I have a number of sites in multiple locations.

Each site has a Mikrotik router as the min gateway with its own public internet connection.

My goal is have each router be a VPN client to a single Host, somewhere in the cloud. So basically I want to create a single network between all my sites, purely for monitoring and remote access.

All internet traffic and data at each site should still go out the routers public wan/pppoe connection. But this vpn network needs to allow me, to connect to the network with my pc in the office, and then be able to connect to each and every site for remote monitoring and maintenance regardless or firewalls and internet settings etc.

So my actual Question is:

1: What sort of tech do I use as the central host?
Do you get some sort of cloud service that will be a VPN hub? Do I host a VM somewhere, or maybe run RouterOS in a vm?


2: Whats my simplest option VPN technology wise. I want it to be fairly quick and easy to setup. Encryption is not really a concern. I just want to be able to access my different networks etc from my office / laptop where ever I am.

我假设每个站点将有它自己的IP range on the VPN network.

Thanks

There is no relation to ip cloud ddns solution from mikrotik. You just need to make some tunnels between the devices and decide whether it will be discrete network or part of the routed network to make interconnection between the local networks and their members. Actually you don't need any hub if all connected routers have public ip. You can use one or more of them as tunnel concentrator and others to be pure clients if you don't want to connect all to all. . There are no other special requirements for the central points.

I would go with l2tp (or eoip maybe) tunnels between all devices. You just need to mangle incoming connections from the tunnel and then route all responses back through the same tunnel on each device and make static routes for the ip addresses reachable through the tunnels. You can make new address range or use ip addresses from server side of the tunnels belonging to their local ranges. In this case you should have different ranges in each network.

If you have some routing knowledge it is quite easy.

1. You need central peer(ppp client, maybe cloud router). This router connect to the your site routers( mikrotik, with configured ppp server!) Client(cloud) make a connect to the sites(office). If no router(physical) in cloud - try use a CHR.
2. Use L2tp servers on office sites and l2tp clients on main site(or sites with two links). Use ospf for dynamic routing.


Have a good day!

For this situation I use RouterOS running in a VM in a datacenter. In particular we use the small bare metal machines available from Packet.net, running KVM to host the RouterOS, but there are many other ways to host it. I like this setup because I get complete control down to the NICs and the option to route multiple IP addresses via the router. I've had trouble in the past using the popular cloud VM providers for networking because they enable NIC acceleration/offload on the host with no way to disable it. YMMV. We use pptp for the VPN because it is easy to setup. Obviously it is not NSA-proof from a security perspective.