I'm looking at doing single site to multiple sites vpn for a client and I'm going using all MT stuff
However I want to try and avoid IPSec as it's just a pain I find, It would be a alot easier work with if it presented as an interface the same as the other tunnels.
Anyway I'm looking at all the options OpenVPN would be my first choice bar the whole TCP only mode.
So i'm left with PPTP,L2TP and i'm wondering about security.
I know according to wikipedia L2TP doesn't do encryption but if you check the profile options under winbox you can set "Use Encryption to required or yes" does this mean it will encrypt ??
Any other thoughts on these protocols
Thanks
Mark

PPTP and L2TP use MPPE for encryption, which means RC4. RC4 is, for all intends and purposes, broken. It's the underlying mechanism for WEP, for example. It can rekey frequently, but RouterOS doesn't expose parameters for tweaking that.

So where does that leave you? Depends. How valuable is the data you're trying to protect? If it realistically isn't all that valuable then RC4 might be 'good enough'. Does any of the data fall under minimum encryption requirements? For example, are you in the US and are you transmitting payment data or something to do with health care? If yes, RC4 is right out.

If you want or need strong encryption then IPsec is the only way to go. Is it a pain with RouterOS? You bet. Shame, that. If it was me I'd still use IPsec, just on a different platform. There are plenty of free (other than the stock x86 hardware) solutions available. And while painful it can absolutely be done with RouterOS - I'd still prefer even that to PPTP/L2TP.

Hi Fewi
Thanks for the reply, RC4 is out based on what your telling me as this info needs to be secure.
IPsec is whats currently there but I'd like to use Open VPN I've asked on a different thread why MT don't/won't support udp openvpn.
Anyway looks like i'm stuck with IPSec
the option of using other hardware is not currently open to me and I'm happy enough with the MT based hardware.
Anyone else feel like adding any comments again Fewi thanks for the reply.

How do you find IPSec difficult/confusing? You just need to setup a policy to only accept encrypted traffic from that ip address, setup and IPSec peer and if you want private addresses just add an IPIP tunnel. Quite simple and most secure IMO.

Hi jtroybailey

It's not that I find it confusing I just find it a pain in that it doesn't present a tunnel interface and as a result the traffic just seems to appear and disappear down this tunnel without any way of tracking it.
Both end points have static IP addresses so i'm wondering are you suggesting building an IP-IP tunnel inside the IPSec tunnel or an IPSecTunnel inside and IP-IP.
Thanks again for the help.

IPSec is more of a IP Security Policy, it doesn't tunnel information, just guarantees that the information is encrypted. You can add a IPIP tunnel so that you have you interface to manage.

PPTP and L2TP use MPPE for encryption, which means RC4. RC4 is, for all intends and purposes, broken. It's the underlying mechanism for WEP, for example. It can rekey frequently, but RouterOS doesn't expose parameters for tweaking that.

So where does that leave you? Depends. How valuable is the data you're trying to protect? If it realistically isn't all that valuable then RC4 might be 'good enough'. Does any of the data fall under minimum encryption requirements? For example, are you in the US and are you transmitting payment data or something to do with health care? If yes, RC4 is right out.

If you want or need strong encryption then IPsec is the only way to go. Is it a pain with RouterOS? You bet. Shame, that. If it was me I'd still use IPsec, just on a different platform. There are plenty of free (other than the stock x86 hardware) solutions available. And while painful it can absolutely be done with RouterOS - I'd still prefer even that to PPTP/L2TP.

Fewi, you know I respect all the hard work you put into these forums, but as a security and crypto nerd, I have to come to the defense of RC4. RC4 is very misunderstood, so it catches a lot of bad press because it is either not used properly, or weaknesses are found in the key-generation systems used to initialize it. The reason there are so many attacks against protocols using RC4 is because RC4 used to be the gold standard for EVERYTHING.

The RC4 keystream cipher is not insecure as long as it is initialized properly with a good key. The weakness with WEP was the result of improper use of RC4. When first initialized, the beginning of the keystream needs to be discarded because it leaks info. With WEP, this initial block of weak data was not discarded, which lead to the weak IV problem and eventually the Korek and PTW attacks.

As for PCI compliance, the problem is not with the use of RC4, but rather the use of 40-bit keys to initialize it. 128-bit RC4-SHA and RC4-MD5 are currently accepted as strong encryption for SSL/TLS by both PCI and HIPAA.

You are correct that PPTP is somewhat broken, but here again the problem is not directly with the RC4 cipher, it is with CHAPv1 using a 40-bit key, and CHAPv2 creating a initialization key that has less than the required 128-bits of entropy. MPPE using EAP-TLS certificates for the key exchange still uses RC4 and greatly ups the security factor, but much like rekeying times, sadly MikroTik does not support it.

So in the world of Mikrotik, IPSec really is the only option for a decently secure VPN tunnel. JTroyBailey hit the nail on the head, IPSec is only a security policy, not a tunnel, that is why it is usually paired with either L2TP or ESP to handle the actual data transmission. If you really want another option, you can look into SSTP, but IMHO, I find the hassle of dealing with the certificates usually outweighs the pain of setting up IPSec.

I honestly love nothing more in these forums than being corrected when I'm hopelessly wrong and learning something in the process.

Appreciate the info. I know way too little about the actual crypto implementations and maths behind it all. On that note: got any suggestions for a book that introduces those topics at a reasonable level without immediate diving into page long formulas I wouldn't understand?

got any suggestions for a book that introduces those topics at a reasonable level without immediate diving into page long formulas I wouldn't understand?

If you follow the security world at all, you are probably familiar with Bruce Schneier. He is a great resource for learning about all things crypto. He has a fantastic way of covering just enough math that you know what is going on, while focusing on more of the theory and application than the pure mathematics.

As a starting spot, I would look into his book Applied Cryptography. The sequel Practical Cryptography talks a lot more about applied uses instead of mathematical theories. This book in particular should bring to light how an otherwise secure algorithm like RC4 can be mishandled to create giant insecurities like WEP and MSCHAP.

After you get your feet wet, dig into his papers. If you are comfortable with programming, his self-study course in Block Cipher Cryptanalysis is really good. It take a lot of time, but it forces you to tear apart algorithms to break them. It is a lot of fun when to hit that "Eureka!" moment and see how a cipher all comes together and where it is vulnerable.

Have fun!

Cool, I put them on my reading list. Appreciate it. Aware of the man, of course, but always thought the books would be too technical. Will give them a shot.

If you really want another option, you can look into SSTP, but IMHO, I find the hassle of dealing with the certificates usually outweighs the pain of setting up IPSec.

Hi there! I was browsing for some VPN recommendations and saw the mention of SSTP. Are you aware of any significant difference in overhead between using SSTP vs. L2TP/IPSec? I imagine it'd be worth the effort to deal with the certificates if we can have a reasonable expectation of improved performance.