A
A
Alexander Bulgakov2019-07-03 07:36:21
VPN
Alexander Bulgakov, 2019-07-03 07:36:21

How to properly set up vpn?

The situation is this. There is a local network of the enterprise, the Internet is distributed through mikrotik, a static IP address. It is necessary to configure vpn access to this network from other external computers. How to do it more competently - configure vpn on the Mikrotik itself? (then what is better to choose Openvpn ppptp?) Or select a computer on the local network as a vpn server and set a route to it in Mikrotik?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
D
Diman89, 2019-07-03
@Diman89

Raise
openvpn on Mikrotik, consider that it doesn’t have.
If there is enough power (or high speeds are not needed), then l2tp & ipsec tunnel

R
Radjah, 2019-07-03
@Radjah

If OpenVPN is on a machine inside the network, then you can make L2 (tap) and a bridge, then only port forwarding will be needed from the Mikrotik side. Android tap does not know how, at least in the 7th version it definitely does not know how, only tun (L3).
For tun, routes or masquerading will already be needed if access to external devices from the network side behind Mikrotik is not needed.

D
Dmitry Shitskov, 2019-07-03
@Zarom

A server with Openvpn is the most convenient for connecting people remotely. You can also consider softether vpn. These solutions allow you to push the configuration to the client, which is quite convenient.
Forget about Openvpn on Mikrotik - RouterOS developers have repeatedly indicated that they will not develop it. Its functionality on Mikrotik is minimal.

A
Andrei, 2019-07-03
@Blaze355

For Windows, using CMAK, you can make a convenient automatic VPN installer in the form of an .exe file + push all the necessary routes to the corporate network, connection settings, etc. there.

C
CityCat4, 2019-07-03
@CityCat4

More competently - IPSec, but there can be problems with Windows. And you need a microtic with hardware encryption, because, for example, the RB2011 gets into the pose of a company machine gun even from one loaded tunnel.
The easiest way is to forward pptp inside the network to Windows, if you don't care about security (pptp has been broken for a long time).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question