Community discussions

MikroTik App
 
nikolayzhelev
just joined
Topic Author
Posts: 8
Joined: Tue Dec 08, 2020 4:26 pm

OpenVPN Server Clarification needed

Tue Dec 08, 2020 5:10 pm

Hi guys,

Recently I bought MikroTik hAP ac^3 RBD53iG-5HacD2Hnd currently running the latest beta release of RouterOS v7 with the idea to setup OpenVPN server and connect to my home network remotely. I would like to route all my traffic over the VPN tunnel also.
So far I have set up several OpenVPN servers on pfsense and DDWRT, but in RouterOS I’m a bit confused.

Can someone give me a link with documentation or explain me how OpenVPN is integrated in RouterOS? To be honest I find it quite different comparing to other systems I’ve used.

Can I set up multiple OpenVPN servers (TUN and TAP)?
Can I configure the server to authenticate clients with certificates only, no username password?
Can I export client certificate and key (generated by RouterOS) without any password?
Can I run OpenVPN server without binding it to any user?
Can I use hardware crypto engine (AES-NI) with OpenVPN?

And more questions are on top of my head, due to lack of documentation.

I’ll be very happy if you share some details regarding this.

Kind Regards and stay safe,
Nikolay
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN Server Clarification needed

Tue Dec 08, 2020 8:03 pm

No.
No.
Yes.
Yes.
No.
 
nikolayzhelev
just joined
Topic Author
Posts: 8
Joined: Tue Dec 08, 2020 4:26 pm

Re: OpenVPN Server Clarification needed

Tue Dec 08, 2020 11:06 pm

Hi mrz,

Thank you for your answer. I'll be expecting any further replies in boolean form :)

Kind Regards,
Nikolay
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: OpenVPN Server Clarification needed

Tue Dec 08, 2020 11:22 pm

 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7038
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN Server Clarification needed

Wed Dec 09, 2020 9:18 am

True
 
nikolayzhelev
just joined
Topic Author
Posts: 8
Joined: Tue Dec 08, 2020 4:26 pm

Re: OpenVPN Server Clarification needed

Thu Dec 10, 2020 10:53 am

Hi guys,

I'll use this topic to explain my problems with my OpenVPN configuration.

Here is a summary of my configuration:

OpenVPN server running in ehternet mode, tcp protocol on port 1194 with netmask /24. One user with username and password trying to get an IP from my local DHCP server (I'm trying to achieve an OpenVPN bridge with my LAN).

My LAN is 192.168.88.0/24;
In PPP under Secrets I've created a client with Remote Address 192.168.88.10, the rest is by default;
In PPP under Profiles I've created an OpenVPN profile with local address 192.168.88.1 and bridge interface with my LAN bridge, the rest is by default;
My OpenVPN server is dynamic interface, comes up only when a user is connected;
One firewall rule to accept connection on port 1194 on my WAN;

I noticed, that after sucessfull connection via OpenVPN and full access to my LAN(no problems there) in the WebFig IP/Addresses there is a new dynamic network 192.168.88.1/32 right after my LAN network 192.168.88.1/24. That gives me an impression that OpenVPN server is creating a separate network with same IP range just for my client, which might be a conflict, rather than using my LAN network and get an IP from DHCP server.
Also my OpenVPN speed via my tunnel is twice slow compairing to my ISP provided speed (ISP gives me 50mbit/50mbit and over my OpenVPN tunnel I get max 15mbit download and 20 mbit upload speeds).
Tested this config on different OpenVPN server and I get full speeds (no issue with my Client hardware).

Can you please advise me, how can I bridge my LAN with my OpenVPN server in order to have only one local network /24 and all IP to be leased from my LAN DHCP server via OpenVPN tunnel?

Kind Regards,
Nikolay
 
radeksima
just joined
Posts: 10
Joined: Fri May 17, 2019 5:29 pm

Re: OpenVPN Server Clarification needed

Mon Dec 28, 2020 1:00 am

You could write 00110 :-)
No.
No.
Yes.
Yes.
No.
 
User avatar
Paternot
Forum Veteran
Forum Veteran
Posts: 953
Joined: Thu Jun 02, 2016 4:01 am
Location: Niterói / Brazil

Re: OpenVPN Server Clarification needed

Mon Dec 28, 2020 2:00 pm

You could write 00110 :-)
No.
No.
Yes.
Yes.
No.
But would it be little or big endian?
 
radeksima
just joined
Posts: 10
Joined: Fri May 17, 2019 5:29 pm

Re: OpenVPN Server Clarification needed

Fri Jan 15, 2021 3:10 pm

You could write 00110 :-)
No.
No.
Yes.
Yes.
No.
But would it be little or big endian?
Funny, it does not matter :-D

Who is online

Users browsing this forum: ptoump, wawananakkaili and 30 guests