MikroTik

I'm looking for the best tutorial to setup router to router VPN (L2TP/IPsec or PPtP) so the internal users on both networks can access each others.

Any help would be highly appreciated...

Moreover, I would like to know more about the routing configuration on both routers.

Thank you again,

Your better off doing a EOIP tunnel between them and bridging it with the lan.

what about if my manager wants to dial in to access the MS Exchange server?

thank you,

what about if my manager wants to dial in to access the MS Exchange server?

thank you,

You setup a VPN for that, and for that only.

Easiest thing to do is a PPTP from WinXP (Vista too, probably) into a ROS PPTP server.

Well, that would be great if they wanted to dial in.
The best thing to make it transparent would be run a EOIP tunnel between the 2 locations and bridge the eoip with the lan interface
Using different ip ranges on each side and blocking DHCP on the tunnel so that you don't have dhcp jumping offices.
That way its like there in the same office.

What I would consider the proper way of doing this, is setting up a PPTP or L2TP connection (witch one depends on the traffic) but PPTP is more common. Route ACCROSS both networks, as it should be! Then setup either or as your PPTP concentrator. Simple, easy, takes less than a hour, and is the right way. This way you have no broadcast traffic going accross your VPN that you don't need.

Any MT Consultant can help you with this.

What I would consider the proper way of doing this, is setting up a PPTP or L2TP connection (witch one depends on the traffic) but PPTP is more common. Route ACCROSS both networks, as it should be! Then setup either or as your PPTP concentrator.

I would agree with Dennis. There's even a nice example in the manual;

http://www.mikrotik.com/testdocs/ros/3.0/vpn/pptp.php

You may want to have some sort of DNS server on each end though as routing an Active Directory can sometimes throw its toys out the cot.

Heck, if you are running AD, you can even have the Mikrotik PPTP server use AD for usernames/passwords. Then you can control remote VPN access in AD

Is there any difference between PPtP and L2TP/IPsec in terms of security, encryption, etc...?

What is recommended, if I have 3 sites and I want to have a router to router VPN Solution.

Please advise...

I have found that L2TP is better for lossy connections. As far as encryption, they both are MPPE 128. If you need higher security, OpenVPN is the way to go. AES-256 is about as good as its going to get.

Regardless, if basic encryption is fine, then either PPTP or L2TP will typically work fine. L2TP though is UDP based...

As for the Router 2 Router I will be using L2TP for sure... but I still have one thing regarding the DNS issue for the Router that will hold the L2TP Client Connection...

I have MS Exchange 2007 which relies heavily on MS DNS and I need to assign all dialed in routers a DNS using MS DNS Address by setting /ppp profiles DNS on the Main VPN Concentrator etc...But all the VPN Clients have their own DNS Settings (/IP DNS; Primary and Secondary). How can I force all outgoing requests to MS Exchange Sever to use the assigned DNS IP which the VPN Concentrator specify it for their clients?

Any clarification or help would be Highly appreciated,

Think you are saying you have a end system, that needs DNS to MS DNS.

This is simple, setup caching on your local MT, and forward requests to your MS DNS. Backup is your ISP.

Hello,

I have problem with VPN solution router-to-router (RB1000-RB1000) via L2TP. When I route public IP address subnets to remote tunnel IP address from L2TP server (for example - local 10.0.0.1, remote 10.0.0.2), everything is OK. But if I route non-public IP address resources the same way, I can ping it from L2TP server, but not from any other newtwork equipments behind these server.

Thank for any ideas Cheers

Sounds like the subnet at Network A is not defined as a route on the router at network B
ie
network A 10.0.5.0/24
Router Tunnel IP 10.0.10.1
Router LAN 10.0.5.1
System 10.0.5.5

Network B
Router Tunnel IP 10.0.10.2
Router LAN 10.0.6.1
System 10.0.6.20

For System 10.0.6.20 to ping 10.0.5.5 and vice versa you need two routes
Router Network A needs route 10.0.6.0/24 --> 10.0.10.2
Router Network B needs route 10.0.5.0/24 --> 10.0.10.1