Virtual Private Networks
VPN documentation covers RouterOS tunnel and VPN technologies, including IPsec, L2TP, PPPoE, PPTP, SSTP, OpenVPN, WireGuard, GRE, EoIP, IPIP, 6to4, and ZeroTier. Use this section to configure secure or encapsulated connectivity.
to4
6to4 is a special mechanism that allows IPv6 packets to be transmitted over IPv4 networks without the need for explicitly configured tunnel interfaces. It is especially useful for connecting two or more IPv6 networks over a network that does not have IPv6 support. There are two different ways of the 6to4 mechanism. If remote-address is not configured, the router will encapsulate and send an IPv6 packet directly over IPv4 if the first 16 bits are 2002, using the next 32 bits as the destination (IPv4 address converted to hex). In the other case, the IPv6 packet will be sent directly to the IPv4 remote-address.
IPsec
2 items
L2TP
1 item
PPPoE
2 items
EoIP
Ethernet over IP (EoIP) Tunneling is a MikroTik RouterOS protocol designed to create an Ethernet tunnel between two routers over an IP network. It is based on GRE encapsulation (RFC 1701) and allows Ethernet frames to be transported across routed IP infrastructure, effectively extending a Layer 2 network between remote sites.
GRE
Generic Routing Encapsulation (GRE) is a tunneling protocol originally developed by Cisco to encapsulate a wide variety of network layer protocols over an IP network. It creates a virtual point-to-point link between tunnel endpoints, allowing different protocol traffic to be carried across routed infrastructure.
IPIP
IPIP (IP-in-IP) is a simple tunneling protocol defined in RFC 2003 that encapsulates IP packets within another IP header to transport traffic between two endpoints. In RouterOS, IPIP can be used to create point-to-point tunnels between routers across intermediate IP networks.
OpenVPN
OpenVPN is a VPN protocol based on the SSL/TLS security model, widely used to provide secure remote access and site-to-site connectivity over untrusted networks. It supports both Layer 2 and Layer 3 tunneling modes, enabling the transport of Ethernet frames or routed IP traffic depending on deployment requirements.
PPTP
Point-to-Point Tunneling Protocol (PPTP) is a legacy VPN protocol designed to encapsulate PPP traffic for remote access connections. PPTP is widely supported by many operating systems and network devices, making it simple to deploy and configure in environments where compatibility is a priority.
SSTP
Secure Socket Tunneling Protocol (SSTP) encapsulates Point-to-Point Protocol (PPP) traffic within a Transport Layer Security (TLS) session to provide secure remote access over the internet. SSTP uses HTTPS over TCP port 443, allowing VPN traffic to pass through most firewalls, network address translation (NAT) devices, and proxy servers that typically permit standard web traffic.
WireGuard
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec while avoiding massive headaches. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.
ZeroTier
The ZeroTier network hypervisor is a self-contained network virtualization engine that implements an Ethernet virtualization layer similar to VXLAN built atop a cryptographically secure global peer-to-peer network. It provides advanced network virtualization and management capabilities on par with an enterprise SDN switch, but across both local and wide area networks and connecting almost any kind of app or device.