In this video, we’ll discuss the best VPNs to use on your MikroTik Router. We’ll be discussing Wireguard, Zerotier, L2TP, and OpenVPN, and which one is the best for you.
If you’re looking for a VPN to use on your MikroTik Router, then be sure to watch this video! We’ll discuss the different pros and cons of each VPN, and which one is the best for you. We also have some helpful tips on how to set up and use a VPN on your MikroTik Router!
Configuring Zerotier:
Configuring Wireguard:
Configuring IPSEC:
Configuring L2TP:
Configuring SSTP:
Configuring PPTP:
👊Thanks for taking time to watch my video. If you could, pressing LIKE and SUBSCRIBING helps with Youtube’s algorithm so that more people can discover my videos. Feel free to leave a comment for any other topics you would like to see me cover or what your general opinion is of the video.
🕘Timestamps🕘
📕00:00 – Introduction
📕00:42 – VPN use cases
📕02:46 – VPN Types
📕04:10 – Zerotier
📕06:00 – Wireguard
📕07:15 – OpenVPN
📕08:25 – IPSEC
📕10:16 – SSTP
📕12:04 – L2TP
📕13:22 – PPTP
📕15:15 – Final impressions
Support the Channel:
⭐Become a Patreon: https://www.patreon.com/thenetworkberg
⭐Become a YouTube Member: https://www.youtube.com/channel/UCIHIxCpBGe64YHLUM59zy_Q/join
Social Media:
🌏 https://www.linkedin.com/company/thenetworkberg
🌏 https://twitter.com/bergnetwork
🌏 https://www.facebook.com/The-Network-Berg-394513498062892/
MTCRE Playlist:
MTCNA Playlist:
Thanks again for watching
The most garbage routers you can buy on the market.
please make a IKE2 VPN server for android..because android now support only ike2 vpn. struggling to make a ike2 vpn server …
can you make video how to make openvpn on miktorik in router os 7 with extracking ovpn file form it and ppp profile?
Hello, Johnny! Appreciate your work and talent of presentation.
May I kindly ask you to specify few things?
1. L2TP was tested with ipsec, right?
2. You wrote “Unable to test” for IKEv2 in a table. Do you mean – tests failed in browser? Did “speedtest”/”fast” webpages load with no errors?
3. I’ve noticed poor results for PPTP. Maybe you have some thoughts about it (despite of low CPU/memory requirements pptp loses to others)? Have you ever tried to establish PPTP tunnels from some other locations?
Thank you so much in advance.
can you tell about install v2ray protocol on microtik? thanks
ZT Rocks man! It get's my vote indeed. Nice video Network Berg
Can you run Zerotier and Wireguard on the same router at the same time? If I enable Zerotier package, wireguard no longer works.
https://youtu.be/Kb6BESju0Lc
@The Network Berg Hi there i've issue with L2TP+IPSEC latency +3-5ms compared to direct ping side to client plus little fluctuating +2-3ms. Is there any advices where to dig to?
One more great, very informative video, thanks.
Bcs I have CHR as main location I'm stuck with wireguard and cant complain. Works very well, but we will see how it hold hundreads off peers. For older V6 routers we still use l2tp but with ipsec.
Hi there ! I was wondering if you were in a position to do a video, or comment on, the ability to do 2FA/MFA with Mikrotik VPN's. Websites like rublon and miniOrange seem to provide the services.
its possbiel to create sito to site via Wireguard ? for example to cloud ( Mikrotik – Linux Machine )
I Just deployed a wireguard mesh vpn network between 7 sites and many road warriors clients. Performance speed touches 98% of line bandwidth and latency is awesome .
Nice video!! Any VPN using TCP will suffer what is called TCP meltdown (TCP inside from the app in another TCP like the VPN tunnel creates) that impacts badly the throughput so stay away of TCP VPNs such as SSTP or OVPN over TCP
Please teach about open VPN settings of ExpressVPN company on mikrotik
Why mikrotik doesn't implement zerotier to other platforms other than ARM, any ideas?
Was using L2TP + IPsec because of native Mac and Windows support for a while until Wireguard came along. Now I primarily use Wireguard on MT and OpenVPN on another server as backup.
Great information
Your video right on time for me. I was wondering what to use and because you have the experience I can tell that you know what you are talking about. Thanks you and keep up the good work !!!
Zerotier is excellent if you have two endpoints (routers) that do not have publicly accessible IPs.
Limits, yes ARM devices but also dependency on third party servers. It can handle complex scenarios and wide variety of needs.
Wireguard is maybe a bit faster but its strength is relatively easy to setup and it is truly independent.
Never used OPENVPN and will never see myself needing to use it and not completely implemented in MT OS anyway.
Where things get interesting which no one addresses head on is the issue of MTU which manifests in no browsing, slow browsing or some website not reachable. For example in wirguard, ensure ICMP is not blocked first and foremost. One method to address this is to try putting the MTU from default 1420 to 1500 on both client and server ends, or mangle/MSS clamping on the client side, OR………… MRRU finessing by using an unencrypted L2TP tunnel within an encrypted wireguard tunnel to send ones data. L2TP settings allow MRRU through MLPPP. One uses the very basic L2TP settings and ensures MRRU is set at 1504 at both ends of the L2TP connection.
Dont use pptp…………….. no reason to.
Thanks for this. Makes me feel better about waiting for an ARM based MikroTik device for my primary usege.
I have a MikroTik mAP (both lite and non lite versions actually) to play with while I wait on the Arm based AX models being available in my region.
I'd like to setup a VPN that my friends in other countries can use to avoid region restrictions, but NOT give them any access to my home network.
mAP would have to be behind an ISP modem.
Is this possible? Is there an ELI5 guide for this anywhere? It seems that all VPN guides are for the (etirely normal) setup: secure access to the network. I just want it for geolocation avoidance – not local network access. Any pointers on how one could accomplish this?
Hou nie van Mikrotik, but can't deny its a good product. Use raspberry with wireguard for port customizations.
can you connect to a sonicwall vpn ?
I had ZT fully working across 5 sites and it was amazing just like you said. Then I disabled the ZT interface in WinBox in one of the site configs and the whole thing suddenly tanked, and I've never been able to get it working again and been using SSTP in its place for now. I'm genuinely baffled.
My man, my pro it teacher , I hail you and greetings from Greece! I have a fast internet connection but no access to public IP in my first WAN . My second WAN has slow internet connection and I have it as a backup. So Zerotier was a lifesaver ! I really admire you and I deeply appreciate what you do. Keep up the good work. Thumbs up!
Mikrotik for life. ZeroTier is awesome but It managed to bork itself on 2 of my production systems already (1 windows and 1 linux box). Rock solid of MT though. Wiregaurd is my go-to nowadays if I have a public IP accessible somewhere. Super fast, super simple, and using a modern stream cipher.
SSTP was my preferred method for connecting multiple locations. Usually single digit pings end to end, might be because we were within the same ISP on each end. Now I quite like Zerotier (simplicity) and Wireguard (speed). However Zerotier can get more complex if you create flow rules and setup capability matrix in the web admin console
pls more about sstp on mikrotik. also sert
ROS v7 sucks tho. It wont register OSPF LSAs from v6 devices 🙁
Great comparision! Thak you!
In my opinion you missed to mention one important thing about L2TP/IPsec. In Mikrotik environment is old issue that clients reaching the server via NAT do work but only one at a time per each public address.
ZeroTier here as well, the piece of mind of not having any ports open is just unbeatable.