FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
516 views 5 comments
by anonymous
Hi Everyone,

I run a small ISP and looking for a solution to offer 4G backup for my customers. I'm looking to provide this via VPN to the edge of our network and then transit internet traffic that way (we do the web filtering).

I'm comfortable the RUTX09 and RUTXR1 will serve as CPE for new customers, however we have a number of customers who have existing Mikrotik CPE. I'm looking at the TRB140 as an option for customers with existing CPE (to keep costs sensible).

In this example the TRB140 would be used to establish an OpenVPN or Wireguard VPN to our core network and we would use the Mikrotik CPE on the customer end to pass traffic over the Tunnel into our network. I'm assuming the OpenVPN throughput will be better on the TRB140 given it's CPU is 1.2Ghz as opposed to 700Mhz on the other models.

We would also like to use the TRB140 to access the CPE for remote management (via RMS).

Any thoughts on this appreciated.

Thanks
by
I.g. on similar devices wireguard outperformes openVPN regarding thruput.

1 Answer

0 votes
by anonymous
Hi,

We're happy you're planning on using our products. I will try to explain everything about your expectations.

As for cost and performance ratio, TRB140 is a great device for your use-case, as it will not only be great additional hardware to MikroTik device, but also will be able to give all the services that we provide on our other models, including remote management of the other network devices via RMS.

Regarding your concern about VPN throughput, it depends on the data itself. If it's not streamable data like IPTV or Video encoding, I believe you should be alright with the current limits of TRB140, and of course, the CPU will give a big performance boost on encryption/decryption.

EB.
by anonymous
Thanks for the quick response. Is it possible with the TRB140 to present the VPN Tunnel IP to the Ethernet Interface (perhaps as a /30 routing range) and then be able to route traffic from the customer network via the Mikrotik out to the internet via our platform (the important bit is being able to present a tunnel IP on the Ethernet Interface.

We would also be planning to do the same thing on the RUTX09 and R1, but not using a Mikrotik. The Teltonika device would be used as the customer CPE, with 4G Failover (via the VPN Tunnel).

Does all that seem feasible? Are there any metrics of comparisons between OpenVPN and Wireguard throughput on the 140 and the RUTX09?

Also any chance of the 2.6 Beta Firmware, so i can test Wiregaurd...

Sorry for all the questions!
by anonymous

Everything that OpenVPN has to offer is possible on our routers too. If I understood you correctly, this should be achievable by routing all the traffic through VPN tunnel or by bridging the interfaces Ethernet Bridging | OpenVPN.

RUTX09 and R1 should be no different in this case.

About the metrics - can't really tell as it depends on the traffic, user load, and of course, other side of the tunnel as it can limit the bandwidth and create overhead.

Regarding 2.6, unfortunately, there's no possibility to test it now, as everything is almost ready and close to release.

EB.

by anonymous
Thanks, i guess the only difference with the RUTX09 and R1, is that we wouldn't be bridging interfaces, only routing as a failover as these devices would also have the Ethernet WAN connection (or PPPoE) presented to them directly (i.e without the Mikrotik), whereas the TB140 would be for existing customers who already have a Mikrotik CPE.

Does the TB140 offer RMS Connect to connected devices (this is also very attractive to us). Traffic load will vary as we're working in Education, the majority will be Web and not streaming traffic.
by anonymous
It offers it and can be activated as any other of our products. You would only need a switch or somehow bridge the interfaces of other DHCP server into the same subnet and it should be reachable. As it will be used for the web, you shouldn't notice any difference while browsing it remotely.