Less able to do the garden from a VPN with Mikrotik +, l2tp/pptp, to a lesser extent, openVPN.
VPN is placed on home PCs colleagues to access resources of the enterprise. 99% of home PCs colleagues vinda varying degrees, from XP to 10. Resources, which are connected individually for each different: RDP, network balls, web resources. Not sure of some points that set up:
In particular understand what it means in theory the "remote desktop gateway", but I don't understand in practice. That is, as I understand it, if a less advanced user, he can put a configure remote desktop gateway on the computer and drive traffic through the office gateway(Mikrotik). This should not be. How to hack this?
The second point. When you connect to a VPN on the side microtia I virawala allow specific users on specific resources that they need, narrow rules. On the side of the same remote user to access resources was possible, we have to finish the route either in windowas the routing table (route add), if l2tp/pptp. Or, if this is OpenVPN is OpenVPN client and the config -*.ovpn route add. I'm not sure that it should be SO. The idea is that when you connect to a VPN, the VPN user needs the machine to access the essential resources of the enterprise, without appending routes on the client side by hand. The idea Mikrotik have to pull the routing rules on the VPN client, and I have a feeling that doing a crutch.
Routes on the vpn client is a headache for admins mikrotik. He normally can't do, because it does not have a full-fledged dhcp settings in the vpn. On some forums they write that I was able to configure forwarding external dhcp to vpn users but there crutches( not sure working ).
The routes on the client side( win ) can be set to some number of ways.
In win 10 there is a special parameter in the vpn connection for this purpose, put through power shell( you can create a connection immediately with this parameter the script ).
In win 7 and can either be set( but it hands, the user is not to master ) trigger to connect to a vpn, which will do an add route.
Still have cmak, this is a package from microsoft to create pre-configured connections in the form of an installer. He just knows, but the thing is very buggy on the output is, plus you need administrator rights, every time you connect.
And another more or less normal way is class routing, for example, when the vpn the tunnel-address on the network 10.x.x.x windows itself will register the route to this connection is on subnet 10.0.0.0/8.
The latter is the most convenient if you have a network 10.x.x.x.
Well, or openvpn, with ready-made configuration file for the client.
But personally I don't like openvpn. This extra soft and pings on it are often much worse.
For win clients the best sstp, more versatile l2tp/ipSec.
Kurt76 answered on April 19th 20 at 12:13
Likes, dislikes openvpn.
The advantages of openvpn:
After connection of the blade restores on their own.
You can transfer the routes to the clients.
Cons all the rest:
After the connection blade does not regenerate on their own.
It is impossible to transmit routes to clients.