Great comparision! Thak you! In my opinion you missed to mention one important thing about L2TP/IPsec. In Mikrotik environment is old issue that clients reaching the server via NAT do work but only one at a time per each public address.

My man, my pro it teacher , I hail you and greetings from Greece! I have a fast internet connection but no access to public IP in my first WAN . My second WAN has slow internet connection and I have it as a backup. So Zerotier was a lifesaver ! I really admire you and I deeply appreciate what you do. Keep up the good work. Thumbs up!

I Just deployed a wireguard mesh vpn network between 7 sites and many road warriors clients. Performance speed touches 98% of line bandwidth and latency is awesome .

Mikrotik for life. ZeroTier is awesome but It managed to bork itself on 2 of my production systems already (1 windows and 1 linux box). Rock solid of MT though. Wiregaurd is my go-to nowadays if I have a public IP accessible somewhere. Super fast, super simple, and using a modern stream cipher.

Was using L2TP + IPsec because of native Mac and Windows support for a while until Wireguard came along. Now I primarily use Wireguard on MT and OpenVPN on another server as backup.

Hello, Johnny! Appreciate your work and talent of presentation. May I kindly ask you to specify few things? 1. L2TP was tested with ipsec, right? 2. You wrote “Unable to test” for IKEv2 in a table. Do you mean - tests failed in browser? Did “speedtest”/”fast” webpages load with no errors? 3. I’ve noticed poor results for PPTP. Maybe you have some thoughts about it (despite of low CPU/memory requirements pptp loses to others)? Have you ever tried to establish PPTP tunnels from some other locations? Thank you so much in advance.

Your video right on time for me. I was wondering what to use and because you have the experience I can tell that you know what you are talking about. Thanks you and keep up the good work !!!

Thank you for the awesome video. Really appreciate the effort with the comparisons. Perhaps do show things like the IPIP, EoIP tunnels as well as the dynamic routing protocols. Really love the content and keep it going!!!!

Thanks Meneer, very informative. Using Wireguard here in the UK, to access the office NAS from my phone, inter alia.

I want to connect two locations with VPN, but both lack the static IP address. However DDNS is working for both places and clients can connect to both routers easily. Can I use IPSEC with two DDNS enabled routers? If not, which protocol do you recommend for permament connection? Thanks for your answer.

ZeroTier here as well, the piece of mind of not having any ports open is just unbeatable.

can you tell about install v2ray protocol on microtik? thanks

Bcs I have CHR as main location I'm stuck with wireguard and cant complain. Works very well, but we will see how it hold hundreads off peers. For older V6 routers we still use l2tp but with ipsec.

Zerotier is excellent if you have two endpoints (routers) that do not have publicly accessible IPs. Limits, yes ARM devices but also dependency on third party servers. It can handle complex scenarios and wide variety of needs. Wireguard is maybe a bit faster but its strength is relatively easy to setup and it is truly independent. Never used OPENVPN and will never see myself needing to use it and not completely implemented in MT OS anyway. Where things get interesting which no one addresses head on is the issue of MTU which manifests in no browsing, slow browsing or some website not reachable. For example in wirguard, ensure ICMP is not blocked first and foremost. One method to address this is to try putting the MTU from default 1420 to 1500 on both client and server ends, or mangle/MSS clamping on the client side, OR............ MRRU finessing by using an unencrypted L2TP tunnel within an encrypted wireguard tunnel to send ones data. L2TP settings allow MRRU through MLPPP. One uses the very basic L2TP settings and ensures MRRU is set at 1504 at both ends of the L2TP connection. Dont use pptp................. no reason to.

ZT Rocks man! It get's my vote indeed. Nice video Network Berg

can you make video how to make openvpn on miktorik in router os 7 with extracking ovpn file form it and ppp profile?

its possbiel to create sito to site via Wireguard ? for example to cloud ( Mikrotik - Linux Machine )

Thank Berg for very nice video. I used Zerotier, but not happy with speed, only around 25Mbits.

Please teach about open VPN settings of ExpressVPN company on mikrotik

@The Network Berg Hi there i've issue with L2TP+IPSEC latency +3-5ms compared to direct ping side to client plus little fluctuating +2-3ms. Is there any advices where to dig to?

One more great, very informative video, thanks.

Hou nie van Mikrotik, but can't deny its a good product. Use raspberry with wireguard for port customizations.

Thanks for this. Makes me feel better about waiting for an ARM based MikroTik device for my primary usege. I have a MikroTik mAP (both lite and non lite versions actually) to play with while I wait on the Arm based AX models being available in my region. I'd like to setup a VPN that my friends in other countries can use to avoid region restrictions, but NOT give them any access to my home network. mAP would have to be behind an ISP modem. Is this possible? Is there an ELI5 guide for this anywhere? It seems that all VPN guides are for the (etirely normal) setup: secure access to the network. I just want it for geolocation avoidance - not local network access. Any pointers on how one could accomplish this?

please make a IKE2 VPN server for android..because android now support only ike2 vpn. struggling to make a ike2 vpn server ...

Nice video!! Any VPN using TCP will suffer what is called TCP meltdown (TCP inside from the app in another TCP like the VPN tunnel creates) that impacts badly the throughput so stay away of TCP VPNs such as SSTP or OVPN over TCP

Can you run Zerotier and Wireguard on the same router at the same time? If I enable Zerotier package, wireguard no longer works.

I had ZT fully working across 5 sites and it was amazing just like you said. Then I disabled the ZT interface in WinBox in one of the site configs and the whole thing suddenly tanked, and I've never been able to get it working again and been using SSTP in its place for now. I'm genuinely baffled.

Hi there ! I was wondering if you were in a position to do a video, or comment on, the ability to do 2FA/MFA with Mikrotik VPN's. Websites like rublon and miniOrange seem to provide the services.

Why mikrotik doesn't implement zerotier to other platforms other than ARM, any ideas?

Great information

pls more about sstp on mikrotik. also sert

can you connect to a sonicwall vpn ?

ROS v7 sucks tho. It wont register OSPF LSAs from v6 devices :(

ipsec will never go away. Everything support it😂

The most garbage routers you can buy on the market.