I've watched a million different tutorials/read a million different setup guides and I come to the same issue everytime. I'm just setting up a linux VM now and seeing if I can get it going on that with MT port forwards. -----Original Message----- From: Public <public-bounces@talk.mikrotik.com.au> On Behalf Of Aaron Were Sent: Thursday, 29 March 2018 1:37 PM To: MikroTik Australia Public List <public@talk.mikrotik.com.au> Subject: Re: [MT-AU Public] Mikrotik OpenVPN server Windows OpenVPN Server failure OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure Oh, I remember now, I couldn't get OpenVPN working on MT, and IPSec VPN's were/are blocked by Telstra on the fiber port. We're looking at a new ISP though, so thanks for the write-up! Good points on the maths. We don't use it that much, ssh being so easy, having to pay for a 24/7 VPN was actually a much more expensive prospect than reserved instance pricing. It seems (on their page: https://aws.amazon.com/vpc/pricing/) that you pay the standard ec2 rate for data ingress/egress any which way you do it, so really, it's the per-hour of availability pricing that got me. Can't use it for anything else either, whereas an ec2 instance is remarkably flexible. My original use-case was an actual VM on a Hyper-V server though, on-prem as they say.. which means no issues with speed/price etc. I then reapplied that concept to an ec2 instance (on a whim) and it worked great. We then copy the ami around the globe for any number of cheap easy vpn servers, swap out the EIP and simply adjust the dns whenever we feel like skipping around the GFWoC.. well, I mean, no, we would never do that! On Thu, 29 Mar 2018 at 11:12 Karl Auer <kauer@nullarbor.com.au> wrote:
On Wed, 2018-03-28 at 23:40 +0000, Aaron Were wrote:
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-op e nvpn-server-on-ubuntu-16-04
Works great in an Amazon VPC instead of paying extra for their VPN.
Yeeeesss.... but:
- it's only cheaper if you use a t2.micro or something, otherwise the EC2 costs will equal or exceed the AWS VPN costs
- unless you choose a pretty expensive instance type, your bandwidth will be very limited
- the AWS VPN can shift data much, MUCH faster than most instance types.
- the AWS VPN is essentially zero-maintenance after setup. The platform does not require securing, updating, patching or whatever.
So do the maths (and remember to include traffic costs) before you assume that an instance-based VPN will be better than an AWS Hardware VPN. It depends a lot on how much traffic you have, and whether you have the required skills and time to support it.
The AWS Hardware VPN works well with MikroTiks:
http://biplane.com.au/blog/?p=406
Regards, K.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Karl Auer (kauer@nullarbor.com.au) work +61 2 64957435 <(02)%206495%207435> http://www.nullarbor.com.au mobile +61 428 957160 <0428%20957%20160>
GPG fingerprint: 8454 EE43 6215 B6DD 1B4D 9D8D 984D 7BA1 7378 A38D Old fingerprint: 58F8 09D4 97E4 D74A 0940 44BC 8D6D C28C 3BC9 B0CB
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
-- Regards, Aaron Were TDJ Australia Pty Ltd [image: TDJ Australia Pty Ltd] [image: Serving Australia & New Zealand since 1985] <http://tdj.com.au> awere@tdj.com.au Delivery: 78 Mills Road, Braeside VIC 3195 Postal: PO Box 883, Braeside VIC 3195 Phone: +61-3-8587-8888 <+61385878888> Fax: +61-3-8587-8855 The information contained in this email is confidential and privileged material and is intended only for the use of the person(s) to whom it is addressed. If you are not the intended recipient of this email, please return it to the sender at TDJ Australia and destroy any copies made. _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au