Page 1 of 1
VPN Site to site
Posted: Sat Sep 19, 2015 1:10 pm
by emadtaha2010
Please i have 2 routerboad 450 i need to make VPN site to site between each other
Please help
Re: VPN Site to site
Posted: Tue Sep 22, 2015 3:19 am
by Van9018
IPSec is a good place to start
http://wiki.mikrotik.com/wiki/Manual:IP/IPsec
That's a lengthy read, but IPSec is probably the best bet.
Some ISPs that issue modems with a router built in may disallow IPSec.
Re: VPN Site to site
Posted: Tue Sep 22, 2015 3:31 am
by zizobaddy
you can use pptp os l2tp with IPSEC
Set IP on the VPN sever router E.g local=192.168.1.1 remote=192.168.1.2
it will work
PPTPconnction without IPSEC too will work just that less secured
Re: VPN Site to site
Posted: Tue Sep 22, 2015 5:27 pm
by descartes
Re: VPN Site to site
Posted: Wed Sep 23, 2015 2:35 am
by Van9018
Stick with plain IPSec in tunnel mode for site-to-site, supposed to be better performing. I use pre-shared keys instead of certificates because it's quicker to setup.
Re: VPN Site to site
Posted: Wed Sep 23, 2015 9:34 am
by andriys
+1 - plain old IPsec in tunnel mode is the best for S2S- flexible, secure and performing. The only "disadvantage" is it requires some learning. And pre-shared key auth method should be just fine for S2S.
Re: VPN Site to site
Posted: Wed Sep 23, 2015 5:01 pm
by cdiedrich
I second the IPsec recommendations.
But: which bandwidth do you expect to be encrypted? If it's just some few MBit < 5, the 450 will for sure be able to handle this. If you're talking about more, better consider either different hardware (850, 1100, CCR series) or a non-IPsec approach.
-Chris
Re: VPN Site to site
Posted: Thu Sep 24, 2015 1:29 pm
by andriys
consider either different hardware (850, 1100, CCR series) or a non-IPsec approach.
I'd argue the non-IPsec approach is worth considering, unless you don't care about encryption at all.
Posted: Thu Sep 24, 2015 11:29 pm
by jarda
Or think about 1100ahx2 with hw ipsec acceleration.