OpenVPN - TCP

markmcn · November 14, 2011, 11:09pm

Should UDP support be added

Yes
No
I don’t understand the difference

0 voters

Hi All
I’m kinda wondering does anyone know why MT only support OpenVPN in TCP mode? The reason I ask is this just results in double sliding window flow control and that is not ideal for some of my applications(Really lumpy connections resulting) and I’m having to use IPSec which is a pain for me.
They have told me they don’t plan on UDP support i’m just wondering does anyone know why??
Thanks
Mark

Rivera · November 15, 2011, 12:16pm

that have been discussed here over 9000 times. I also want to see UDP (as well as LZO) support, but MT support stated: they will not add new ovpn features in ROS Reason: “hard to implement”
Correct me if i wrong.

ayufan · November 15, 2011, 4:45pm

no, and no

Rivera · November 15, 2011, 5:07pm

I dunno, then.

Btw: http://wiki.mikrotik.com/wiki/MikroTik_RouterOS/Feature_Requests
Search for “Support for OpenVPN server over UDP” - many people need this feature since start of 2009! (i think wiki was added somewhere around that date?). One of most requested feature of ROS.

Rivera · November 15, 2011, 5:10pm

Oh, i found it, message by normis (MT employee?):
“OpenVPN is very very buggy and hard to implement. Our developers almost all committed suicide trying to make it work. It’s a big mess, so we can’t continue to implement it 100%”
proof

So we are out of luck.

Chupaka · November 20, 2011, 12:36pm

in v5.9, they fixed some conntrack bug with disappearing UDP packets - maybe it was among those stopping reasons, and now there’s possibility to return to UDP OVPN?

elgo · November 21, 2011, 10:05am

That would explain why my last “forwarding” bandwith test (a simple iperf) gave me 1MB/s UDP and 22MB/s TCP
I won’t lose time troubleshooting this until v5.9 is out then.

herschel · November 22, 2011, 9:14am

hmmm well they spent all that time implementing openvpn only to cripple it once they were done? i thought long and hard about why mikrotik would do this and i came up with a theory, it drove them so crazy they wanted to punish the people who were going to be using it! maybe they can be more specific as to why openvpn is tcp-only? every few days there is another thread of complaints about this, i know “we wont be developing new openvpn features in the future”, but i do not think the community will be developing a tolerance for tcp openvpn in the future either…,

janisk · November 22, 2011, 9:48am

no, that was not the reason. BT could not hit that timing barrier (AFAIK <1ms)