Inclusion of a SSL VPN capability (ideally with a reverse web proxy portal and SSL based tunnel/VIP access) within the RouterOS platform would be very useful. This would allow easier integration with Client to Gateway requirement (e.g. mobile workforces); with the current IPSEC based VPN approach being useful for Gateway to Gateway solutions.
Potentially a quick solution would be to port OpenVPN ALS (i.e. Adito) to the RouterOS platform.
Also, if this adopted an advisory note on how well the range of RouterBoards would support SSL based encryption (in terms of maximum number of connections and throughput on those connections) would be welcomed.
Adding this feature would enable RouterOS to compete (very cost effectively) with the recent crop of Netgear/Cisco/Dlink routers that are recently on the market with SSL VPN capabilities.
Unfortunately SSTP limits the choice of clients and supporting infrastructure at the moment, plus limits the range of applications one is trying to deploy (e.g. secure kiosk style access from a browser based embedded platform).
Plus one vote for SSL VPN, allthough I am afraid Mikrotik will run into the same problem as with their OpenVPN implementation. Personally, I would like to see that working properly first. They will probably drop it in favour of SSTP unfortunately.
jpatrick, would you care to elaborate on your comment regarding SSTP : “Unfortunately SSTP limits the choice of clients and supporting infrastructure at the moment, plus limits the range of applications one is trying to deploy (e.g. secure kiosk style access from a browser based embedded platform).”
I particularly had OpenVPN ALS in mind (i.e. adito) as this supports kiosk style browsers quite well (almost zero install footprint) - either as a reverse proxy mode (terminating SSL at the VPN router and forwarding HTTP requests onto the LAN) or using a HTTPS tunnel for network extension (TCP only) via a Java client on the client/kiosk connecting through to the remote router (running OpenVPN ALS) with onwards access to the remote LAN. Although, OpenVPN ALS would have a fairly heavy footprint on the Router as it is Java based web application (and uses Jetty as the HTTP proxy and servlet container).
OpenVPN on the other hand addresses client to Gateway solutions using an installable software client, which also suits a range of applications where one can install client software.
Although, from an MikroTik feature request perspective support for both approaches would be a great feature.
Hopefully, MikroTik won’t limit the choice to SSTP solely.
I know this is a relatively old topic, but I personally believe in keeping topics in the same spot.
I have been using Adito (OpenSSL AVS) for a while now on my slackware based router. Just started to configure my new 450G and was looking at maybe getting this to work.
I assume RouterOS is fairly locked down so I can’t even work towards building a proof of concept?
I personally use this as a nice and simple way to securely access my network and systems from any computer even if only 443 is allowed. it’s extremely handy with the portable version of putty, and Java RDP.
It should be fairly simple to get it working, only requires a Java runtime environment (with ant) and some simple install.
Why only SSL VPN alone, now with the new MiCA encryption engine from the Tilera Tile Gx platform
MikroTik is able to insert more than that alone! It can be the chance to roll up and inserting more than
that, VPN is also more and more becoming a urgent used thing from the lowest bottom (private usage)
until the highest top (enterprise class business networks) either for what situation exactly you need
VPN capabilities more and more so it should happen that Mikrotik find a way to insert it in RouerOS.
Perhaps cryptography is not allowed or not permitted in Latvia and their are more problems we could not
imagine, but for a router producer and vendor like MikroTik it should be able get a permission or permit.