I’ve been looking at previous posts stretching back until 2010 and I cannot find a suitable answer.
Is RouterOS a reliable system for OpenVPN? I’ve had countless forms stating that Mikrotik is useless when it comes to OpenVPN and that IPSec should rather be used. Apparently OpenVPN is slow because of the Hardware not being able to decrypt the traffic quickly enough. I’m a bit disappointed that we’re in 2019 and RouterOS still doesn’t support OpenVPN UDP connections.
I currently have a Hex Lite. The throughput on this device is TERRIBLE. We have a 100/100MB line and I only achieve 20% throughput on this device when using OpenVPN. I absolutely swear by Mikrotik and I would like to continue using Mikrotik, if possible.
So my question is: What Mikrotik Router can I buy, that will effectively work with OpenVPN in the sense of allowing at least 80% of my current line throughput to be achieved? I was looking at something like this: https://mikrotik.com/product/RB2011iL-IN
The 2011’s CPU has the same MIPSBE architecture as hEX lite, so there will be no noticeable improvement. You may try hAP ac² which has ARM architecture but as the OpenVPN implementation doesn’t make use of the hardware encryption, don’t expect a dramatic improvement either. I have just one handy at the moment so can’t do an OpenVPN throughput test for you. The ultimate stop is 1100 or 4011 with yet higher clock rate than hAP ac² on the same ARM architecture (I’m not sure whether the advantage of more cores can be used by OpenVPN processing) and it will still encrypt/decrypt in software.
However, the Mikrotik’s in-house OpenVPN implementation doesn’t support UDP transport, compression and a few other features, so it still has a limited use even if one of those ARM devices matches your bandwidth goals.
Aren’t we all waiting for wireguard implementation, and OS 7.0
Wireguard because then we may not need Sindy’s voluminous VPN expertise any more.
All gods fade eventually even VPN ones!
Who needs Wireguard now, when UDP OpenVPN is a sure thing, see here! Ok, there are still few unknowns, it could be June 2039 and RouterOS 6.174.1, and there’s no word about other features, but the ball is already rolling!
