Problem... I've not seen SSTP actually SECURE the traffic. A working IPSec config, while a PITA like mike says, actually locks down all the traffic within the IPSec protocol. If any of you that have working site to site SSTP tunnels can torch them with active traffic and share their findings I'd appreciate it.
IPSec is even harder to configure with dynamic IPs on one end. Really designed for static to static. Might even be a bug with tik on dynamic endpoints. On Apr 8, 2014 5:24 PM, "Rory McCann" <rmm.li...@gmail.com> wrote: > +1 on Butch's response. I use SSTP for my Windows Laptops to remotely > connect and use IPSec for router to router. They both have their merits and > both work fine. > > Can't speak on OVPN as I haven't used it. > > Rory McCann > MKAP Technology Solutions > Web: www.mkap.net > > On 4/8/2014 4:21 PM, Butch Evans wrote: > >> On 04/08/2014 03:48 PM, Mike Hammett wrote: >> >>> Why is one better than the other? >>> >> >> Short answer: Neither. >> >> Moderately longer answer: SSTP works better behind a NAT and works on >> port 443, so firewalls are usually not an issue for these. >> >> REALLY longer answer: It really depends. IMO, with modern options (for >> MT specific options), I think a "site to site" option that is better than >> either of these is OpenVPN. OVPN works behind NAT and you can define the >> ports to be used, so firewalls are not an issue. It is a bit easier >> (again, my opinion) to configure and troubleshoot than the other options. >> Having said that, the SSTP is a client built into Windows, so if you have >> a "roaming" client, then this may be the best option. Additionally, most >> other router vendors have IPSEC built-in, so in some cases, that may be the >> best choice. All things being equal, personally, I like the OVPN option. >> >> >> > _______________________________________________ > Mikrotik mailing list > Mikrotik@mail.butchevans.com > http://mail.butchevans.com/mailman/listinfo/mikrotik > > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik > RouterOS > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.butchevans.com/pipermail/mikrotik/attachments/20140408/d2a78c7e/attachment.html> _______________________________________________ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
