Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Mikrotik VPN Technology Making money with Mikrotik RouterOS By Butch Evans [email protected] http://www.butchevans.com/ Quick Introduction ● ● ● ● ISP since 1994 Started with Dialup (didn't we all?) Used Cisco (didn't we all?) Sold in 1999 (just over 6000 users) for $1.2 million, with “stock options” as part of the sale. THAT WAS A LOSER (didn't we all do that?) Built and sold another ISP, also dialup Went to work in a partnership with BPS Networks to build out their DSL offering This was my first exposure to wireless Started with StarOS, but moved to Mikrotik after about 1 year Currently, running a consulting business assisting with the engineering and deployment of ISP (mostly) networks Why VPN? ● ● VPN is built into the Mikrotik Easy to configure No cost to you Use as an extra cost upgrade ● Create a need for high-speed access ● Charge a “maintenance fee” of $10-30 (or more) monthly for the VPN Home-office users will need high speed access to use a VPN Move people to YOUR service “It'll work with your DSL, but since you're with us at home, it would be FASTER if you were with us at the office, too.” Why VPN? (continued) ● Build “inroads” for additional services Take care of the end user network ● Remote access for yourself (DUH!) ● Secure transmissions Has YOUR password been sniffed while you've been here? HIPPA, Banking/Finance ● Even if the LAW does not require this, wireless is misunderstood and this allows you to say ALL transmissions are encrypted (at least to the wired segment) Why VPN? (More reasons) ● Routing interfaces ● ● DST-NAT cannot “redirect” a packet out the same interface it came in on Firewall simplification Set up PPtP to your border Allow connections to your routers from the PPtP IP space only This allows your INPUT chain to be duplicated without modification Other “special use applications”? What can YOU think of? Making Money with VPN ● ● Existing Customers Home Users have a business Business Users have a home VPN allows for a “Home Office” ● Business expense Gets you “inside” the network Service revenue – As much or as little as you want YOU are the expert Which VPN is right? - IPSEC ● IPSEC Used for highly sensitive information ● ● HIPPA/Medical Financial Creates a tunnel between 2 networks (typically) “Routing” is done via policies Not guaranteed to work behind a NAT router Configuration ● ● /ip ipsec You must turn off Masquerading/NAT Which VPN is right? - PPtP/L2TP ● Encrypted ● Quick and very easy setup ● Routed (creates an interface for routing) ● This is very useful if you need to “redirect” (dst-nat) Easy to use for remote users Looks like a “dialup” connection Which VPN is right? - EoIP ● This is NOT an encrypted tunnel ● Quick and very easy setup ● Bridged network Can bridge IPX and other protocols ● Transparent to users ● This is a Mikrotik proprietary tunnel Which VPN is right? - IPIP ● This is NOT an encrypted tunnel ● Quick and very easy setup ● Routed Creates an interface for routing ● Standardized protocol (RFC 2003 compliant) ● Transparent to users