > [email protected]> wrote: > > I have a non WISP customer with some cameras they monitor, not NVR/DVR to > speak of yet. The cameras are port forwarded (called pinholes in their > current router) individually, so theyre pretty much exposed IoT targets. > > Im putting a mikrotik in because the Fortigate solution is cost > prohibitive. Fortigates ssl vpn is slick, easy and end user friendly (for > the client) > > Whats the easiest VPN/client on a mikrotik. It would be great if it was as > simple as the fortigate, they have a workstation client and most phone > apps, All I need to do is give them an IP/FQDN and their username and > password, its done. > > > > -- > > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > > > > > > > > > > >
