Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-24 Thread Tyler Treat 

love this.



From: Af  on behalf of Joshaven Mailing Lists 

Sent: Thursday, December 24, 2015 11:05 AM
To: af@afmug.com
Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performance and 
security

PPTP has lower encryption levels then most and uses basic user/pass to encrypt 
and not large keys... however calling it insecure is throwing much more mud on 
the face of PPTP then it deserves.  It is not even remotely close to no 
encryption which isn't insecure because encryption no more equal to security 
then having a bank account is equal to being rich... the user can receive a key 
logger virus through an encrypted tunnel just as easily as a non-encrypted 
tunnel and even an unencrypted tunnel cannot be interfered with if you cannot 
access the stream of  data in-between the endpoints.

Ultimately I expect that if a someone is going to breech a system then they 
will probably do it regardless of the encryption level of a tunnel.  So... if 
you want to be able to VPN into a router simply then I see no harm in PPTP 
unless you expect a hacker setting in the middle of your tunnel just waiting to 
bruit force decrypt the captured packets... If you are interconnecting two bank 
branches then first off the applications should be responsible for the data 
security but it is still a good idea to use something with the highest level of 
security.

Sometimes PPTP is still a good option, sometimes better encryption is a good 
idea.  However, tunnel encryption is never an excuse to allow data access to 
unauthorized users so the applications accessibility is what should really be 
our concern.

Sorry, I'm on my think sanely about security rant... done now.


Sincerely,
Joshaven Potter
Google Hangouts: j...@g2wireless.co<mailto:j...@g2wireless.co>
Cell & SMS: 1-517-607-9370
supp...@joshaven.com<mailto:supp...@joshaven.com>



On Dec 22, 2015, at 8:43 PM, Josh Reynolds 
mailto:j...@kyneticwifi.com>> wrote:


I don't know if ipsec is hardware offloaded on Mikrotik, but if it is it's 
probably your best bet. EoIP does have a performance/overhead hit.. Wasn't 
there something fairly recent about eoip+ipsec? PPTP is NOT security any more 
than WEP is. Most opensource products have removed it at this point - shame on 
MikroTik for not following suit.

On Dec 22, 2015 7:37 PM, "Mathew Howard" 
mailto:mhoward...@gmail.com>> wrote:
You apparently can do encryption on EOIP now... I haven't tried it though, so I 
have no idea if it actually works or if it spoils the simplicity part...

On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:
EOIP wouldn't be encrypted...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
If only EOIP.  Damn I love the simplicity.

On Dec 22, 2015, at 6:51 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:

OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
Tunneling between 2 sites, not trying to bridge a single subnet or any nonsense 
like that.  Well connected on either end.

Which style of tunnel is going to provide the best security vs performance 
value.

Thinking CCR as a concentrator with 2011's or crs125's at end points.

Feedback appreciated.

Thanks!
Tyler

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com<mailto:tyler.tr...@cornbelttech.com>
___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-24 Thread Joshaven Mailing Lists 
PPTP has lower encryption levels then most and uses basic user/pass to encrypt 
and not large keys… however calling it insecure is throwing much more mud on 
the face of PPTP then it deserves.  It is not even remotely close to no 
encryption which isn’t insecure because encryption no more equal to security 
then having a bank account is equal to being rich… the user can receive a key 
logger virus through an encrypted tunnel just as easily as a non-encrypted 
tunnel and even an unencrypted tunnel cannot be interfered with if you cannot 
access the stream of  data in-between the endpoints.

Ultimately I expect that if a someone is going to breech a system then they 
will probably do it regardless of the encryption level of a tunnel.  So… if you 
want to be able to VPN into a router simply then I see no harm in PPTP unless 
you expect a hacker setting in the middle of your tunnel just waiting to bruit 
force decrypt the captured packets… If you are interconnecting two bank 
branches then first off the applications should be responsible for the data 
security but it is still a good idea to use something with the highest level of 
security.

Sometimes PPTP is still a good option, sometimes better encryption is a good 
idea.  However, tunnel encryption is never an excuse to allow data access to 
unauthorized users so the applications accessibility is what should really be 
our concern.

Sorry, I’m on my think sanely about security rant… done now. 


Sincerely,
Joshaven Potter
Google Hangouts: j...@g2wireless.co
Cell & SMS: 1-517-607-9370
supp...@joshaven.com



> On Dec 22, 2015, at 8:43 PM, Josh Reynolds  wrote:
> 
> I don't know if ipsec is hardware offloaded on Mikrotik, but if it is it's 
> probably your best bet. EoIP does have a performance/overhead hit.. Wasn't 
> there something fairly recent about eoip+ipsec? PPTP is NOT security any more 
> than WEP is. Most opensource products have removed it at this point - shame 
> on MikroTik for not following suit.
> 
> On Dec 22, 2015 7:37 PM, "Mathew Howard"  > wrote:
> You apparently can do encryption on EOIP now... I haven't tried it though, so 
> I have no idea if it actually works or if it spoils the simplicity part...
> 
> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman  > wrote:
> EOIP wouldn't be encrypted...
> 
> 
> Josh Luthman
> Office: 937-552-2340 
> Direct: 937-552-2343 
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
> 
> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat  > wrote:
> If only EOIP.  Damn I love the simplicity.  
> 
> On Dec 22, 2015, at 6:51 PM, Josh Luthman  > wrote:
> 
>> OVPN probably?  Not sure about IPSec on the CCR.
>> 
>> 
>> Josh Luthman
>> Office: 937-552-2340 
>> Direct: 937-552-2343 
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>> 
>> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat > > wrote:
>> Tunneling between 2 sites, not trying to bridge a single subnet or any 
>> nonsense like that.  Well connected on either end.
>> 
>> Which style of tunnel is going to provide the best security vs performance 
>> value.
>> 
>> Thinking CCR as a concentrator with 2011's or crs125's at end points.
>> 
>> Feedback appreciated.
>> 
>> Thanks!
>> Tyler
>> 
>> ___
>> Mangled by my iPhone.
>> ___
>> Tyler Treat
>> Corn Belt Technologies, Inc.
>> tyler.tr...@cornbelttech.com 
>> ___
>> 
>> 
> 
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-23 Thread Chris Wright 
I load tested EOIP with IPSEC a couple weeks ago between two CCR1036’s on a gig 
link and got them to fill about 700mbps of a 1gbps pipe.

Chris Wright
Network Administrator
Velociter Wireless
209-838-1221 x115

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Dennis Burgess
Sent: Wednesday, December 23, 2015 1:03 PM
To: af@afmug.com
Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performance and 
security

Of course it can be! ☺  EoIP includes IPSEC encryption if you wish!  ☺  And on 
the CCRs that is hardware accelerated..

Dennis Burgess, CTO, Link Technologies, Inc.
den...@linktechs.net<mailto:den...@linktechs.net> – 314-735-0270 x103 – 
www.linktechs.net<http://www.linktechs.net/>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, December 22, 2015 7:05 PM
To: af@afmug.com<mailto:af@afmug.com>
Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performance and 
security

EOIP wouldn't be encrypted...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
If only EOIP.  Damn I love the simplicity.

On Dec 22, 2015, at 6:51 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:
OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
Tunneling between 2 sites, not trying to bridge a single subnet or any nonsense 
like that.  Well connected on either end.

Which style of tunnel is going to provide the best security vs performance 
value.

Thinking CCR as a concentrator with 2011's or crs125's at end points.

Feedback appreciated.

Thanks!
Tyler

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com<mailto:tyler.tr...@cornbelttech.com>
___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-23 Thread Dennis Burgess 
Of course it can be! ☺  EoIP includes IPSEC encryption if you wish!  ☺  And on 
the CCRs that is hardware accelerated..

Dennis Burgess, CTO, Link Technologies, Inc.
den...@linktechs.net<mailto:den...@linktechs.net> – 314-735-0270 x103 – 
www.linktechs.net<http://www.linktechs.net/>

From: Af [mailto:af-boun...@afmug.com] On Behalf Of Josh Luthman
Sent: Tuesday, December 22, 2015 7:05 PM
To: af@afmug.com
Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performance and 
security

EOIP wouldn't be encrypted...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
If only EOIP.  Damn I love the simplicity.

On Dec 22, 2015, at 6:51 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:
OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
Tunneling between 2 sites, not trying to bridge a single subnet or any nonsense 
like that.  Well connected on either end.

Which style of tunnel is going to provide the best security vs performance 
value.

Thinking CCR as a concentrator with 2011's or crs125's at end points.

Feedback appreciated.

Thanks!
Tyler

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com<mailto:tyler.tr...@cornbelttech.com>
___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-23 Thread Josh Reynolds 
Can you do encrypted vpls on Mikrotik? I don't think I've tried this before.
On Dec 23, 2015 9:53 AM, "Faisal Imtiaz"  wrote:

> Does it have to be VPN ? if this is all MTs' doing MPLS/VPLS will be
> easier and offer the best performance.
>
> Faisal Imtiaz
> Snappy Internet & Telecom
> 7266 SW 48 Street
> Miami, FL 33155
> Tel: 305 663 5518 x 232
>
> Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net
>
> --
>
> *From: *"Tyler Treat" 
> *To: *af@afmug.com
> *Sent: *Tuesday, December 22, 2015 9:40:40 PM
> *Subject: *Re: [AFMUG] Tik to Tik VPN: best trade off between
> performanceandsecurity
>
> Omg.  Great find!  Will investigate this further.
>
> ___
> Mangled by my iPhone.
> ___
>
> Tyler Treat
> Corn Belt Technologies, Inc.
>
> tyler.tr...@cornbelttech.com
> ___
>
>
> On Dec 22, 2015, at 7:42 PM, Josh Luthman 
> wrote:
>
> Oooh IPSEC secret!  That's not even in the documentation (oh who am I
> kidding...)
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Tue, Dec 22, 2015 at 8:37 PM, Mathew Howard 
> wrote:
>
>> You apparently can do encryption on EOIP now... I haven't tried it
>> though, so I have no idea if it actually works or if it spoils the
>> simplicity part...
>>
>> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> EOIP wouldn't be encrypted...
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <
>>> tyler.tr...@cornbelttech.com> wrote:
>>>
>>>> If only EOIP.  Damn I love the simplicity.
>>>>
>>>> On Dec 22, 2015, at 6:51 PM, Josh Luthman 
>>>> wrote:
>>>>
>>>> OVPN probably?  Not sure about IPSec on the CCR.
>>>>
>>>>
>>>> Josh Luthman
>>>> Office: 937-552-2340
>>>> Direct: 937-552-2343
>>>> 1100 Wayne St
>>>> Suite 1337
>>>> Troy, OH 45373
>>>>
>>>> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <
>>>> tyler.tr...@cornbelttech.com> wrote:
>>>>
>>>>> Tunneling between 2 sites, not trying to bridge a single subnet or any
>>>>> nonsense like that.  Well connected on either end.
>>>>>
>>>>> Which style of tunnel is going to provide the best security vs
>>>>> performance value.
>>>>>
>>>>> Thinking CCR as a concentrator with 2011's or crs125's at end points.
>>>>>
>>>>> Feedback appreciated.
>>>>>
>>>>> Thanks!
>>>>> Tyler
>>>>>
>>>>> ___
>>>>> Mangled by my iPhone.
>>>>> ___
>>>>> Tyler Treat
>>>>> Corn Belt Technologies, Inc.
>>>>> tyler.tr...@cornbelttech.com
>>>>> ___
>>>>>
>>>>>
>>>>
>>>
>>
>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-23 Thread Faisal Imtiaz 
Does it have to be VPN ? if this is all MTs' doing MPLS/VPLS will be easier and 
offer the best performance. 

Faisal Imtiaz 
Snappy Internet & Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

> From: "Tyler Treat" 
> To: af@afmug.com
> Sent: Tuesday, December 22, 2015 9:40:40 PM
> Subject: Re: [AFMUG] Tik to Tik VPN: best trade off between performance and
> security

> Omg. Great find! Will investigate this further.

> ___
> Mangled by my iPhone.
> ___

> Tyler Treat
> Corn Belt Technologies, Inc.

> tyler.tr...@cornbelttech.com
> ___

> On Dec 22, 2015, at 7:42 PM, Josh Luthman < j...@imaginenetworksllc.com > 
> wrote:

>> Oooh IPSEC secret! That's not even in the documentation (oh who am I 
>> kidding...)

>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373

>> On Tue, Dec 22, 2015 at 8:37 PM, Mathew Howard < mhoward...@gmail.com > 
>> wrote:

>>> You apparently can do encryption on EOIP now... I haven't tried it though, 
>>> so I
>>> have no idea if it actually works or if it spoils the simplicity part...

>>> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman < j...@imaginenetworksllc.com 
>>> >
>>> wrote:

>>>> EOIP wouldn't be encrypted...

>>>> Josh Luthman
>>>> Office: 937-552-2340
>>>> Direct: 937-552-2343
>>>> 1100 Wayne St
>>>> Suite 1337
>>>> Troy, OH 45373

>>>> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat < 
>>>> tyler.tr...@cornbelttech.com >
>>>> wrote:

>>>>> If only EOIP. Damn I love the simplicity.

>>>>> On Dec 22, 2015, at 6:51 PM, Josh Luthman < j...@imaginenetworksllc.com > 
>>>>> wrote:

>>>>>> OVPN probably? Not sure about IPSec on the CCR.

>>>>>> Josh Luthman
>>>>>> Office: 937-552-2340
>>>>>> Direct: 937-552-2343
>>>>>> 1100 Wayne St
>>>>>> Suite 1337
>>>>>> Troy, OH 45373

>>>>>> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat < 
>>>>>> tyler.tr...@cornbelttech.com >
>>>>>> wrote:

>>>>>>> Tunneling between 2 sites, not trying to bridge a single subnet or any 
>>>>>>> nonsense
>>>>>>> like that. Well connected on either end.

>>>>>>> Which style of tunnel is going to provide the best security vs 
>>>>>>> performance
>>>>>>> value.

>>>>>>> Thinking CCR as a concentrator with 2011's or crs125's at end points.

>>>>>>> Feedback appreciated.

>>>>>>> Thanks!
>>>>>>> Tyler

>>>>>>> ___
>>>>>>> Mangled by my iPhone.
>>>>>>> ___
>>>>>>> Tyler Treat
>>>>>>> Corn Belt Technologies, Inc.
>>>>>>> tyler.tr...@cornbelttech.com
>>>>>>> ___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread That One Guy /sarcasm 
Basic testing showed 50 percent throughout loss with eoip ipsec but there
was an rb750 in the mix. I saw a spec on some of the other stuff where they
have hardware ipsec offloading
On Dec 22, 2015 8:40 PM, "Tyler Treat"  wrote:

> Omg.  Great find!  Will investigate this further.
>
> ___
> Mangled by my iPhone.
> ___
>
> Tyler Treat
> Corn Belt Technologies, Inc.
>
> tyler.tr...@cornbelttech.com
> ___
>
>
> On Dec 22, 2015, at 7:42 PM, Josh Luthman 
> wrote:
>
> Oooh IPSEC secret!  That's not even in the documentation (oh who am I
> kidding...)
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Tue, Dec 22, 2015 at 8:37 PM, Mathew Howard 
> wrote:
>
>> You apparently can do encryption on EOIP now... I haven't tried it
>> though, so I have no idea if it actually works or if it spoils the
>> simplicity part...
>>
>> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> EOIP wouldn't be encrypted...
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <
>>> tyler.tr...@cornbelttech.com> wrote:
>>>
 If only EOIP.  Damn I love the simplicity.

 On Dec 22, 2015, at 6:51 PM, Josh Luthman 
 wrote:

 OVPN probably?  Not sure about IPSec on the CCR.


 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373

 On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <
 tyler.tr...@cornbelttech.com> wrote:

> Tunneling between 2 sites, not trying to bridge a single subnet or any
> nonsense like that.  Well connected on either end.
>
> Which style of tunnel is going to provide the best security vs
> performance value.
>
> Thinking CCR as a concentrator with 2011's or crs125's at end points.
>
> Feedback appreciated.
>
> Thanks!
> Tyler
>
> ___
> Mangled by my iPhone.
> ___
> Tyler Treat
> Corn Belt Technologies, Inc.
> tyler.tr...@cornbelttech.com
> ___
>
>

>>>
>>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Tyler Treat 
Omg.  Great find!  Will investigate this further.

___
Mangled by my iPhone.
___

Tyler Treat
Corn Belt Technologies, Inc.

tyler.tr...@cornbelttech.com
___


On Dec 22, 2015, at 7:42 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:

Oooh IPSEC secret!  That's not even in the documentation (oh who am I 
kidding...)


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 8:37 PM, Mathew Howard 
mailto:mhoward...@gmail.com>> wrote:
You apparently can do encryption on EOIP now... I haven't tried it though, so I 
have no idea if it actually works or if it spoils the simplicity part...

On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:
EOIP wouldn't be encrypted...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
If only EOIP.  Damn I love the simplicity.

On Dec 22, 2015, at 6:51 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:

OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
Tunneling between 2 sites, not trying to bridge a single subnet or any nonsense 
like that.  Well connected on either end.

Which style of tunnel is going to provide the best security vs performance 
value.

Thinking CCR as a concentrator with 2011's or crs125's at end points.

Feedback appreciated.

Thanks!
Tyler

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com
___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Josh Reynolds 
Glancing through the wiki, looks like ipsec tunnel or transport, md5+aes256
is probably your best bet. AES is hardware offloaded.

http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
On Dec 22, 2015 7:37 PM, "Mathew Howard"  wrote:

> You apparently can do encryption on EOIP now... I haven't tried it though,
> so I have no idea if it actually works or if it spoils the simplicity
> part...
>
> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman  > wrote:
>
>> EOIP wouldn't be encrypted...
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <
>> tyler.tr...@cornbelttech.com> wrote:
>>
>>> If only EOIP.  Damn I love the simplicity.
>>>
>>> On Dec 22, 2015, at 6:51 PM, Josh Luthman 
>>> wrote:
>>>
>>> OVPN probably?  Not sure about IPSec on the CCR.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <
>>> tyler.tr...@cornbelttech.com> wrote:
>>>
 Tunneling between 2 sites, not trying to bridge a single subnet or any
 nonsense like that.  Well connected on either end.

 Which style of tunnel is going to provide the best security vs
 performance value.

 Thinking CCR as a concentrator with 2011's or crs125's at end points.

 Feedback appreciated.

 Thanks!
 Tyler

 ___
 Mangled by my iPhone.
 ___
 Tyler Treat
 Corn Belt Technologies, Inc.
 tyler.tr...@cornbelttech.com
 ___


>>>
>>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Mathew Howard 
Mikrotik has documentation? :P

On Tue, Dec 22, 2015 at 7:42 PM, Josh Luthman 
wrote:

> Oooh IPSEC secret!  That's not even in the documentation (oh who am I
> kidding...)
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Tue, Dec 22, 2015 at 8:37 PM, Mathew Howard 
> wrote:
>
>> You apparently can do encryption on EOIP now... I haven't tried it
>> though, so I have no idea if it actually works or if it spoils the
>> simplicity part...
>>
>> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman <
>> j...@imaginenetworksllc.com> wrote:
>>
>>> EOIP wouldn't be encrypted...
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <
>>> tyler.tr...@cornbelttech.com> wrote:
>>>
 If only EOIP.  Damn I love the simplicity.

 On Dec 22, 2015, at 6:51 PM, Josh Luthman 
 wrote:

 OVPN probably?  Not sure about IPSec on the CCR.


 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373

 On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <
 tyler.tr...@cornbelttech.com> wrote:

> Tunneling between 2 sites, not trying to bridge a single subnet or any
> nonsense like that.  Well connected on either end.
>
> Which style of tunnel is going to provide the best security vs
> performance value.
>
> Thinking CCR as a concentrator with 2011's or crs125's at end points.
>
> Feedback appreciated.
>
> Thanks!
> Tyler
>
> ___
> Mangled by my iPhone.
> ___
> Tyler Treat
> Corn Belt Technologies, Inc.
> tyler.tr...@cornbelttech.com
> ___
>
>

>>>
>>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Josh Luthman 
Oooh IPSEC secret!  That's not even in the documentation (oh who am I
kidding...)


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 8:37 PM, Mathew Howard  wrote:

> You apparently can do encryption on EOIP now... I haven't tried it though,
> so I have no idea if it actually works or if it spoils the simplicity
> part...
>
> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman  > wrote:
>
>> EOIP wouldn't be encrypted...
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <
>> tyler.tr...@cornbelttech.com> wrote:
>>
>>> If only EOIP.  Damn I love the simplicity.
>>>
>>> On Dec 22, 2015, at 6:51 PM, Josh Luthman 
>>> wrote:
>>>
>>> OVPN probably?  Not sure about IPSec on the CCR.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <
>>> tyler.tr...@cornbelttech.com> wrote:
>>>
 Tunneling between 2 sites, not trying to bridge a single subnet or any
 nonsense like that.  Well connected on either end.

 Which style of tunnel is going to provide the best security vs
 performance value.

 Thinking CCR as a concentrator with 2011's or crs125's at end points.

 Feedback appreciated.

 Thanks!
 Tyler

 ___
 Mangled by my iPhone.
 ___
 Tyler Treat
 Corn Belt Technologies, Inc.
 tyler.tr...@cornbelttech.com
 ___


>>>
>>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Josh Reynolds 
I don't know if ipsec is hardware offloaded on Mikrotik, but if it is it's
probably your best bet. EoIP does have a performance/overhead hit.. Wasn't
there something fairly recent about eoip+ipsec? PPTP is NOT security any
more than WEP is. Most opensource products have removed it at this point -
shame on MikroTik for not following suit.
On Dec 22, 2015 7:37 PM, "Mathew Howard"  wrote:

> You apparently can do encryption on EOIP now... I haven't tried it though,
> so I have no idea if it actually works or if it spoils the simplicity
> part...
>
> On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman  > wrote:
>
>> EOIP wouldn't be encrypted...
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat <
>> tyler.tr...@cornbelttech.com> wrote:
>>
>>> If only EOIP.  Damn I love the simplicity.
>>>
>>> On Dec 22, 2015, at 6:51 PM, Josh Luthman 
>>> wrote:
>>>
>>> OVPN probably?  Not sure about IPSec on the CCR.
>>>
>>>
>>> Josh Luthman
>>> Office: 937-552-2340
>>> Direct: 937-552-2343
>>> 1100 Wayne St
>>> Suite 1337
>>> Troy, OH 45373
>>>
>>> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <
>>> tyler.tr...@cornbelttech.com> wrote:
>>>
 Tunneling between 2 sites, not trying to bridge a single subnet or any
 nonsense like that.  Well connected on either end.

 Which style of tunnel is going to provide the best security vs
 performance value.

 Thinking CCR as a concentrator with 2011's or crs125's at end points.

 Feedback appreciated.

 Thanks!
 Tyler

 ___
 Mangled by my iPhone.
 ___
 Tyler Treat
 Corn Belt Technologies, Inc.
 tyler.tr...@cornbelttech.com
 ___


>>>
>>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Mathew Howard 
You apparently can do encryption on EOIP now... I haven't tried it though,
so I have no idea if it actually works or if it spoils the simplicity
part...

On Tue, Dec 22, 2015 at 7:04 PM, Josh Luthman 
wrote:

> EOIP wouldn't be encrypted...
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat  > wrote:
>
>> If only EOIP.  Damn I love the simplicity.
>>
>> On Dec 22, 2015, at 6:51 PM, Josh Luthman 
>> wrote:
>>
>> OVPN probably?  Not sure about IPSec on the CCR.
>>
>>
>> Josh Luthman
>> Office: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat <
>> tyler.tr...@cornbelttech.com> wrote:
>>
>>> Tunneling between 2 sites, not trying to bridge a single subnet or any
>>> nonsense like that.  Well connected on either end.
>>>
>>> Which style of tunnel is going to provide the best security vs
>>> performance value.
>>>
>>> Thinking CCR as a concentrator with 2011's or crs125's at end points.
>>>
>>> Feedback appreciated.
>>>
>>> Thanks!
>>> Tyler
>>>
>>> ___
>>> Mangled by my iPhone.
>>> ___
>>> Tyler Treat
>>> Corn Belt Technologies, Inc.
>>> tyler.tr...@cornbelttech.com
>>> ___
>>>
>>>
>>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread George Skorup 

PPTP is pretty easy to configure. I've never messed with IPSEC.

I believe the CCRs and RB1100AHx2 have hardware crypto. The others, no 
so much.


On 12/22/2015 7:07 PM, Tyler Treat wrote:

I know.  That was my point.  :-)

On Dec 22, 2015, at 7:04 PM, Josh Luthman > wrote:



EOIP wouldn't be encrypted...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> 
wrote:


If only EOIP.  Damn I love the simplicity.

On Dec 22, 2015, at 6:51 PM, Josh Luthman
mailto:j...@imaginenetworksllc.com>> wrote:


OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat
mailto:tyler.tr...@cornbelttech.com>> wrote:

Tunneling between 2 sites, not trying to bridge a single
subnet or any nonsense like that.  Well connected on either end.

Which style of tunnel is going to provide the best security
vs performance value.

Thinking CCR as a concentrator with 2011's or crs125's at
end points.

Feedback appreciated.

Thanks!
Tyler

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com

___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Tyler Treat 
I know.  That was my point.  :-)

On Dec 22, 2015, at 7:04 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:

EOIP wouldn't be encrypted...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
If only EOIP.  Damn I love the simplicity.

On Dec 22, 2015, at 6:51 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:

OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
Tunneling between 2 sites, not trying to bridge a single subnet or any nonsense 
like that.  Well connected on either end.

Which style of tunnel is going to provide the best security vs performance 
value.

Thinking CCR as a concentrator with 2011's or crs125's at end points.

Feedback appreciated.

Thanks!
Tyler

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com
___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Josh Luthman 
EOIP wouldn't be encrypted...


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:57 PM, Tyler Treat 
wrote:

> If only EOIP.  Damn I love the simplicity.
>
> On Dec 22, 2015, at 6:51 PM, Josh Luthman 
> wrote:
>
> OVPN probably?  Not sure about IPSec on the CCR.
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
> On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat  > wrote:
>
>> Tunneling between 2 sites, not trying to bridge a single subnet or any
>> nonsense like that.  Well connected on either end.
>>
>> Which style of tunnel is going to provide the best security vs
>> performance value.
>>
>> Thinking CCR as a concentrator with 2011's or crs125's at end points.
>>
>> Feedback appreciated.
>>
>> Thanks!
>> Tyler
>>
>> ___
>> Mangled by my iPhone.
>> ___
>> Tyler Treat
>> Corn Belt Technologies, Inc.
>> tyler.tr...@cornbelttech.com
>> ___
>>
>>
>

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Tyler Treat 
If only EOIP.  Damn I love the simplicity.

On Dec 22, 2015, at 6:51 PM, Josh Luthman 
mailto:j...@imaginenetworksllc.com>> wrote:

OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat 
mailto:tyler.tr...@cornbelttech.com>> wrote:
Tunneling between 2 sites, not trying to bridge a single subnet or any nonsense 
like that.  Well connected on either end.

Which style of tunnel is going to provide the best security vs performance 
value.

Thinking CCR as a concentrator with 2011's or crs125's at end points.

Feedback appreciated.

Thanks!
Tyler

___
Mangled by my iPhone.
___
Tyler Treat
Corn Belt Technologies, Inc.
tyler.tr...@cornbelttech.com
___

Re: [AFMUG] Tik to Tik VPN: best trade off between performance and security

2015-12-22 Thread Josh Luthman 
OVPN probably?  Not sure about IPSec on the CCR.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Tue, Dec 22, 2015 at 7:49 PM, Tyler Treat 
wrote:

> Tunneling between 2 sites, not trying to bridge a single subnet or any
> nonsense like that.  Well connected on either end.
>
> Which style of tunnel is going to provide the best security vs performance
> value.
>
> Thinking CCR as a concentrator with 2011's or crs125's at end points.
>
> Feedback appreciated.
>
> Thanks!
> Tyler
>
> ___
> Mangled by my iPhone.
> ___
> Tyler Treat
> Corn Belt Technologies, Inc.
> tyler.tr...@cornbelttech.com
> ___
>
>