Tunnel vs VPN on Mikrotik
0 likes429 views
The document outlines a webinar hosted by GLC Networks on the differences between tunnels and VPNs as implemented on MikroTik devices, led by expert trainer Achmad Mardiansyah. It covers topics including network fundamentals, various types of VPN technologies, security models, and live practice sessions. The webinar also emphasizes the importance of knowledge sharing and ongoing learning in the fields of networking and IT.
![www.glcnetworks.com
Securing VPN protocols
● Internet Protocol Security (IPsec).
● Transport Layer Security (SSL/TLS): OpenVPN project and SoftEther VPN
● Datagram Transport Layer Security (DTLS): Cisco AnyConnect VPN
● Microsoft Point-to-Point Encryption (MPPE): Point-to-Point Tunneling Protocol
● Microsoft Secure Socket Tunneling Protocol (SSTP)
● Multi Path Virtual Private Network (MPVPN). Ragula Systems Development
Company owns the registered trademark "MPVPN".[16]
● Secure Shell (SSH) VPN:
● WireGuard uses encryption technology that uses private and public key
23](https://image.slidesharecdn.com/20210211tunnelvsvpnonmikrotik-210328070056/85/Tunnel-vs-VPN-on-Mikrotik-23-320.jpg)
Tunnel vs VPN on Mikrotik
- 1. www.glcnetworks.com Tunnel vs VPN on MIKROTIK GLC webinar, 11 Feb 2021 Achmad Mardiansyah [email protected] GLC Networks, Indonesia 1
- 2. www.glcnetworks.com Agenda ● Introduction ● Overlay Network ● Tunnel vs VPN ● Security ● Live practice ● Q & A 2
- 4. www.glcnetworks.com What is GLC? ● Garda Lintas Cakrawala (www.glcnetworks.com) ● Based in Bandung, Indonesia ● Areas: Training, IT Consulting ● Certified partner for: Mikrotik, Ubiquity, Linux foundation ● Product: GLC radius manager ● Regular event 4
- 5. www.glcnetworks.com Trainer Introduction ● Name: Achmad Mardiansyah ● Base: bandung, Indonesia ● Linux user since 1999, mikrotik user since 2007, UBNT 2011 ● Mikrotik Certified Trainer (MTCNA/RE/WE/UME/INE/TCE/IPv6) ● Mikrotik/Linux Certified Consultant ● Website contributor: achmadjournal.com, mikrotik.tips, asysadmin.tips ● More info: http://au.linkedin.com/in/achmadmardiansyah 5
- 6. www.glcnetworks.com Past experience 6 ● 2021 (Congo DRC, Malaysia): network support, radius/billing integration ● 2020 (Congo DRC, Malaysia): IOT integration, network automation ● 2019, Congo (DRC): build a wireless ISP from ground-up ● 2018, Malaysia: network revamp, develop billing solution and integration, setup dynamic routing ● 2017, Libya (north africa): remote wireless migration for a new Wireless ISP ● 2016, United Kingdom: workshop for wireless ISP, migrating a bridged to routed network
- 7. www.glcnetworks.com About GLC webinar? ● First webinar: january 1, 2010 (title: tahun baru bersama solaris - new year with solaris OS) ● As a sharing event with various topics: linux, networking, wireless, database, programming, etc ● Regular schedule ● Irregular schedule: as needed ● Checking schedule: http://www.glcnetworks.com/schedule ● You are invited to be a presenter ○ No need to be an expert ○ This is a forum for sharing: knowledge, experiences, information 7
- 8. www.glcnetworks.com Please introduce yourself ● Your name ● Your company/university? ● Your networking experience? ● Your mikrotik experience? ● Your expectation from this course? 8
- 10. www.glcnetworks.com Prerequisite This is advanced topics, we assume you already understand ● How internet works (technically) ● Subnetting (which one is bigger /21 vs /23 ?) ● Routing ● Layer 2 vs Layer 3 addressing ● Broadcast vs collision domain ● How ARP works ● How encapsulation works 10
- 11. www.glcnetworks.com Public vs private network 11 HOME 192.168.1.0/24 3 . 3 . 3 . 0 / 2 4 2.2.2.0/24 OFFICE 172.18.1.0/24 1.1.1.0/24 cafe 192.168.1.0/24
- 12. www.glcnetworks.com Overlay network 12 HOME 192.168.1.0/24 3 . 3 . 3 . 0 / 2 4 2.2.2.0/24 OFFICE 172.18.1.0/24 1.1.1.0/24 cafe 192.168.1.0/24 overlay network 192.168.9.0/24 Overlay network IP: server: 192.168.9.1 router: 192.168.9.11 laptop: 192.168.9.12 @Overlay network: ● Use virtual interface ● Use real layer3 addressing (Network)
- 13. www.glcnetworks.com Example application ● Site-to-site connection (connect between private IP addresses) ● User connection 13
- 15. www.glcnetworks.com Real private network → Virtual Private Network 15
- 16. www.glcnetworks.com Types of VPN ● remote access ● intranet-based site-to-site ● extranet-based site-to-site 16
- 19. www.glcnetworks.com VPN technologies on Mikrotik ● EoIP (Ethernet Over IP) ● PPTP ● L2TP ● SSTP ● IPIP ● GRE ● PPPOE ● OpenVPN (TCP only) ● Wireguard (ROS v7) ● MPLS based ○ VPLS ○ L3VPN BGP ○ L2VPN 19
- 20. www.glcnetworks.com Example: Ethernet over Internet Protocol (EoIP) ● Ethernet over IP (EoIP) is mikrotik propriatery protocol for tunneling ● Any EoIP interface will be considered as ethernet ● Using GRE protocol (RFC1701) 20 site1 site2 INTERNET
- 22. www.glcnetworks.com VPN security model ● confidentiality ● sender authentication ● message integrity Not all vpn/tunnel are encrypted 22
- 23. www.glcnetworks.com Securing VPN protocols ● Internet Protocol Security (IPsec). ● Transport Layer Security (SSL/TLS): OpenVPN project and SoftEther VPN ● Datagram Transport Layer Security (DTLS): Cisco AnyConnect VPN ● Microsoft Point-to-Point Encryption (MPPE): Point-to-Point Tunneling Protocol ● Microsoft Secure Socket Tunneling Protocol (SSTP) ● Multi Path Virtual Private Network (MPVPN). Ragula Systems Development Company owns the registered trademark "MPVPN".[16] ● Secure Shell (SSH) VPN: ● WireGuard uses encryption technology that uses private and public key 23
- 25. www.glcnetworks.com preparation ● SSH client ● SSH parameters ○ SSH address ○ SSH port ○ SSH username ○ SSH password 25
- 27. www.glcnetworks.com Interested? Just come to our training... ● Topics are arranged in systematic and logical way ● You will learn from experienced teacher ● Not only learn the materials, but also sharing experiences, best-practices, and networking 27
- 28. www.glcnetworks.com End of slides ● Thank you for your attention ● Please submit your feedback: http://bit.ly/glcfeedback ● Like our facebook page: https://www.facebook.com/glcnetworks ● Slide: http://www.slideshare.net/r41nbuw ● Recording (youtube): https://goo.gl/28ABHU ● Stay tune with our schedule ● Any questions? 28