Virtual Private Network (VPN) is a method for connecting between network nodes by utilizing Internet connection (Public Network / WAN) and using encrypted protocol so it is more secure. VPN is one of the best solutions to connect multiple remote locations to easily take advantage of each location’s Internet connection.
An example of this is when you manage a network for multiple offices in different locations and away from each other. To connect the office ‘A’ using a physical link will certainly require a large cost. Well, by using VPN we can build an inter-office link by utilizing the existing internet network. Links that are formed complete with encryption so as to minimize the possibility of data will be accessed by people who are not responsible.
VPN on Mikrotik supports several methods, such as PPTP, L2TP, SSTP, and OpenVPN. Given these options, we need to choose the appropriate VPN type for our network. In general, all of these types have the same function. What distinguishes is the authentication and encryption used.
PPTP (Point to Point Tunnel Protocol)
PPTP is one of the simplest VPN types in configuration. It is also flexible. The majority of operating systems already support as PPTP Client, whether operating system on PC or gadget like android. PPTP communication uses TCP port 1723 protocol and uses IP Protocol 47 / GRE for encapsulation of data packets. In the PPTP setting, we can specify the network security protocol used to authenticate PPTP on Mikrotik, such as pap, chap, mschap, and mschap2. Then after the tunnel is formed, the transmitted data will be encrypted using Microsoft Point-to-Point Encryption (MPPE). The encryption process will usually make the size of the transmitted packet header will increase. If we are monitoring, traffic passing through the PPTP tunnel will be overhead ± 7%.
L2TP (Layer 2 Tunnel Protocol)
L2TP is the development of PPTP plus L2F. Network security Protocol and encryption used for authentication are the same as PPTP. However, to communicate, L2TP uses UDP port 1701. Usually, for better compatibility, L2TP is combined with IPSec, being L2TP / IPSec. For example for Windows Operating system, by default Windows OS uses L2TP / IPSec. However, the consequence, of course, the configuration should not be as simple as PPTP. Client-side must have to support IPSec when applying L2TP / IPSec. In terms of encryption, of course, the encryption on L2TP / IPSec has a higher level of security than PPTP which uses MPPE. Traffic passing through the L2TP tunnel will experience an overhead of ± 12%.
SSTP (Secure Socket Tunneling Protocol)
To build a VPN with the SSTP method requires an SSL certificate in each device unless both use RouterOS. SSTP communications use TCP port 443 (SSL), as well as secure websites (https). You must make sure the clock is in real time if using the certificate. Manyamakan time router with real-time can with NTP Client feature. Unfortunately not all OS Support VPN with SSTP method. Traffic passing through the SSTP tunnel will experience an overhead of ± 12%.
This VPN is commonly used when high data security is required. By default, OpenVPN uses UDP port 1194 and requires a certificate on each device to connect. For client compatibility, OpenVPN can be built on almost all Operating Systems with the help of third-party applications. OpenVPN uses sha1 and md5 algorithms for authentication and uses some of the blowfish128, aes128, aes192 and aes256 chippers. Traffic passing through the OpenVPN tunnel will experience an overhead of ± 16%.
Keep in mind, the more you want a secure network, the more complex the configuration will need to be applied. Similarly, the use of hardware resources, the higher the encryption used, the use of resources, especially cpu will also rise.
So in conclusion, if you want a VPN with the compatibility and support of a good client tool, then PPTP can be an option. In addition to its high compatibility, PPTP VPN is also easier in its Mikrotik configuration. But if you want a VPN with better security, then L2TP / IPSec or OpenVPN is the solution.
On most Windows OSes, by default use L2TP / IPSec, so stay customized on the server side. If your tool supports and you want high security on your VPN path, L2TP / IPSec can be the right choice.
One thing to note, the use of VPN will not increase your Bandwidth, it can actually shrink your bandwidth because there is an increase in the header, depending on the bandwidth of your subscription.