Gigabit Mini VPN Tunnel SBT-VPN-400L, 5 * 1000M RJ45 electrical port

Hardware parameters:
CPU：IPQ-4019，Arm 32bit， 4-core, 700MHz
Memory: 1GB
SSD：512MB
Network card: Electrical port: 5 * 1000M RJ45
Size: 90 * 115mm

Introduction:
The supported protocols include PPTP, L2TP, OpenVPN, SSTP, IPSec, EOIP, GRE, and IPIP.

1 PPTP
PPTP is a secure tunnel that uses PPP to transmit IP communication. It encapsulates data into the PPP protocol and establishes a virtual link based on the IP network
The tunnel. PPTP combines PPP and MPPE (Microsoft Point to Point Encryption) to establish encrypted connections. A very popular product
The tunneling protocol can be established between routers or between routers and terminal devices. PPTP clients are supported by almost all operating systems, including
Windows, Android, iOS, etc., PPTP tunnel can roughly achieve the following functions:
 Common secure router/client router tunnels on the Internet.
Connect (bridge) the local enterprise network or LAN (when using EoIP).
Remote access to the enterprise network/company LAN for mobile or remote customers (see PPTP settings for Windows for more information).

2. PPTP and L2TP
Both PPTP and L2TP use PPP protocol to encapsulate data, and then add additional headers for data transmission on the Internet. Despite two agreements
The discussions are very similar, but there are still differences in the following aspects:
PPTP requires the Internet to be an IP network. L2TP only requires tunnel media to provide point-to-point connections for datagrams. PPTP can only be used between two endpoints
Establish a single tunnel. L2TP supports the use of multiple tunnels between two endpoints. Using L2TP, users can create different tunnels for different service qualities.
L2TP can provide packet header compression. When compressing packet headers, the system overhead occupies 4 bytes, while under the PPTP protocol, it occupies 6 bytes
Byte. L2TP can provide tunnel authentication, while PPTP does not support tunnel authentication. However, when L2TP or PPTP is used in conjunction with IPSEC
Tunnel verification is provided by IPSEC, without the need to verify tunnels on Layer 2 protocols.
　
3 OpenVPN
OpenVPN is an application layer VPN implementation based on the OpenSSL library, which has the advantage of being simple and easy to use compared to traditional VPNs. OpenVPN
Allow single points involved in establishing VPN to use shared keys, electronic certificates, or usernames/passwords for authentication. OpenVPN has been transferred
To various platforms, including Linux and Windows, RouteOS supports OpenVPN in v3. x, and you need to install and enable the PPP feature pack.
On the RouterOS platform, OpenVPN only supports TCP mode and UDP mode is not supported.

4 SSTP
The Secure Socket Tunneling Protocol (SSTP) method is based on SSL3.0 channel transmission of PPP tunnels, using TCP port 443
SSL allows SSTP to pass through all firewalls and proxy servers.
The support for the new SSTP protocol does not completely negate the role of PPTP and L2TP in the solution composed of Microsoft products when enterprises use base
When it comes to VPN solutions for PPTP and L2TP, this protocol is still commonly used to address or enhance enterprise network security. But the data communication between the two
There may be some online issues when passing through firewalls, NAT, and WEB PROXY.

5 IPsec
IPSec (Internet Protocol Security), as a new generation of network security protocol, provides security guarantees for network transmission, enabling end-to-end security
As a new generation of security standard on the Internet, data confidentiality of is possible. Provide access control, connectionless integrity, data source authentication, and anti duplication capabilities
A service that includes replay protection, confidentiality, and limited transmission confidentiality. The service is based on the IP layer and protects the IP and upper layer protocols.
IPSec includes three of the most important protocols: Authentication Header (AH) and Encapsulation Security Payload (ESP)
（Encapsulating Security Payload）， IKE (Internet Key Exchange):
AH is a security protocol header used to enhance the security of the IP layer, providing functions such as data source authentication, information completeness verification, and anti replay
And ensure the integrity and authenticity of data packets, but do not provide confidentiality and security services.
ESP and AH also provide IP layer security. The ESP protocol uses encryption and verification mechanisms to provide information source verification and information integrity
Sex, anti retransmission, and confidentiality.
The IKE protocol provides services for key negotiation, establishment, and maintenance of the Security Alliance SA, generating keys for IPSec negotiation

6 EOIP
EoIP (Ethernet over IP) tunneling is an Ethernet tunneling protocol established between the IP transport layers of two routers, using MikroTik
The free protocol of RouterOS. The EoIP interface behaves similarly to Ethernet transmission, and when the bridging function of the router is enabled, all Ethernet data is transmitted
Traffic (all Ethernet protocols) will be bridged, just like there are physical switch interfaces and fiber optic transceivers between two routers (with bridging enabled)
Like an instrument.

7. GRE and IPIP
1) GRE (Generic Routing Encapsulation) is a tunneling protocol originating from Cisco. Create a virtual point-to-point connection that can encapsulate various protocols
Discuss communication inside.
GRE, along with IPIP and EoIP, all belong to stateless tunnel connections, which means remote tunnel interruptions and all traffic directed to that tunnel becomes a black hole path
From. To address this issue, RouteOS has added a keepalive feature to the GRE tunnel (adding a 24 byte header to the GRE tunnel, 4)
Byte GRE header+20 byte IP header)
Note: GRE tunnel can forward IP and IPv6 datagrams (Ethernet 800 and 86dd types)
2) IPIP tunneling is a simple tunneling protocol that encapsulates IP datagrams into an IPIP tunnel to connect routers at both ends. Most routers support this protocol, including Cisco and