Community discussions

MikroTik App
 
User avatar
antispam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Mon Apr 11, 2005 5:57 pm

OpenVPN without encryption on RouterOS 6

Sun Nov 09, 2014 9:02 pm

Hello,
why it's no longer possible to use openvpn without encryption? I need to transfer lots of traffic through ovpn, but security is absolutely uninportant in this case. Also i want to route other data without vpn. Obvious step is to use unencrypted openvpn with optional compression (only if really needed). Even your wiki was reccomending this:
http://wiki.mikrotik.com/wiki/OpenVPN#D ... encryption

This was working on RouterOS 5, but on RoS6 suddenly:
What's new in 6.10 (2014-Feb-12 13:46):
*) ovpn client - remove cipher=any %26 auth=any options,
Please put cipher=none back! It is really usefull in some cases (if you know what are you doing)!

I've just switched from OpenWRT router to RouterBoard and hoped everything will work without hassle. But this makes me sad, because performance is very important for me. I still hope i could make this work on routerboard without flashing OpenWRT and spend lot of time by configuring all the stuff that just works out of box on RouterOS.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN without encryption on RouterOS 6

Mon Nov 10, 2014 3:41 pm

We never supported links with no encryption. Simply the console had a bug, that it accepted any values in this field, including "none, any, other" etc. This was still working with encryption. We fixed the bug, that it accepts only valid values.

To reiterate - previously when you typed "none", it was still using the default encryption. We never supported no encryption.
 
User avatar
antispam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 63
Joined: Mon Apr 11, 2005 5:57 pm

Re: OpenVPN without encryption on RouterOS 6

Mon Nov 10, 2014 8:19 pm

In fact "none" is valid OpenVPN encryption setting.

Right now i have RouterOS 5.24 connected to Linux OpenVPN server with "cipher none" and it works without problem even when server does not support encryption; On the RouterOS side is client configured to use cipher=any (which -as i've understood- means that it will use whatever encryption server uses, including "cipher=none").

I understand that you don't like to have setting cipher=any in routeros for some reason. But please add at least cipher=none option to ovpn-client; I really miss it in ROS 6. Is it possible to have this again?


I guess RouterOS is using original OpenVPN open source code anyway... so there's probably nothing that would prevent you from enabling unencrypted VPN connections.
 
ygreenfield
just joined
Posts: 11
Joined: Wed May 29, 2013 7:29 am

Re: OpenVPN without encryption on RouterOS 6

Mon Jan 26, 2015 3:53 pm

Normis,

Thanks for everything you do.

I agree with Antispam. We have several Mikrotik routers out behind our firewall that are running ovpn-client with cipher=none. Our OpenVPN server is set to cipher none and everyone is working great. I just bought a new set of routers running 6.18 that are currently incompatible with our existing setup.

The 6.0 console did not accept "any values" in the cipher field. I just tried it with "cipher=dsfgdsfg" and it does not accept it, but it does accept "cipher=none" - which is certainly supported by OpenVPN server.

It does not seem correct that when we use cipher=none it uses default encryption. It matches our OpenVPN server which is set to cipher none. The new routers use default encryption and therefore do not match our server.

Is there any chance you can re-allow cipher=none as you have in the past?

Thank you!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN without encryption on RouterOS 6

Mon Jan 26, 2015 4:01 pm

there was never an option "none", only "any".
we already added it back in the form of cipher=null
 
ygreenfield
just joined
Posts: 11
Joined: Wed May 29, 2013 7:29 am

Re: OpenVPN without encryption on RouterOS 6

Mon Jan 26, 2015 4:32 pm

Thanks for your quick reply.

My script says cipher=none, not cipher=any. I'm looking at it now.

And here's the print of it:
[admin@myrouter] > /interface ovpn-client print
Flags: X - disabled, R - running
 0  R name="ovpn-out1" mac-address=xx:xx:xx:xx:xx:xx max-mtu=1500 connect-to=nnn.nnn.nnn.nnn port=1194 mode=ip user="xxx"
      password="xxx" profile=default certificate=cert2 auth=sha1 cipher=none add-default-route=no
Also, cipher=null is not working on my 6.18 router. What version allows cipher=null?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN without encryption on RouterOS 6

Mon Jan 26, 2015 4:40 pm

6.18 is from last July. none is just a generic keyword that RouterOS supported in all settings. it was not a valid value.

cipher=null was added in November
 
ygreenfield
just joined
Posts: 11
Joined: Wed May 29, 2013 7:29 am

Re: OpenVPN without encryption on RouterOS 6

Mon Jan 26, 2015 6:44 pm

Thanks very much! Cipher=null works.

Who is online

Users browsing this forum: Ahrefs [Bot], CJWW, keithy and 86 guests