Selection of Type of VPN
VPN is a method to build a network of links between network nodes in a safe / encrypted by using the public network (Internet / WAN). An example implementation is when you manage a network that consists of several offices in different locations. Would require substantial costs if we then establish a wireless link or fiber optic inter-office but could be located in the city or even a different island. With a VPN, we can establish a link between the office by utilizing the existing internet network. Links are formed secured with encryption to minimize the possibility of data will be accessible by people who are not responsible. Mikrotik VPN support several methods such as PPTP, L2TP, SSTP, and OpenVPN. Given some of these options, we need to select the type of VPN is suitable for our network. In general, all of these types have the same function. The difference is the authentication and encryption in use.
PPTP (Point to Point Tunnel Protocol)
PPTP VPN is one of the simplest type in the configuration. It is also flexible. The majority of operating systems already support the PPTP Client, both the operating system on a PC or gadgets like android. Communication PPTP uses TCP port 1723, and use the IP protocol for packet encapsulation 47/GRE data. In the PPTP settings, we can determine the network security protocol used to authenticate PPTP on Mikrotik, such as pap, chap, MSCHAP and mschap2. Then after the tunnel is formed, the transmitted data will be encrypted using Microsoft Point-to-Point Encryption (MPPE). Encryption process will usually make the transmitted packet header size will increase. If we are monitoring, traffick which passes through the PPTP tunnel will have overhead ± 7%.
PPTP VPN is one of the simplest type in the configuration. It is also flexible. The majority of operating systems already support the PPTP Client, both the operating system on a PC or gadgets like android. Communication PPTP uses TCP port 1723, and use the IP protocol for packet encapsulation 47/GRE data. In the PPTP settings, we can determine the network security protocol used to authenticate PPTP on Mikrotik, such as pap, chap, MSCHAP and mschap2. Then after the tunnel is formed, the transmitted data will be encrypted using Microsoft Point-to-Point Encryption (MPPE). Encryption process will usually make the transmitted packet header size will increase. If we are monitoring, traffick which passes through the PPTP tunnel will have overhead ± 7%.
L2TP (Layer 2 Tunnel Protocol)
L2TP is an extension of PPTP L2F plus. Network security and encryption protocol used to authenticate the same with PPTP. However, for communication, L2TP uses UDP port 1701. Usually for keamaanan better, combined with IPSec L2TP, L2TP/IPSec be. Examples for the Windows operating system, by default Windows OS using L2TP/IPSec. However, the consequences of course configuration that must be done is not that simple PPTP. The client side must already support IPSec when applying L2TP/IPSec. In terms of encryption, the encryption on L2TP/IPSec certainly have a higher level of security than PPTP uses MPPE reply. Traffick L2TP tunnel that passes overhead will have ± 12%.
L2TP is an extension of PPTP L2F plus. Network security and encryption protocol used to authenticate the same with PPTP. However, for communication, L2TP uses UDP port 1701. Usually for keamaanan better, combined with IPSec L2TP, L2TP/IPSec be. Examples for the Windows operating system, by default Windows OS using L2TP/IPSec. However, the consequences of course configuration that must be done is not that simple PPTP. The client side must already support IPSec when applying L2TP/IPSec. In terms of encryption, the encryption on L2TP/IPSec certainly have a higher level of security than PPTP uses MPPE reply. Traffick L2TP tunnel that passes overhead will have ± 12%.
SSTP (Secure Socket Tunneling Protocol)
To establish a method SSTP VPN with SSL certificates required in each device, unless both using RouterOS. SSTP communications using TCP port 443 (SSL), its the same thing as the website is secure (https). You have to make sure the clock is in conformity with the real time when using a certificate. Manyamakan time with real-time router can with NTP Client feature. Unfortunately not all OS Support VPN with SSTP method. Traffick SSTP tunnel that passes overhead will have ± 12%.
To establish a method SSTP VPN with SSL certificates required in each device, unless both using RouterOS. SSTP communications using TCP port 443 (SSL), its the same thing as the website is secure (https). You have to make sure the clock is in conformity with the real time when using a certificate. Manyamakan time with real-time router can with NTP Client feature. Unfortunately not all OS Support VPN with SSTP method. Traffick SSTP tunnel that passes overhead will have ± 12%.
OpenVPN
VPN is usually used when needed on high data security. By default, OpenVPN uses UDP port 1194 and required certificate on each device to be connected. For compatibility client, OpenVPN can be built almost on all Operating Systems with the help of third-party applications. OpenVPN uses the sha1 and md5 algorithm for the authentication, and using some cipher that is blowfish128, AES128, AES192 and AES256. Traffic passing through the OpenVPN tunnel will have ± 16% overhead.
VPN is usually used when needed on high data security. By default, OpenVPN uses UDP port 1194 and required certificate on each device to be connected. For compatibility client, OpenVPN can be built almost on all Operating Systems with the help of third-party applications. OpenVPN uses the sha1 and md5 algorithm for the authentication, and using some cipher that is blowfish128, AES128, AES192 and AES256. Traffic passing through the OpenVPN tunnel will have ± 16% overhead.
Keep in mind, that the more we need a secure network, the more complex
configuration needs to be applied, as well as the use of hardware
resources, the higher the encryption used, resource usage, especially
CPU will also rise. The conclusion that we can take, if you want a VPN client that dg better device compatibility, then PPTP could be an option. In addition, PPTP can also be an option if you do not want too much trouble to do the configuration. But if you want a VPN with better security, use L2TP/IPsec or OpenVPN. Typically for windows OS, by default using L2TP/IPSec, so stay diseusuaikan on the server side. If your device supports it and you need a high security on the path that your VPN, L2TP/IPSec could be an option.
One thing to note, the use of a VPN can not increase the bandwidth
(more precisely reduce your bandwidth because there are additional
headers), depending on the bandwidth of your subscription.
http://freakscontent.blogspot.com/
http://freakscontent.blogspot.com/
No comments:
Post a Comment