OVPN on new versoins ROS 6.0 and 5.1...

July · April 25, 2012, 1:27pm

Good time of day

Do you plan to add support for UDP over (in) OVPN
and add the ability to automatically create certificates for client and server in the new version ROS 6 or 5.16 or higher ?

rbtux · April 25, 2012, 1:58pm

I really doubt that they are working on those features.

I switched to sstp (and with sstp-client 1.0.7 it finally works quite ok with linux…)

mrz · April 26, 2012, 7:36am

v6 has features to generate certificats, and also SCEP.

OVPN UDP and LZO will not be added, at least not in the near future.

jandafields · April 26, 2012, 11:49pm

I have had HORRIBLE stability issues with SSTP. I really wish SSTP worked better, but I (and other people on this forum) have problems with losing connection, etc.

stmx38 · April 27, 2012, 7:23pm

mrz
Any alternatives for OpenVPN with push route possibilities ?

jandafields · April 27, 2012, 9:03pm

You can get an actual OPVN server… I use one, it works great!

JanezFord · May 23, 2012, 9:14am

As those two options seem to be the two most requested options on your forums for quite some time it is realy hard for me, as an experienced programer and developer, to understand why does it take so much time for your developers to implement this. You have a working openvpn implementation which needs only to add compression (this realy should not be such a problem) and UDP support.

Can you please explain in a few words to us why mikrotik team does not wish to implement those features nevertheless they are requested by so many users on this forum for quite some time.

Certificate generation on local comp is not a problem… not being able to connect my router to existing openvpn infrastructure is.

JF

RB450G

RusConSPb · June 24, 2012, 12:06pm

Absolutly agree with JanezFord… Nobody understand what a problem to add UDP and LZO support… but more than that I can’t understand why Mikrotik developers keep silence about the reasons of such fail… maybe it’s government request (NSA, CIA etc.)? I think it’s time for petition! Let’s vote!

jandafields · June 24, 2012, 6:56pm

CIA and NSA are USA Entities. Mikrotik is not. I’m pretty sure there is no government involvement into the inclusion or exclusion of OVPN UPD.

I think Mikrotik simply doesn’t like OVPN and they don’t want to support it anymore. Simple as that.

RusConSPb · June 24, 2012, 11:02pm

I think if there is demand for OpenVPN from so many customers, it is necessary to reckon with it… OpenVPN is recognised the best and most secure VPN solution at the moment and it’s just stupid to drop it as is… in real business there are no words like “we will not make our customers happy just because we don’t like it”, it’s not a kindergarten really…

supportingit · June 26, 2012, 6:28am

I will, again, add a vote for OpenVPN UDP support in RouterOS. It’s caused me no end of problems. I switched to Mikrotik to gain access to a steady supply of low cost VPN routers, and lack of proper OpenVPN support is the only real problem I have (Other than weird sector write issues and now a freeze in a previously working script after upgrades on some, not all, routers).

I like Mikrotik routers now, I must have close to a hundred from the 1100Ah through 411AR’s, 450’s, OmniTik’s, and lots of 750’s, with the 750UP being my new favourite, as I’m planning on using them to remotely bridge in phones for auto provisioning and power.

syadnom · July 6, 2012, 4:08am

OPENVPN UDP is a highly wanted feature. I do PPTP over IPSEC because it’s the only stable site-to-site VPN tech on mikrotik. SSTP is extremely unstable for me on all versions of routeros I have tested. Slow dialup times, frequent drops for no apparent reason.
SSTP is in theory really great. Fix the stability issue so we can use it in the real world please.

jandafields · July 6, 2012, 4:13am

AGREE! SSTP would be PERFECT for site-to-site… but it is VERY UNSTABLE. I have found that if you don’t use public keys (which I think disables ecryption, then it works better… but that’s not a good idea)

PLEASE FIX SSTP!!!

mrz · July 6, 2012, 7:00am

Latest ROS versions (5.18) has SSTP improvements.

syadnom · July 6, 2012, 2:40pm

I’m running 5.18 on my RB1200 and a RB751U, I just setup an SSTP tunnel and will watch it and see how it behaves.

syadnom · July 6, 2012, 5:11pm

This is many times more stable now. No drops since I brought up the tunnel. I was getting drops every 10-15 minutes before. Will continue testing but this is looking better now.

I still would like to see OVPN over UDP.

syadnom · July 8, 2012, 3:08am

Ok, so SSTP is actually stable now (as in the connection stays up) but the connection has inconsinstent latency.

PPTP tunnel consistent 53ms
PPTP over ipsec, same 53ms consistent
SSTP 58-220ms wildly inconsistent.
L2TP over ipsec, 53ms consistent

jitter on the PPTP and L2TP is a max of about 6ms, vs over 160ms on the SSTP.

so SSTP, while more stable, is still useless.

ujemvi · July 30, 2012, 7:47pm

UDP for OpenVPN would simplify my life a lot.

grg · August 2, 2012, 9:34pm

In my opinion, MikroTik team should take VPN issues more seriously. What’s the point of manufacturing hardware like RB1100AHx2 with encryption acceleration, when you can’t use it in real life scenarios. I mean, you have an option to use it, but then you are faced with all those issues people are talking about on this forum.

mrz · August 3, 2012, 8:01am

Hardware acceleration can be used only by Ipsec.