www.glcnetworks.com
Tunnel vs VPN on
MIKROTIK
GLC webinar, 11 Feb 2021
Achmad Mardiansyah
achmad@glcnetworks.com
GLC Networks, Indonesia
1
www.glcnetworks.com
Agenda
● Introduction
● Overlay Network
● Tunnel vs VPN
● Security
● Live practice
● Q & A
2
www.glcnetworks.com
introduction
3
www.glcnetworks.com
What is GLC?
● Garda Lintas Cakrawala (www.glcnetworks.com)
● Based in Bandung, Indonesia
● Areas: Training, IT Consulting
● Certified partner for: Mikrotik, Ubiquity, Linux foundation
● Product: GLC radius manager
● Regular event
4
www.glcnetworks.com
Trainer Introduction
● Name: Achmad Mardiansyah
● Base: bandung, Indonesia
● Linux user since 1999, mikrotik user since 2007, UBNT
2011
● Mikrotik Certified Trainer
(MTCNA/RE/WE/UME/INE/TCE/IPv6)
● Mikrotik/Linux Certified Consultant
● Website contributor: achmadjournal.com, mikrotik.tips,
asysadmin.tips
● More info:
http://au.linkedin.com/in/achmadmardiansyah
5
www.glcnetworks.com
Past experience
6
● 2021 (Congo DRC, Malaysia): network support,
radius/billing integration
● 2020 (Congo DRC, Malaysia): IOT integration,
network automation
● 2019, Congo (DRC): build a wireless ISP from
ground-up
● 2018, Malaysia: network revamp, develop billing
solution and integration, setup dynamic routing
● 2017, Libya (north africa): remote wireless migration
for a new Wireless ISP
● 2016, United Kingdom: workshop for wireless ISP,
migrating a bridged to routed network
www.glcnetworks.com
About GLC webinar?
● First webinar: january 1, 2010 (title:
tahun baru bersama solaris - new year
with solaris OS)
● As a sharing event with various topics:
linux, networking, wireless, database,
programming, etc
● Regular schedule
● Irregular schedule: as needed
● Checking schedule:
http://www.glcnetworks.com/schedule
● You are invited to be a presenter
○ No need to be an expert
○ This is a forum for sharing: knowledge,
experiences, information
7
www.glcnetworks.com
Please introduce yourself
● Your name
● Your company/university?
● Your networking experience?
● Your mikrotik experience?
● Your expectation from this course?
8
www.glcnetworks.com
Overlay network
9
www.glcnetworks.com
Prerequisite
This is advanced topics, we assume you already understand
● How internet works (technically)
● Subnetting (which one is bigger /21 vs /23 ?)
● Routing
● Layer 2 vs Layer 3 addressing
● Broadcast vs collision domain
● How ARP works
● How encapsulation works
10
www.glcnetworks.com
Public vs private network
11
HOME
192.168.1.0/24
3
.
3
.
3
.
0
/
2
4
2.2.2.0/24
OFFICE
172.18.1.0/24
1.1.1.0/24
cafe
192.168.1.0/24
www.glcnetworks.com
Overlay network
12
HOME
192.168.1.0/24
3
.
3
.
3
.
0
/
2
4
2.2.2.0/24
OFFICE
172.18.1.0/24
1.1.1.0/24
cafe
192.168.1.0/24
overlay network
192.168.9.0/24
Overlay network IP:
server: 192.168.9.1
router: 192.168.9.11
laptop: 192.168.9.12
@Overlay network:
● Use virtual interface
● Use real layer3 addressing (Network)
www.glcnetworks.com
Example application
● Site-to-site connection (connect between private IP addresses)
● User connection
13
www.glcnetworks.com
Tunnel / VPN
14
www.glcnetworks.com
Real private network → Virtual Private Network
15
www.glcnetworks.com
Types of VPN
● remote access
● intranet-based site-to-site
● extranet-based site-to-site
16
www.glcnetworks.com
VPN technologies
17
www.glcnetworks.com
VPN on mikrotik
18
www.glcnetworks.com
VPN technologies on Mikrotik
● EoIP (Ethernet Over IP)
● PPTP
● L2TP
● SSTP
● IPIP
● GRE
● PPPOE
● OpenVPN (TCP only)
● Wireguard (ROS v7)
● MPLS based
○ VPLS
○ L3VPN BGP
○ L2VPN
19
www.glcnetworks.com
Example: Ethernet over Internet Protocol (EoIP)
● Ethernet over IP (EoIP) is mikrotik propriatery protocol for tunneling
● Any EoIP interface will be considered as ethernet
● Using GRE protocol (RFC1701)
20
site1 site2
INTERNET
www.glcnetworks.com
Security
21
www.glcnetworks.com
VPN security model
● confidentiality
● sender authentication
● message integrity
Not all vpn/tunnel are encrypted
22
www.glcnetworks.com
Securing VPN protocols
● Internet Protocol Security (IPsec).
● Transport Layer Security (SSL/TLS): OpenVPN project and SoftEther VPN
● Datagram Transport Layer Security (DTLS): Cisco AnyConnect VPN
● Microsoft Point-to-Point Encryption (MPPE): Point-to-Point Tunneling Protocol
● Microsoft Secure Socket Tunneling Protocol (SSTP)
● Multi Path Virtual Private Network (MPVPN). Ragula Systems Development
Company owns the registered trademark "MPVPN".[16]
● Secure Shell (SSH) VPN:
● WireGuard uses encryption technology that uses private and public key
23
www.glcnetworks.com
LIVE practice
24
www.glcnetworks.com
preparation
● SSH client
● SSH parameters
○ SSH address
○ SSH port
○ SSH username
○ SSH password
25
www.glcnetworks.com
Q & A
26
www.glcnetworks.com
Interested? Just come to our training...
● Topics are arranged in systematic and logical way
● You will learn from experienced teacher
● Not only learn the materials, but also sharing experiences, best-practices, and
networking
27
www.glcnetworks.com
End of slides
● Thank you for your attention
● Please submit your feedback: http://bit.ly/glcfeedback
● Like our facebook page: https://www.facebook.com/glcnetworks
● Slide: http://www.slideshare.net/r41nbuw
● Recording (youtube): https://goo.gl/28ABHU
● Stay tune with our schedule
● Any questions?
28

More Related Content

PDF
Aci presentation
PDF
IPsec on Mikrotik
PDF
ISP Load Balancing with Mikrotik ECMP
PDF
Mikrotik Bridge Deep Dive
PDF
Mikrotik Load Balancing with PCC
PDF
BGP on mikrotik
PDF
Mikrotik fastpath
PDF
MPLS on Router OS V7 - Part 1
Aci presentation
IPsec on Mikrotik
ISP Load Balancing with Mikrotik ECMP
Mikrotik Bridge Deep Dive
Mikrotik Load Balancing with PCC
BGP on mikrotik
Mikrotik fastpath
MPLS on Router OS V7 - Part 1

What's hot (20)

PDF
TechWiseTV Workshop: Cisco DNA Center Assurance
PDF
VLAN on mikrotik
PDF
Mikrotik Hardening
PDF
Application Centric Infrastructure (ACI), the policy driven data centre
PDF
EOIP Deep Dive
PDF
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
PDF
2 what is the best firewall (sizing)
PDF
OSPF On Router OS7
PDF
Choosing Mikrotik Platform x86 vs chr
PDF
Network LACP/Bonding/Teaming with Mikrotik
PDF
Policy Based Routing (PBR) on Mikrotik
PDF
MPLS on Router OS V7 - Part 2
PPT
Palo alto networks next generation firewalls
PDF
ISP load balancing with mikrotik nth
PDF
WTF is GitOps and Why You Should Care?
PDF
Segment Routing: A Tutorial
PDF
GLC webinar: limiting bandwidth using mikrotik
PPTX
Palo alto NGfw2023.pptx
PDF
Mikro tik advanced training
PDF
Mikrotik IP Settings For Performance and Security
TechWiseTV Workshop: Cisco DNA Center Assurance
VLAN on mikrotik
Mikrotik Hardening
Application Centric Infrastructure (ACI), the policy driven data centre
EOIP Deep Dive
MUM Melbourne : Build Enterprise Wireless with CAPsMAN
2 what is the best firewall (sizing)
OSPF On Router OS7
Choosing Mikrotik Platform x86 vs chr
Network LACP/Bonding/Teaming with Mikrotik
Policy Based Routing (PBR) on Mikrotik
MPLS on Router OS V7 - Part 2
Palo alto networks next generation firewalls
ISP load balancing with mikrotik nth
WTF is GitOps and Why You Should Care?
Segment Routing: A Tutorial
GLC webinar: limiting bandwidth using mikrotik
Palo alto NGfw2023.pptx
Mikro tik advanced training
Mikrotik IP Settings For Performance and Security
Ad

Similar to Tunnel vs VPN on Mikrotik (20)

PPTX
VPN on Mikrotik
PDF
Mikrotik Hotspot
PDF
Running BGP with Mikrotik
PDF
Mikrotik User Meeting Manila: bgp vs ospf
PDF
Manage Your Router with Dynamic Public IP
PDF
Layer 7 Firewall on Mikrotik
PDF
Firewall mangle PBR: steering outbound path similar to inbound
PDF
BGP on RouterOS7 -Part 1
PDF
Internet Protocol Deep-Dive
PDF
BGP Services IP Transit vs IP Peering
PDF
CCNA : Intro to Cisco IOS - Part 1
PDF
Mikrotik fasttrack
PDF
Zabbix for Monitoring
PDF
Policy Based Routing with Indirect BGP - Part 1
PDF
VLAN vs VXLAN
PDF
Mikrotik Fastpath vs Fasttrack
PDF
Connection load balancing with mikrotik [workshop]
PDF
Building Local-loop Services for Customers
PPTX
VPN_ether over internet protocol (EoIP )and IP-IP.pptx
PDF
IPv6 with Mikrotik
VPN on Mikrotik
Mikrotik Hotspot
Running BGP with Mikrotik
Mikrotik User Meeting Manila: bgp vs ospf
Manage Your Router with Dynamic Public IP
Layer 7 Firewall on Mikrotik
Firewall mangle PBR: steering outbound path similar to inbound
BGP on RouterOS7 -Part 1
Internet Protocol Deep-Dive
BGP Services IP Transit vs IP Peering
CCNA : Intro to Cisco IOS - Part 1
Mikrotik fasttrack
Zabbix for Monitoring
Policy Based Routing with Indirect BGP - Part 1
VLAN vs VXLAN
Mikrotik Fastpath vs Fasttrack
Connection load balancing with mikrotik [workshop]
Building Local-loop Services for Customers
VPN_ether over internet protocol (EoIP )and IP-IP.pptx
IPv6 with Mikrotik
Ad

More from GLC Networks (20)

PDF
Internal BGP tuning: Mesh peering to avoid loop
PDF
BGP tuning: Peer with loopback
PDF
BGP security tuning: pull-up route
PDF
BGP troubleshooting: route origin
PDF
Steering traffic in OSPF: Interface cost
PDF
Tuning OSPF: Bidirectional Forwarding Detection (BFD)
PDF
Tuning OSPF: Prefix Aggregate
PDF
Tuning OSPF: area hierarchy, LSA, and area type
PDF
Stable OSPF: choosing network type.pdf
PDF
Controlling Access Between Devices in the same Layer 2 Segment
PDF
GIT as Mikrotik Configuration Management
PDF
RouterOS Migration From v6 to v7
PDF
Building a Web Server with NGINX
PDF
Best Current Practice (BCP) 38 Ingress Filtering for Security
PDF
Policy Based Routing with Indirect BGP - Part 2
PDF
Network Monitoring with The Dude and Whatsapp
PPTX
Automatic Backup via FTP - Part 2
PDF
Automatic Backup via FTP - Part 1
PDF
Voice Services, From Circuit Switch to VoIP
PDF
BGP on RouterOS7 - Part 2
Internal BGP tuning: Mesh peering to avoid loop
BGP tuning: Peer with loopback
BGP security tuning: pull-up route
BGP troubleshooting: route origin
Steering traffic in OSPF: Interface cost
Tuning OSPF: Bidirectional Forwarding Detection (BFD)
Tuning OSPF: Prefix Aggregate
Tuning OSPF: area hierarchy, LSA, and area type
Stable OSPF: choosing network type.pdf
Controlling Access Between Devices in the same Layer 2 Segment
GIT as Mikrotik Configuration Management
RouterOS Migration From v6 to v7
Building a Web Server with NGINX
Best Current Practice (BCP) 38 Ingress Filtering for Security
Policy Based Routing with Indirect BGP - Part 2
Network Monitoring with The Dude and Whatsapp
Automatic Backup via FTP - Part 2
Automatic Backup via FTP - Part 1
Voice Services, From Circuit Switch to VoIP
BGP on RouterOS7 - Part 2

Recently uploaded (20)

PDF
sustainability-14-14877-v2.pddhzftheheeeee
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
PDF
Co-training pseudo-labeling for text classification with support vector machi...
PDF
The influence of sentiment analysis in enhancing early warning system model f...
PPTX
Internet of Everything -Basic concepts details
PDF
Advancing precision in air quality forecasting through machine learning integ...
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
PDF
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
PDF
Flame analysis and combustion estimation using large language and vision assi...
PDF
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
PDF
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
sustainability-14-14877-v2.pddhzftheheeeee
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Improvisation in detection of pomegranate leaf disease using transfer learni...
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
Co-training pseudo-labeling for text classification with support vector machi...
The influence of sentiment analysis in enhancing early warning system model f...
Internet of Everything -Basic concepts details
Advancing precision in air quality forecasting through machine learning integ...
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Transform-Your-Supply-Chain-with-AI-Driven-Quality-Engineering.pdf
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Custom Battery Pack Design Considerations for Performance and Safety
Flame analysis and combustion estimation using large language and vision assi...
AI.gov: A Trojan Horse in the Age of Artificial Intelligence
NewMind AI Weekly Chronicles – August ’25 Week IV
Early detection and classification of bone marrow changes in lumbar vertebrae...
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Dell Pro Micro: Speed customer interactions, patient processing, and learning...
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Enhancing plagiarism detection using data pre-processing and machine learning...

Tunnel vs VPN on Mikrotik