Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
Beard2022-01-03 22:09:53
VPN
Beard, 2022-01-03 22:09:53

Is it possible to tunnel between Linux machine and Mikrotik behind NAT?

Good afternoon!
I ask you to suggest the most optimal technology for creating a VPN tunnel for the following configuration:
- VPS Linux with a "white" IP as a server;
- Mikrotik SXT R (LTE) client behind the provider's NAT (there is no possibility of obtaining a "white" IP).

Before that, I tried 2 options - there are comments on both:
1. OpenVPN - the Mikrotik client does not support UDP, the speed drops over TCP, a large load on the Mikrotik processor due to encryption;
2. IPIP tunnel + IPSec. The implementation is detailed here. The connection turned out to be very unstable, perhaps due to LTE, or a crookedly configured IPSec. The main problem is that ping does not show losses between hosts, ICMP packets pass in both directions, at the same time, application traffic is periodically completely blocked - I have not found the reason. The speed is about 5 times lower compared to OpenVPN, the CPU load on Mikrotik is around 25-35%.

Please share your experience, perhaps someone has already solved a similar problem.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
S
Sergey, 2022-01-03
@KingstonKMS

You put it on vps https://github.com/Kingston-kms/setup-ipsec-vpn and connect from Mikrotik

Report
A
AlexVWill, 2022-01-03
@AlexVWill

Please share your experience, perhaps someone has already solved a similar problem.

Yes, some people have done it... about a million times. :)
IPsec/IKE2 Strongwsan will save you.
Works on Mikrotik just perfect. I've been using it myself for a year now.
Here is a working instruction on how to set up a server.
https://www.digitalocean.com/community/tutorials/h...
Here is the client setup on Mikrotik
https://www.vpnunlimited.com/ru/help/manuals/mikro...
With clients for Windows, penguin, buckets and a stub, I think you’ll figure it out yourself, there are a lot of these links in Google ...

Report
C
CityCat4, 2022-01-04
@CityCat4

miroctic as a client on VPS (in the sense of mikrotik for VPS - a client, he addresses him). Strongswan is installed on the VPS, there is ikev2 on Mikrotik (I don’t know how it is in SXT, there is level3 ROS), but in general the Mikrotik VPS on Linux has been working for years without breaks (I mean IPSec, by the way, it doesn’t need any towns like an IPIP tunnel - it works fine by itself)

Report
N
nApoBo3, 2022-01-04
@nApoBo3

ipsec ike2.
In routeros7, openvpn udp seems to have been delivered, it has even been released and is more or less stable in simple configurations.

Report
D
Drno, 2022-01-04
@Drno

Openvpn. Works and does not ask for
food On udp - do not care
The rest can be cut by the mobile provider

Report
R
Ragnar Black, 2022-01-05
@Ragnar1

Upgrade your Mikrotik hardware to RouterOS v7 and use UDP in openvpn or wireguard right away.

Similar questions
I
IvanGa2020-04-28 22:21:03
How to make VPN on Raspberry Pi? 1Reply
D
Dmitry Bay2021-06-28 19:10:06
In which country is it better to raise a VPN to work from China? 3Reply
P
parallels89482020-05-01 22:51:25
Which free VPN software with high speed can you recommend? 6Reply
S
Sergei Sakharov2020-05-02 02:35:49
How to run bat file with admin rights BEFORE user login? 3Reply
M
Melkor20002011-12-05 07:19:35
Secure channel from work to home 13Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question