Suppose I don’t mind losing tech support? Can I download the linux and other GPL sources and modify my build?
If I get vpnc working I’d be happy to contribute the information to the wiki or to MikroTik. From a quick search, there appear to be quite a few people who would like to get vpnc working on RouterOS.
read the license
I don’t see why you would do this, as there are free distributions which are easier to modify, and for which there is large community support. here - nobody will help you
The reason I bought a RouterBoard was because I was fed up of installing linux distributions and endlessly configuring them, so I’ve been trying to replace everything with RouterOS. It’s about 38C in my office and I’m trying to switch off as many things as I can. If I could know one more laptop off that purely exists to run vpnc then I’d be more than happy in doing the work to get rid of it. I’m not interested in OpenWRT or whatever, if I were, I’d have stuck with my linux gateways.
That’s all…
Solved! (well sort of).
Thanks to a suggestion from elsewhere, I’ve just created a metarouter VM within which I can run vpnc.
Finally got round to actually doing this. For anyone else who needs to run vpnc, here’s what I did:
Follow the instructions here: http://wiki.mikrotik.com/wiki/Manual:Metarouter importing the openwrt
image into the metarouter. Get a copy of vpnc and the tun.ko kernel module. I compiled
them which was a bit of a hassle, but ended up with these if you want to avoid the effort (and
you trust a complete stranger to compile them for you…):
http://www.sbrk.co.uk/vpnc
http://www.sbrk.co.uk/tun.ko
openwrt has a package system called opkg which allows you to point to various repositories for
new packages, but I couldn’t figure out where to point it. I’m sure there is somewhere with
these.
After insmod ./tun.ko, ./vpnc works with my imported configuration leaving the only issue to
set up networking. I bridged the openwrt metarouter and configured a route to the network
used by vpnc, set up nat on the tun0 interface in openwrt and allowed forwarding and all
is working.
There is one issue remaining in that if I reboot my rb, the bridge ports disappear, presumably
because they don’t exist until the metarouter vm starts. So, I have to go in and configure them
again after a reboot.
great! I knew RouterOS would be able to help you in some way 
sorry for not recommending metarouter any sooner
Hey Mknos, thanks for the basics for a vpnc solution. I have most of it working, but I’m not sure how to set up NAT on openwrt. Can you supply details on that?
Hi all,
I have successfully got mine working as well.
The metarouter image I used is: http://openwrt.wk.cz/attitude_adjustment/mr-mips/openwrt-mr-mips-rootfs.tar.gz
Configure your network interface by using “uci”
[*]Set configuration: “uci set network.wan=interface”
Mine looks as follow:
network.wan.proto=static
network.wan.ipaddr=172.16.2.6
network.wan.netmask=255.255.255.252
network.wan.ifname=eth0
network.wan.gateway=172.16.2.5
network.wan.dns=172.16.2.5
network.lan=interface
network.lan.proto=static
network.lan.ipaddr=172.16.2.2
network.lan.netmask=255.255.255.252
network.lan.ifname=eth1
Where my WAN interface are used to get internet to the image and the lan will be used to access the VPN connection.
After configuring the network settings you need to commit them and restart the network service.
Run the following commands:
For some reason the dns nameserver does not take affect and you need to modify it manually at /etc/resolve.conf and enter your dns server details, otherwise you will not be able to update and download the packages needed.
Then you can install vpnc by following the tutorial here: http://wiki.openwrt.org/vpnc.vpn
You connect the VPN by either running the startup script or the vpnc client itself.
vpnc
or
/etc/init.d/vpnc start
You can then see that the tunnel is up by using ifconfig
root@metarouter:/# ifconfig
eth0 Link encap:Ethernet HWaddr 02:0B:3E:55:A6:23
inet addr:172.16.2.6 Bcast:172.16.2.7 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2517 errors:0 dropped:0 overruns:0 frame:0
TX packets:2039 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:888004 (867.1 KiB) TX bytes:364073 (355.5 KiB)eth1 Link encap:Ethernet HWaddr 02:5B:39:4F:B5:12
inet addr:172.16.2.2 Bcast:172.16.2.3 Mask:255.255.255.252
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4787 errors:0 dropped:0 overruns:0 frame:0
TX packets:2992 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:447771 (437.2 KiB) TX bytes:679876 (663.9 KiB)lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2748 errors:0 dropped:0 overruns:0 frame:0
TX packets:2748 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:186756 (182.3 KiB) TX bytes:186756 (182.3 KiB)tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.102.253.87 P-t-P:10.102.253.87 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1
RX packets:41 errors:0 dropped:0 overruns:0 frame:0
TX packets:432 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:4428 (4.3 KiB) TX bytes:31605 (30.8 KiB)
On your route make sure that you route the ip ranges you need and masquerade it as required.
Traceroute from PC going to my gateway ( mikrotik) over to metarouter into the VPN.
C:\Users\Administrator>tracert -d 10.117.12.117
Tracing route to 10.117.12.117 over a maximum of 30 hops
1 <1 ms <1 ms 1 ms 10.20.0.254
2 2 ms 1 ms 1 ms 172.16.2.2
3 142 ms 36 ms 26 ms 10.102.250.2
4 213 ms 43 ms 37 ms 10.101.255.73
5 137 ms 24 ms 23 ms 10.101.255.206
6 114 ms 27 ms 26 ms 10.103.82.5
7 70 ms 201 ms 215 ms 10.251.201.0
Success.
Thank you for the tip of using metarouter and vpnc!
I tried metarouter image http://openwrt.wk.cz/attitude_adjustment/mr-mips/openwrt-mr-mips-rootfs.tar.gz as well. And it even works. Several minutes or maybe hours. Then metarouter freezes. The only option you have is to reboot metarouter. While rebooting it makes the host router to reboot as well. Very annoying. And even when it works it loses 20% of bandwidth comparing to Windows Cisco client.
Then I tried the routine http://cases.azoft.com/how-to-connect-mikrotik-to-cisco-vpn/ with Mikrotik-recommended image http://www.mikrotik.com/download/metarouter/openwrt-mr-mips-rootfs.tgz and vpnc from http://rnd.rajven.net/openwrt/mikrotik/metarouter/mr-mips/packages repository. This client connects to my corporate Cisco successfully and even makes appropriate routes to my internal networks. But I could not manage to get any traffic through these routes whatsoever. No ping, no telnet, no DNS request. And no errors and no warnings.
I wasted two days trying to make good usage of metarouter vpnc. Eventually I took a cheap spare router and installed DD-WRT there with vpnc. Vpnc works with two different Ciscos on my two remote jobs and provides me with two remote internal networks simultaneously. The only thing Mikrotik has to do with this it routes appropriate requests from my home network to remote networks through internal address of the second router. Works like a charm.