Community discussions

MikroTik App
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 5:44 pm

Hi, I cant connect to my preferred servers anymore with a mikrotik router because purevpn went into "Discontinuing PPTP, L2TP, and SSTP Protocols" mode
...anyone else having this issue?

https://support.purevpn.com/protocol-discontinuation
What protocols are we supporting?
PureVPN will support IKEv2, IPSec and OpenVPN (TCP & UDP) as primary protocols on all vpn locations.

Why can't Mikrotik not connect via OpenVPN???? but almost any other device can??!?! :shock: :?
https://support.purevpn.com/article-cat ... ted/router
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 6:29 pm

You are owning one of the shittiest VPNs now and crying that Mikrotik doesn't support specific VPN protocol? How about NordVPN/Surfshark? They do support lots of them, including OpenVPN TCP and IPSEC/IKE2 which works incredibly well and there is a guide too. viewtopic.php?f=23&t=169273
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 6:32 pm

What's wrong with IKEv2 and IPsec? Use that.
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 7:18 pm

What's wrong with IKEv2 and IPsec? Use that.
...I've got no idea how to implement it on the router and I'm not familiar with IKEv2 and IPse at all!! :?
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 7:21 pm

You are owning one of the shittiest VPNs now and crying that Mikrotik doesn't support specific VPN protocol? How about NordVPN/Surfshark? They do support lots of them, including OpenVPN TCP and IPSEC/IKE2 which works incredibly well and there is a guide too. viewtopic.php?f=23&t=169273
lol...I'm totally crying about it, I bought a 5 year membership (and it wasent cheap!!! :-| ) before this nonsense started with PureVPN

But still ....Mikrotik need to wake-up.... no offense
Last edited by Ehman on Sat Sep 11, 2021 7:25 pm, edited 1 time in total.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 7:24 pm

Time to learn IKEv2 / IPsec then, crying doesn't help.
How does MikroTik need to wake up if PureVPN supports protocols also supported by RouterOS ?
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 7:28 pm

Time to learn IKEv2 / IPsec then, crying doesn't help.
Just out of curiosity? Is the word "crying" the new trend word lately on this forums, I have to admit, I haven't been in this forums in ages until today...
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 7:31 pm

Ehman crying.PNG
:-?
You do not have the required permissions to view the files attached to this post.
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 7:39 pm

Time to learn IKEv2 / IPsec then, crying doesn't help.
How does MikroTik need to wake up if PureVPN supports protocols also supported by RouterOS ?

Not even PureVPN themself can connect to a PureVPN vpn account with a mikrotik router using OpenVPN protocol..

PureVPN support told me, they've tried it themself, It doesnt work on mikrotik....I tried it... it doesnt work...

with all the other routers it works... mikrotik... nope! .. it even works on DD-WRT .. omw!!
https://support.purevpn.com/article-cat ... ted/router
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 7:46 pm

OpenVPN in RouterOS should be ditched as it is a flaky proprietary implementation that is only guaranteed to work between RouterOS's, along the protocols PureVPN deprecated.
PureVPN supports other protocols that you, yourself, mentioned in the first post.
MikroTik supports those protocols, use them.
MikroTik ain't useless because you don't know how to set it up.
Also IKEv2/IPsec is hardware offloaded on some MikroTik hardware, it might help with speeds :) Other protocols are not hardware offloaded.
Plenty of guides over the internet for IKEv2, search for the presentations done by Nikita Tarikin on MUM regarding IKEv2, there are two of them I think, they provide a good starting point.
Along the documentation on MikroTiks wiki and forum.
Have fun learning!
Cheers.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 8:17 pm

I would not support anyone using Surfshark. They tried to be Woke and canceled their advertisments with And Ngô based on what one person was telling. It was all a lie.

https://mobile.twitter.com/laralogan/st ... 3994076162
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 8:22 pm

Not even PureVPN themself can connect to a PureVPN vpn account with a mikrotik router using OpenVPN protocol..

PureVPN support told me, they've tried it themself, It doesnt work on mikrotik....I tried it... it doesnt work...
As others have said the Mikrotik OpenVPN implementation is limited - no UDP, no LZO compression, no TLS authentication, no authentication without username/password, no support for newer encryption and hash algorithms. In particular PureVPN requires TLS authentication so it cannot work.

It seems odd to deprecate SSTP and L2TP/IPsec - they even say "SSTP can be considered as secure as OpenVPN when used in conjunction with robust cipher and ephemeral keys" and "IPSec over L2TP, when properly implemented, has no major known vulnerabilities" (they have misnamed the protocol it is actually L2TP over IPsec).

Only PPTP using MSCHAPv2 authentication and MPPE encryption is well known to be insecure, it also seems odd that the majority of their setup guides are still for PPTP which they no longer support.

IKEv2 should be possible on a Mikrotik if they bothered to state what authentication, encryption and hash algorithms they support for IKEv2.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 8:25 pm

You are owning one of the shittiest VPNs now and crying that Mikrotik doesn't support specific VPN protocol? How about NordVPN/Surfshark? They do support lots of them, including OpenVPN TCP and IPSEC/IKE2 which works incredibly well and there is a guide too. viewtopic.php?f=23&t=169273
PureVPN is supporting IKEv2 fine so what is the fuss about? NordVPN has not yet reacted to my support request why since a while some NordVPN servers don't let ICMP 3-4 through.
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 8:31 pm


IKEv2 should be possible on a Mikrotik if they bothered to state what authentication, encryption and hash algorithms they support for IKEv2.
IKEv2 works fine and they use LetsEncrypt certificates: DST Root CA X3 (LetsEncryptX3.crt) and USERTrustRSACertificationAuthority.crt Comodo-root.crt

https://crt.sh/?id=3509153 two link on thst page to download the pem/crt
And: https://crt.sh/?q=ptoserver.com

You can use this manual: viewtopic.php?f=2&t=178452&p=879291#p879265
Last edited by msatter on Sat Sep 11, 2021 10:37 pm, edited 3 times in total.
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 8:47 pm

Not even PureVPN themself can connect to a PureVPN vpn account with a mikrotik router using OpenVPN protocol..

PureVPN support told me, they've tried it themself, It doesnt work on mikrotik....I tried it... it doesnt work...
As others have said the Mikrotik OpenVPN implementation is limited - no UDP, no LZO compression, no TLS authentication, no authentication without username/password, no support for newer encryption and hash algorithms. In particular PureVPN requires TLS authentication so it cannot work.

It seems odd to deprecate SSTP and L2TP/IPsec - they even say "SSTP can be considered as secure as OpenVPN when used in conjunction with robust cipher and ephemeral keys" and "IPSec over L2TP, when properly implemented, has no major known vulnerabilities" (they have misnamed the protocol it is actually L2TP over IPsec).

Only PPTP using MSCHAPv2 authentication and MPPE encryption is well known to be insecure, it also seems odd that the majority of their setup guides are still for PPTP which they no longer support.

IKEv2 should be possible on a Mikrotik if they bothered to state what authentication, encryption and hash algorithms they support for IKEv2.
Yes, it seems stupidly odd to deprecate SSTP mainly.............
SSTP worked perfectly and its a quick config on the router, same as PPTP!!!! No issues......and no PH.D required to setup SSTP for example to IKEv2!!!!!! :?

Are PureVPN out of their minds!!

And I WILL NOT install that PureVPN app on my pc ever again like I've done in the past...
Last edited by Ehman on Sat Sep 11, 2021 9:01 pm, edited 1 time in total.
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 8:56 pm

Not even PureVPN themself can connect to a PureVPN vpn account with a mikrotik router using OpenVPN protocol..

PureVPN support told me, they've tried it themself, It doesnt work on mikrotik....I tried it... it doesnt work...
As others have said the Mikrotik OpenVPN implementation is limited - no UDP, no LZO compression, no TLS authentication, no authentication without username/password, no support for newer encryption and hash algorithms. In particular PureVPN requires TLS authentication so it cannot work.
I know.. that's the issue here...Even I myself am saying OpenVPN is limited in mikrotik, that's why I said, Mikrotik needs to wakeup!

And I refuse to use anything else then Mikrotik!!! :-?
..
it also seems odd that the majority of their setup guides are still for PPTP which they no longer support.
Yea that's indeed odd! ...I was about to say that aswell...
Last edited by Ehman on Sat Sep 11, 2021 9:13 pm, edited 2 times in total.
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 9:07 pm

Stubborn.
If i were PureVPN I'd just give you the money back.
And you can go choose another VPN provider that deprecates SSTP soon, let them deal with you.
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 9:28 pm

Stubborn.
If i were PureVPN I'd just give you the money back.
And you can go choose another VPN provider that deprecates SSTP soon, let them deal with you.
I've been using PureVPN for many many many years.... and like I said, I'm sitting with a fresh 5yr account that I bought like last year or something and its not due to expire anytime soon...

That NordVPN guide link is irrelevant and useless to PureVPN IKEv2 setup
viewtopic.php?f=23&t=169273

PROBLEM.....................................
Preparation
3. Import NordVPN CA to your router:
/tool fetch url="https://downloads.nordcdn.com/certificates/root.der"
/certificate import file-name=root.der name="NordVPN CA" passphrase=""
 
Ehman
Member
Member
Topic Author
Posts: 389
Joined: Mon Nov 15, 2010 10:49 pm

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 9:42 pm

So we all have established now, Here is the problem... Mikrotik OVPN Client is lacking features clearly!!!, perfectly explained by tdw

"As others have said the Mikrotik OpenVPN implementation is limited - no UDP, no LZO compression, no TLS authentication, no authentication without username/password, no support for newer encryption and hash algorithms. In particular PureVPN requires TLS authentication so it cannot work."
 
msatter
Forum Guru
Forum Guru
Posts: 2897
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 9:46 pm

Stubborn.
If i were PureVPN I'd just give you the money back.
And you can go choose another VPN provider that deprecates SSTP soon, let them deal with you.
I've been using PureVPN for many many many years.... and like I said, I'm sitting with a fresh 5yr account that I bought like last year or something and its not due to expire anytime soon...

That NordVPN guide link is irrelevant and useless to PureVPN IKEv2 setup
viewtopic.php?f=23&t=169273

PROBLEM.....................................
Preparation
3. Import NordVPN CA to your router:
/tool fetch url="https://downloads.nordcdn.com/certificates/root.der"
/certificate import file-name=root.der name="NordVPN CA" passphrase=""
Sigh, the manual is relevant but you have do some extra work to adapt it to other VPN providers.
 
tdw
Forum Guru
Forum Guru
Posts: 1841
Joined: Sat May 05, 2018 11:55 am

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sat Sep 11, 2021 9:59 pm

It is well known that the Mikrotik OpenVPN is limited, it is almost certainly not going to be improved in RouterOS v6.

The linked references show you the overall process for setting up an IKEv2 connection - obviously the NordVPN CA isn't going to work, the process has to be adapted.

PureVPN should be able to provide:
Details and location of their CA and intermediate certificates
The phase 1 / profile DH group, encryption algorithm, hash algorithm & lifetime
The phase 2 / policy PFS group, encryption algorithm, auth algorithm & lifetime

They should be providing these on their website, and ideally setup instructions for routers which are capable of IKEv2. It is almost as though they want you to run their apps on devices which support them rather than set up manual connections.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: PureVPN Protocol-discontinuation, Mikrotik router useless?!

Sun Sep 12, 2021 12:01 am

To be honest, your best bet is to select a third party vpn provider (if you really must) that uses wireguard implementation.

Who is online

Users browsing this forum: Bing [Bot], mrz and 59 guests