Over the next couple of weeks, we’ll be featuring a number of articles to serve as a crash course into MikroTiK – MikroTiK 101. This week we’ll be focusing on MikroTik’s VPN!

How does VPN work?

According to Wikipedia: “virtual private network (VPN) extends a private network across a public network or internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.”

This means that you can connect your company’s various branches to the same network, allowing the user to share resources with each other, regardless of the fact that the branches might be miles away from each other – all via an internet connect without security risk (network will be secure and encrypted).

This means that you can securely interconnect banking networks, use your workplace resources while travelling and connect to your home network when needed. 

VPN Methods and Tunnel Protocols

“A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunnelling protocols, or traffic encryption. VPNs can be either remote-access (connecting a computer to a network) or site-to-site (connecting two networks). In a corporate setting, remote-access VPNs allow employees to access their company’s intranet from home or while travelling outside the office, and site-to-site VPNs allow employees in geographically disparate offices to share one cohesive virtual network. A VPN can also be used to interconnect two similar networks over a dissimilar middle network; for example, two IPv6 networks over an IPv4 network.” – Wikipedia 

RouterOS supports various VPN methods and tunnel protocols:

• IPSec – tunnel and transport mode, certificate or PSK, AH and ESP security protocols. Hardware encryption support on RouterBOARD 1000.
• Point to point tunnelling (OpenVPN, PPTP, PPPoE, L2TP, SSTP)
• Advanced PPP features (MLPPP, BCP)
• Simple tunnels (IPIP, EoIP) IPv4 andIPv6 support
• 6to4 tunnel support (IPv6 over IPv4 network)
• VLAN – 1q Virtual LAN support, Q-in-Q support
• MPLS-based VPNs

(source: wiki.mikrotik.com)

Another amazing feature from MikroTik: EoIP

RouterOS also provides several MikroTik proprietary functions that are not found elsewhere, for example, EoIP which is an Ethernet tunnel between two routers on top of an IP connection. The EoIP interface appears as an Ethernet interface. When the bridging function of the router is enabled, all Ethernet traffic will be bridged just as if there were a physical Ethernet interface and cable between the two routers (with bridging enabled). This protocol makes multiple networks schemes possible, for example, the possibility to bridge LANs over the Internet.