Hi,
I’m wondering what is the VPN protocol that you use with RouterOS for remote users that need VPN. We currently use OpenVPN but as I red all around the Internet, the implementation of OpenVPN in routeros only support UDP which is slow. What is the most efficient VPN with the fastest throughtput for the end users ?
I know routeros 7 should support wireguard but eith routeros 6 ?
Thx
UDP is the fast OpenVPN. TCP is slower.
Mikrotik only supports TCP OpenVPN. And their implementation is bad. There are tricks to improve throughput.
But a Linux box or a dedicated aggregator/concentrator is the best way to deal with large scale VPN.
Put a linux box with wireguard on it behind your router and port forward the wireguard port. That will be the fastest.
IPSec/IKEv2 will be the fastest most likely. But it takes some work to setup.
The benefit with IKEv2 is it can be used as an always on VPN in windows.
As /u/Dimitripietro said, I use IKEv2 as well.
There’s a really good Reddit post on setting this up with Windows 10 native client and certificate authentication:
https://www.reddit.com/r/mikrotik/comments/iw804t/howto_windows_10_ikev2_vpn_without_3rd_party/
It’s fast too - on my RB4011 the crypto is hardware accelerated.
And I also agree with you that it is nice to have a VPN that is on the edge device without worrying about VPN server upkeep. I could easily move my VPN to a Docker on my unRAID server (in fact, that’s what I used to do) but my server is far less reliable than my Mikrotik router.
Wireshark is the fastest.
L2tp with ipsec based on user, pass and shared key works good for me: it’s easy/confortable to setup, all modern mikrotik routers has hardware acceleration support and all user operating systems supports it.
at the time, after a series of tests, I chose the one that seemed to have the best compromise between speed and reliability… maybe it doesn’t have the best speed (SSL via TCP), but it doesn’t have MTU problems and it integrates well on Win 10… the SSTP tunnel is fine in both roadwarrior and point-to-point configurations … in the end, if a few percentage points of speed are missing, it balances with the simplicity of operation!
73,
Arturo.
I was thinking about test rOS7 Beta instead of having a linux box to maintain. Like a secondary Mikrotik
Which IpSec client do you use on Windows ?
This is actually what we use till v7 becomes stable - easy and nice with an automatic generator of peers.
The native windows client.
So is some newer routers ros7 only.
Me too. I love Mikrotik’s IKEv2/IPSec offering.