There is a central office and about 25 external “points”, Mikrotik is installed almost everywhere, what is the best way to build a VPN?

D

Denis Basarev2018-12-04 14:29:49

VPN

Denis Basarev, 2018-12-04 14:29:49

Subj, in fact, to be cheap in terms of resources, without fanaticism, what protocols, is encryption really necessary.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

S

Sergey, 2018-12-04
@SuNbka

Mikrotik for beginners. VPN setup.
You can also read sdsm .

A

Artem, 2018-12-05
@gangz

Type - a star, definitely.
By models: RB951 in points, 1100AH - in the center.
By type of encryption:
Pure IPSec - but with 951x you won't really get more than 15Mbit in the tunnel, the processors will be 100% busy, difficult to configure.
L2TP IPSec - easy to implement, but has the disadvantages of pure IPSec
L2TP/PPTP - considered insecure against a MITM attack, but difficult to implement in practice. If there is no critical data (bank transactions, etc.) - I recommend this option. 90Mbit will be pumped without problems, as a cheap option - ideally.

C

CityCat4, 2018-12-05
@CityCat4

If "points" do not need access to each other's networks, then there is a natural "star" scheme, when all ticks of points cling to one central tick. In the center, of course, there should be a big thick tick with hardware encryption, and by points - according to needs, if there is little traffic, ticks with software encryption will also be pulled. Of course, you need to encrypt - now there are too many hunters for someone else's good :) And even for a beaver :)