Wanted: Site-to-site VPN Routers

I’d be down for teaching that; I use it to run my small hosting company’s routing, firewalls, TLS terminators, and some caching systems.

Anyone with interest Ping me and I’ll see what I can work out

-Jim

2 Likes

I refuse to use the phrase “ping” when contacting humans, but I’d like to attend a PFsense class. I’ve used it, but I’d like to see how others think it should be used…

1 Like

Ping
This is 20 charachters

1 Like

ECHO
more chars 012345678901234567890123456789

I found my old PC with two NICs & can provide beer

Very well; let us perform the ancient ritual of IT services in exchange for goods and offerings to the great provider that is Ethanol.

I’m in the Induction Forge class this evening, but will be available once it is done. The class lists 9:00 as the end time, but depending on how the class is setp I may be out sooner since I’m already trained on the KMG portion.

-Jim

Any luck you could drop them off in the electronics lab. I’ve been working there most days & can start learning. For now I have some extra time waiting for parts and such for another project

Try learning mikrotik and haproxy first. THEN one can master PFSense.

I had not heard of these before. Let me know if classes are offerred in these. I would love to learn more about practical networking solutions.

haproxy is kind of unrelated to VPNs, and Mikrotik? You’re calling Mikrotik easier than PfSense? I’m just making sure I’m reading this right…

-Jim

P.S: PfSense has HAProxy as a native package; I use it as my TLS terminators.

At its core pfsense is just a fancy local traffic management appliance that uses the same underlining packages that mikrotik, and ddwrt have builtin. Hell same for just about any other LTM like F5 Big IP. Which all of them can do VPNs.

But, what I’m saying is that the core fundamentals is what one neededs to understand and that is granted by actually configuring the managed switch (ie mikrotik) and traffic manager ( ie haproxy). Then tie that in with encapsulation via pptp/l2tp or openssl.

I strongly suggest mikrotik for many reasons but the biggest being:

interface

hardware

features

yes its running in a VM

Price

Price: $28.99

performance

Let me know if classes are offered in these. I would love to learn more about practical networking solutions.

I’ll put you first on the list. There’s a course coming up that would cover these and it would go on the calendar when its ready.

All of these devices are full routers; calling PfSense a traffic management device is misleading. All have full routing, all have full firewall and switching capabilities.

PfSense is also far easier for someone to learn proper routing on, as with the Mikrotik interface it lets you do a lot more stupid things that you shouldn’t be doing, whereas PfSense at least tries to warn you when that is about to happen (do note, PfSense still lets you do stupid stuff easily in CLI but that’s another issue).

The biggest issue with Mikrotiks is that they still license their RouterOS by different tiers, and that interface is pretty terrible in its own right (but to each their own opinions on that).

In part of looking at cost you have to use the Total Cost of Ownership (TCO). To use a Mikrotik device requires not only hardware but licensed software that then has to be maintained. Here’s the pricing for RouterOS (note, the free version wouldn’t be eligible to connect more than two sites since it requires more than one tunnel): https://wiki.mikrotik.com/wiki/Manual:License#License_Levels

In reality both systems will teach you the same things but with different ways of getting there. Both can be run in VMs for learning, both support every routing protocol and mode under the sun. One’s free, the other is only free for super-basic uses. The interfaces are usually a matter of preference despite how much I like to chew on Mikrotik (full disclosure I do still use Mikrotik as well for some of their switches).

But to anyone looking at this thread, do NOT use pptp or l2tp as a VPN tunnel for anything that should be considered private or verified; neither of these are suitable for securing office traffic and are deprecated for a reason. They can still get packets where they need to go, but l2tp is merely altering routing and pptp has had a broken authentication for establishment and zero authentication of encrypted bitstreams for quite some time, as well as a broken cipher overall.

Cheers,
-Jim

EDIT: Whilst we’re showing off dashboards, this is one of mine.