Transcript Mikrotik VPN Technology

Mikrotik VPN Technology
Making money with Mikrotik RouterOS
By Butch Evans
[email protected]
http://www.butchevans.com/
Quick Introduction
●
●
●
●
ISP since 1994

Started with Dialup (didn't we all?)

Used Cisco (didn't we all?)

Sold in 1999 (just over 6000 users) for $1.2 million, with “stock
options” as part of the sale. THAT WAS A LOSER (didn't we all do
that?)
Built and sold another ISP, also dialup
Went to work in a partnership with BPS Networks to build out their
DSL offering

This was my first exposure to wireless

Started with StarOS, but moved to Mikrotik after about 1 year
Currently, running a consulting business assisting with the
engineering and deployment of ISP (mostly) networks
Why VPN?
●
●
VPN is built into the Mikrotik

Easy to configure

No cost to you
Use as an extra cost upgrade

●
Create a need for high-speed access

●
Charge a “maintenance fee” of $10-30 (or more) monthly for
the VPN
Home-office users will need high speed access to use a
VPN
Move people to YOUR service

“It'll work with your DSL, but since you're with us at home, it
would be FASTER if you were with us at the office, too.”
Why VPN? (continued)
●
Build “inroads” for additional services

Take care of the end user network
●
Remote access for yourself (DUH!)
●
Secure transmissions

Has YOUR password been sniffed while you've been here?

HIPPA, Banking/Finance
●
Even if the LAW does not require this, wireless is
misunderstood and this allows you to say ALL
transmissions are encrypted (at least to the wired
segment)
Why VPN? (More reasons)
●
Routing interfaces

●
●
DST-NAT cannot “redirect” a packet out the same interface it
came in on
Firewall simplification

Set up PPtP to your border

Allow connections to your routers from the PPtP IP space
only

This allows your INPUT chain to be duplicated without
modification
Other “special use applications”?

What can YOU think of?
Making Money with VPN
●
●
Existing Customers

Home Users have a business

Business Users have a home
VPN allows for a “Home Office”

●
Business expense
Gets you “inside” the network

Service revenue – As much or as little as you want

YOU are the expert
Which VPN is right? - IPSEC
●
IPSEC

Used for highly sensitive information
●
●
HIPPA/Medical
Financial

Creates a tunnel between 2 networks (typically)

“Routing” is done via policies

Not guaranteed to work behind a NAT router

Configuration
●
●
/ip ipsec
You must turn off Masquerading/NAT
Which VPN is right? - PPtP/L2TP
●
Encrypted
●
Quick and very easy setup
●
Routed (creates an interface for routing)

●
This is very useful if you need to “redirect” (dst-nat)
Easy to use for remote users

Looks like a “dialup” connection
Which VPN is right? - EoIP
●
This is NOT an encrypted tunnel
●
Quick and very easy setup
●
Bridged network

Can bridge IPX and other protocols
●
Transparent to users
●
This is a Mikrotik proprietary tunnel
Which VPN is right? - IPIP
●
This is NOT an encrypted tunnel
●
Quick and very easy setup
●
Routed

Creates an interface for routing
●
Standardized protocol (RFC 2003 compliant)
●
Transparent to users