10 Gigabit VPN Tunnel SBT-VPN-3600X, 6 * 2.5 electrical ports + 2 10Gigabit optical ports

Hardware parameters:
10 Gigabit Firewall SBT-FW-3630, 6 * 2.5 electrical ports+2 10 Gigabit optical ports
Hardware parameters: CPU: Intel I7-3630QM, 4 cores and 8 threads
Memory: 8GB SSD: 128GB
Network card: Electrical port: 6 * 2.5G (Intel i226), Optical port: 2 * 10G (Intel 82559)
Size: 1U rack mounted

Introduction:
The supported protocols include PPTP, L2TP, OpenVPN, SSTP, IPSec, EOIP, GRE, and IPIP.

1 PPTP
PPTP is a secure tunnel that uses PPP to transmit IP communication. It encapsulates data into the PPP protocol and establishes a virtual link based on the IP network The tunnel. PPTP combines PPP and MPPE (Microsoft Point to Point Encryption) to establish encrypted connections. A very popular
The tunneling protocol can be established between routers or between routers and terminal devices. PPTP clients are supported by almost all operating systems, including
Windows, Android, iOS, etc., PPTP tunnel can roughly achieve the following functions:
 A common secure router/client router tunnel on the Internet.
 Connect (bridge) to the local enterprise network or LAN (when using EoIP).
 Remote access to enterprise/company LAN for mobile or remote customers (see PPTP settings for Windows for more information).

2. PPTP and L2TP
Both PPTP and L2TP use PPP protocol to encapsulate data, and then add additional headers for data transmission on the Internet. Although two associations The discussion is very similar, but there are still differences in the following aspects:
PPTP requires the Internet to be an IP network. L2TP only requires tunnel media to provide point-to-point connections for datagrams. PPTP can only be used between two endpoints
Establish a single tunnel. L2TP supports the use of multiple tunnels between two endpoints. Using L2TP, users can create different tunnels for different service qualities.
L2TP can provide packet header compression. When compressing packet headers, the system overhead occupies 4 bytes, while under the PPTP protocol, it occupies 6 bytes Byte. L2TP can provide tunnel authentication, while PPTP does not support tunnel authentication. But when L2TP or PPTP is used in conjunction with IPSEC, it can be
Tunnel verification is provided by IPSEC, without the need to verify tunnels on Layer 2 protocols.

3、OpenVPN
OpenVPN is an application layer VPN implementation based on the OpenSSL library, which has the advantage of being simple and easy to use compared to traditional VPNs. OpenVPN
Allow single points involved in establishing VPN to use shared keys, electronic certificates, or usernames/passwords for authentication. OpenVPN has been transferred
To various platforms, including Linux and Windows, RouteOS supports OpenVPN in v3. x, and you need to install and enable the PPP feature pack.
On the RouterOS platform, OpenVPN only supports TCP mode and UDP mode is not supported.

4、SSTP
The Secure Socket Tunneling Protocol (SSTP) method is based on SSL3.0 channel transmission of PPP tunnels, using TCP port 443
SSL allows SSTP to pass through all firewalls and proxy servers.
The support for the new SSTP protocol does not completely negate the role of PPTP and L2TP in the solution composed of Microsoft products, when enterprises use base
When it comes to VPN solutions for PPTP and L2TP, this protocol is still commonly used to address or enhance enterprise network security. But the data communication between the two
There may be some online issues when passing through firewalls, NAT, and WEB PROXY.

5、IPsec
IPSec (Internet Protocol Security), as a new generation of network security protocol, provides security guarantees for network transmission, enabling end-to-end security As a new generation of security standard on the Internet, data confidentiality of is possible. Provide access control, connectionless integrity, data source authentication, and anti duplication
A service that includes replay protection, confidentiality, and limited transmission confidentiality. The service is based on the IP layer and protects the IP and upper layer protocols.
IPSec includes three of the most important protocols: Authentication Header (AH) and Encapsulation Security Payload (ESP) （Encapsulating Security Payload）， IKE (Internet Key Exchange):
 AH is a security protocol header used to enhance the security of the IP layer, providing functions such as data source authentication, information completeness verification, and anti replay And ensure the integrity and authenticity of data packets, but do not provide confidentiality and security services.
 ESP and AH also provide IP layer security. The ESP protocol uses encryption and verification mechanisms to provide information source verification and information integrity Sex, anti retransmission, and confidentiality.
 The IKE protocol provides services for key negotiation, establishment, and maintenance of security alliance SA, and generates keys for IPSec negotiation

6、EOIP
EoIP (Ethernet over IP) tunneling is an Ethernet tunneling protocol established between the IP transport layers of two routers, using MikroTik The free protocol of RouterOS. The EoIP interface behaves similarly to Ethernet transmission, and when the bridging function of the router is enabled, all Ethernet data
Traffic (all Ethernet protocols) will be bridged as if there were physical switch interfaces and fiber optic transceiver between two routers (with bridging enabled) Like an instrument.

7. GRE and IPIP
1) GRE (Generic Routing Encapsulation) is a tunneling protocol originating from Cisco. Create a virtual point-to-point connection that can encapsulate various protocols Discuss communication inside.
GRE, along with IPIP and EoIP, all belong to stateless tunnel connections, which means remote tunnel interruptions and all traffic directed to that tunnel becomes a black hole path From. To address this issue, RouteOS has added a keepalive feature to the GRE tunnel (adding a 24 byte header to the GRE tunnel, 4
) Byte GRE header+20 byte IP header)
Note: GRE tunnel can forward IP and IPv6 datagrams (Ethernet 800 and 86dd types)
2) IPIP tunneling is a simple tunneling protocol that encapsulates IP datagrams into an IPIP tunnel to connect routers at both ends. Most routers support this protocol, including Cisco and
Linux。