Community discussions

 
normanr
just joined
Topic Author
Posts: 5
Joined: Thu Sep 04, 2008 4:46 pm

Feature Request: OpenVPN [ovpn] udp tunnels

Thu Sep 11, 2008 4:08 pm

It's a long standing request, and shouldn't be a lot of work.
 
darkwarrior
just joined
Posts: 18
Joined: Wed Aug 15, 2007 4:40 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 07, 2008 5:42 pm

i'm need this feature too.
 
Eter
just joined
Posts: 11
Joined: Sun Oct 12, 2008 11:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Oct 12, 2008 11:53 pm

Anyone knows anything about this? Will udp support be included in upcoming releases?

Maybe some from Mikrotik can tell us?

Chris
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jan 20, 2010 10:08 pm

Bump... Can we please get an update on UDP support for OpenVPN? TCP over TCP simply does not work. Normis or Uldis an update please?
 
cdiggity
newbie
Posts: 31
Joined: Fri Oct 31, 2008 12:40 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jan 22, 2010 2:15 am

I'm waiting for this as well.
 
Pada
Member Candidate
Member Candidate
Posts: 150
Joined: Tue Dec 08, 2009 11:37 pm
Location: South Africa, Stellenbosch

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jan 25, 2010 12:31 am

I would've loved it to be able to use a standard OpenVPN configuration file.

The drawbacks with the current OpenVPN server/client are:
* No UDP support
* Unable to host a server without a username/password combination
* Unable to push routes to clients
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Feb 01, 2010 6:26 pm

+1!!!

I really need this feature. Using TCP to encapsulate TCP gives me a very low throughput... and it's a shame, because it's really easy to set up an OpenVPN tunnel (well, at least when you've done it ten times and you discover how RouterOS like's it's certs and some other tricky detalis).

Mikrotik, what's holding you from implementing UDP for OpenVPN? At least it would be nice to know why it is taking so long...

Thank you!
 
phii
just joined
Posts: 2
Joined: Sat Feb 06, 2010 2:37 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Feb 06, 2010 2:40 pm

+1 on this.

I have a few tunnels setup, and as they all have dynamic client side IP's I basically have no choice but to use OpenVPN.

Which means I have to use TCP mode and the performance is poor.

Do you need people to test this? Is there beta/alpha code? Is it just as simple as not that many people need it?

Help!

Daniel
 
phii
just joined
Posts: 2
Joined: Sat Feb 06, 2010 2:37 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Feb 06, 2010 3:05 pm

I really need this feature too! Stuck using OpenVPN due to dynamic IP's on client locations/sites.

Will we get this soon?
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Feb 08, 2010 10:47 am

I think it would be nice to add your vote here:

http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Probably someone should add all the votes from the v3 feature requests page which are not done yet:

http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests

Regards
 
User avatar
omidkosari
Trainer
Trainer
Posts: 616
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 09, 2010 7:38 pm

I need it very much . a mikrotik guy comment please ?
When will support udp ?
 
User avatar
calman
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Feb 06, 2009 12:16 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 09, 2010 11:50 pm

Udp i faster than tcp , but more dificult to bound than tcp
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Feb 10, 2010 5:02 pm

Udp i faster than tcp , but more dificult to bound than tcp

What?
 
User avatar
jp
Long time Member
Long time Member
Posts: 599
Joined: Wed Mar 02, 2005 5:06 am
Location: Maine
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Feb 12, 2010 10:25 pm

I run OpenVPN on a separate linux box, and it rocks. Performance, features, multiplatfom ease of use are quite good.
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Feb 18, 2010 5:55 am

Im currently at 72 Ovpn tunnels and would REALLY like full ovpn support. LZO compression, UDP support, etc.

Ill be at over 100 Ovpn tunnels in about a month, all with MT hardware. Please Please Please!
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Feb 18, 2010 9:29 am

Hi,

@roadracer96 Have you been able to measure the bandwidth that you are loosing by using tcp instead of the native bandwidth of your link? In my tests I loose at least 50% of the links native bandwidth (and there aren't any lost packets nor high latency).

@everyone Has someone played with MTU's to try to increase the OpenVPN links performance?

Thank you!
 
User avatar
omidkosari
Trainer
Trainer
Posts: 616
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Feb 18, 2010 11:38 am

Is there any comparison between OpenVPN vs EOIP ?
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Feb 18, 2010 2:39 pm

The tunnels are fast and I dont think I am losing a lot of bandwidth. One tunnel was pushing about 5mbit for 3 days straight doing DFS replication to my office from a colocation and the speed on the LAN side of the tunnel was about the same. But this was over a wire, not over wireless, so full duplex, etc, etc.

BUT. UDP is less expensive in pretty much every aspect.

EDIT: OpenVPN is an encrypted, certificate based VPN. EOIP is not. No comparison...
 
Pada
Member Candidate
Member Candidate
Posts: 150
Joined: Tue Dec 08, 2009 11:37 pm
Location: South Africa, Stellenbosch

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Feb 18, 2010 4:35 pm

I was always using OpenVPN on my Linksys WRT54GL with DD-WRT firmware, which allowed me to open PPPoE client connections via the OpenVPN tunnel. Since I got a RB750, I've changed over to PPTP VPN, which doesn't allow me to open PPPoE connections over the VPN tunnel.

I've used the TCP based OpenVPN connection over a Wireless network, and the throughput was reasonably decent, considering the TCP overhead.

I would really be grateful if OpenVPN features would be expanded in ROS...
 
duoran
just joined
Posts: 5
Joined: Sun Feb 14, 2010 3:24 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Feb 19, 2010 2:23 am

Vote +1
 
User avatar
omidkosari
Trainer
Trainer
Posts: 616
Joined: Fri Sep 01, 2006 4:18 pm
Location: Iran , Karaj
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Feb 19, 2010 10:40 am

EDIT: OpenVPN is an encrypted, certificate based VPN. EOIP is not. No comparison...
I mean a comparison in performance,overhead,reliability etc between EOIP and OpenVPN
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Feb 19, 2010 3:45 pm


I mean a comparison in performance,overhead,reliability etc between EOIP and OpenVPN
EoIP will perform faster. For one EoIP is just using a plain GRE tunnel with a few Mikrotik added extensions and OpenVPN is an encrypted tunnel. Obviously EoIP will be faster. Currently reliability would be greater with EoIP as the Mikrotik implementation of OpenVPN only supports TCP which is problematic when running TCP over TCP.
 
pantone
just joined
Posts: 7
Joined: Tue Mar 16, 2010 4:18 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Apr 08, 2010 5:46 am

+1..

The performance of OpenVPN TCP is too bad... why MikroTik don't add UDP feature? Why can't see any official staff reply this issue? Please stand out here and tell us there any schedule or difficult? ;-)

Thanks.
 
dssmiktik
Forum Veteran
Forum Veteran
Posts: 732
Joined: Fri Aug 17, 2007 8:42 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Apr 08, 2010 2:01 pm

I must say I agree. We've never heard a definitive answer on this issue. Question: Why? So simple, yet no answer.

Has anyone seen an OpenVPN solution on any device support only TCP? Please respond if you could, anyone, I'm really curious. I'm wondering what's the difficulty in adding UDP support.

Anyway, please anyone respond, this is getting very old, and yes, very frustrating.
 
workie
just joined
Posts: 7
Joined: Wed Oct 14, 2009 11:45 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Apr 13, 2010 11:09 am

...
Anyway, please anyone respond, this is getting very old, and yes, very frustrating.
+1, we need answer to this question. It may or may not easy to implement this feature, but OpenVPN (the original one) has both TCP and UDP support, it's incomplete implementation right now. We need the UDP and LZO compression too. Please, just say a date eg. 2011. July and we'll wait for it, but now we don't have any info.
 
pantone
just joined
Posts: 7
Joined: Tue Mar 16, 2010 4:18 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 03, 2010 10:50 am

vote +1

OpenVPN support UDP is too important!!!!!!
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Jun 05, 2010 9:51 am

I think the official opinion on this is "Why do you need that, if you want UDP based tunneling use L2TP"

To be honest, L2TP does work rather nicely :)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jun 07, 2010 9:58 am

We also have SSTP now, which works great and has the same benefits as OpenVPN. It's currently not popular yet, and (except RouterOS) it's supported only in Windows, but technically it's very interesting.
No answer to your question? How to write posts
 
hedele
Member
Member
Posts: 338
Joined: Tue Feb 24, 2009 11:23 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jun 07, 2010 7:03 pm

Isn't SSTP also TCP-based and suffers from the TCP-meltdown problem?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Jun 08, 2010 8:42 am

Practically (i am on a SSTP tunnel all the time now, for testing), I couldn't say there is a performance difference with or without the tunnel. Local network file transfers are just as fast.
No answer to your question? How to write posts
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 7:54 am

We also have SSTP now, which works great and has the same benefits as OpenVPN. It's currently not popular yet, and (except RouterOS) it's supported only in Windows, but technically it's very interesting.

SSTP does NOT work great... Tried it in 5b1 and 5b2 and it still has a long way to go.... IIRC, it disconnects every 2 minutes. There is some workaround on the client-side, but hacks arent really feasible for me with over 100 MT->MT VPN tunnels.
To be honest, L2TP does work rather nicely :)
I think the official opinion on this is "Why do you need that, if you want UDP based tunneling use L2TP"

To be honest, L2TP does work rather nicely :)
Yeah, except IPSEC is severely lacking... So again, you are left with MPPE-128 instead of 192/256bit certificate VPNs... There are many applications where there is a legal, or procedural requirement to use certificates.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:00 am

Maybe the difference is that I use beta3 ?
No answer to your question? How to write posts
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:09 am

Maybe the difference is that I use beta3 ?
Gimme!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:18 am

We are about to release, it has numerous important fixes and improvements.
No answer to your question? How to write posts
 
void
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Nov 07, 2008 5:28 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:20 am

Why is Mikrotik ignoring all those request for UDP based OpenVPN and proposing and TCP VPN solution as an alternative ?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:24 am

Why is Mikrotik ignoring all those request for UDP based OpenVPN and proposing and TCP VPN solution as an alternative ?
OpenVPN is very very buggy and hard to implement. Our developers almost all committed suicide trying to make it work. It's a big mess, so we can't continue to implement it 100%
No answer to your question? How to write posts
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:31 am

Why is Mikrotik ignoring all those request for UDP based OpenVPN and proposing and TCP VPN solution as an alternative ?
OpenVPN is very very buggy and hard to implement. Our developers almost all committed suicide trying to make it work. It's a big mess, so we can't continue to implement it 100%

I disagree. Before I used MT for my VPN concentrator, I had a standard CentOS box with OpenVPN from source running flawlessly with RADIUS/certificate authentication using UDP and LZO compression.

I switched to MT because I figured an embedded system would end up being more reliable and manageable than a full PC.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:33 am

Another problem with it, client and server end must match configuration 100%. if you have different clients connecting, this will be a huge pain to get done. OpenVPN is hard to configure. Maybe not for you, but in comparison to our other options.
No answer to your question? How to write posts
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jun 09, 2010 8:38 am

Another problem with it, client and server end must match configuration 100%. if you have different clients connecting, this will be a huge pain to get done. OpenVPN is hard to configure. Maybe not for you, but in comparison to our other options.
Previously, I had Windows and linux clients connecting to it... The only difference is the limitation on the Windows side and not being able to do point-to-point addresses (Windows will only do a /30 in the tap32 interface).

I dunno.. It was easy for me to setup...

PS: I think I figured out why OpenVPN would bomb out my RB1000 randomly. I put a script in that runs every minute removing invalid IP addresses... So far, that seems to fix it. OpenVPN IPs seem to stick around in certain disconnect situations for some reason..
 
Fransisfl
just joined
Posts: 4
Joined: Mon Sep 05, 2011 11:46 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Sep 07, 2011 2:17 pm

OpenVPN comes with scripts to automate the process (If you ask nicely, I'll send you my scripts to automate the process even more.) You'll also want to ensure the client's key expires within a reasonable amount of time and require a password. Also, OpenVPN supports static keys which is good for LAN-to-LAN connections. It can be a bit scary letting remote users have a static key out in the wild, so a public/private key exchange is best for remote users. Static keys should be changed very often (Note: OpenVPN static keys that are created on Windows can be used on Linux and vice versa. Remember the dos newline issue if you are creating and sending keys between unix and windows systems.
Last edited by Fransisfl on Wed Jun 13, 2012 4:48 pm, edited 2 times in total.
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Location: France

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Sep 08, 2011 12:22 pm

I don't like these kind of behaviour from MT crew when a user ask for a standard feature ("do you really need it? why won't you do something different like use this non-standard thing that we MT like?").
But what I hate beyond anything is bullsh..ing. OpenVPN hard to configure, really?

Anyway, for us, sysadmins and netadmins to understand clearly the issue, what exactly is preventing rOS user to benefit from all upstream features? I mean, routerOS is linux based, and aren't openVPN upstream sources available?
You have some difficulties to priovide a mere OpenSSH server or a OpenVPN server on routerOS and I wonder why.

I really would be happy to understand (I like days when I go to bed less stupid than the eve). :)
RB450G - OpenWrt (so much more stable than with routerOS)
-> now: UBNT EdgeRouter Lite

(very unlikely to be MT customer again in the future)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Sep 08, 2011 12:32 pm

Thank for bringing up a thread more than a year old.

The answer was clear - We will not make new OpenVPN features.
No answer to your question? How to write posts
 
petrn
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Jul 29, 2010 3:56 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Sep 08, 2011 5:13 pm

Thank for bringing up a thread more than a year old.
What about automatically locking topic after let say 6 months of inactivity?
Petr
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 09, 2011 8:22 am

Thank for bringing up a thread more than a year old.
What about automatically locking topic after let say 6 months of inactivity?
not all topics get irrelevant after 6 months
No answer to your question? How to write posts
 
janisbvp
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Jul 15, 2010 10:33 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 09, 2011 12:16 pm

Thank for bringing up a thread more than a year old.
The answer was clear - We will not make new OpenVPN features.
Well, I am ready to move from OpenVPN, but I need a good, speedy solution. My setup is:
> RB450
> Internet with dynamic ip and dyndns (every router on planet that has dyndns option, is easier to setup with dyndns that MT, why oh why?)
> 6 machines (2x WinXP SP3, 1x Win7HomePremium, 2x Ubuntu 10.04, 1x Osx 10.4)
> Need for: Vpn that works over 3g/umts/hsdpa connections without hassle. Good encryption - PPTP is out of any consideration, period. VPN client software for all of these platforms.

Any good offers?

My point is: Good low power cpu + ROS = bundle of features, speed amd versatility = why I choose it. If any of the parts of equation drop out, I will have to start searching.
Of course, MT support and this forum is the greatest thing about MT and let's keep it this way.
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Location: France

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 09, 2011 12:40 pm

Thank for bringing up a thread more than a year old.

The answer was clear - We will not make new OpenVPN features.
Yes, it was "clear" (not satisfying but not the point here :)) but in a general manner I'm wondering why you would "implement" this. What is the relation between openvpn server code in rOS and upstream OpenVPN server.
RB450G - OpenWrt (so much more stable than with routerOS)
-> now: UBNT EdgeRouter Lite

(very unlikely to be MT customer again in the future)
 
dejanp
newbie
Posts: 37
Joined: Wed Oct 08, 2008 4:57 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Jan 17, 2012 4:53 am

any news with udp and openvpn soon ? I am now forced to use openvpn and would need to change routers on 4 or 5 locations if can't made that working.

Thank you in advance,
Dejan
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Jan 17, 2012 8:52 am

any news with udp and openvpn soon ? I am now forced to use openvpn and would need to change routers on 4 or 5 locations if can't made that working.

Thank you in advance,
Dejan

-->>>


The answer was clear - We will not make new OpenVPN features.
No answer to your question? How to write posts
 
hall757
just joined
Posts: 1
Joined: Sat Feb 11, 2012 7:28 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Feb 11, 2012 7:35 am

I am glad to have found this thread before I wasted money on what I thought would have been a good product. The other vendor thanks you for not supporting OpenVPN UDP.
 
mgiammarco
newbie
Posts: 43
Joined: Tue Apr 13, 2010 10:56 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Feb 18, 2012 12:37 am

Is it a joke or what?

1) UDP is suggested from openvpn creators and works better than tcp
2) apart from this ALL MY PARTNERS HAVE OPENVPN ON UDP and they will not change their setup because I HAVE A MIKROTIK. They laugh and says to me that debian or pfsense is free....
 
mgiammarco
newbie
Posts: 43
Joined: Tue Apr 13, 2010 10:56 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Feb 18, 2012 12:40 am

Is it a joke or what?

1) UDP is suggested from openvpn creators and works better than tcp
2) apart from this ALL MY PARTNERS HAVE OPENVPN ON UDP and they will not change their setup because I HAVE A MIKROTIK. They laugh and says to me that debian or pfsense is free....
 
dtoffo
Trainer
Trainer
Posts: 97
Joined: Tue May 17, 2011 9:19 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 21, 2012 7:04 pm

Is it a joke or what?

1) UDP is suggested from openvpn creators and works better than tcp
2) apart from this ALL MY PARTNERS HAVE OPENVPN ON UDP and they will not change their setup because I HAVE A MIKROTIK. They laugh and says to me that debian or pfsense is free....


I'm also a long-time openvpn user: I think there is no other so "simple" (not for starters, but once configured ...) solution for vpn:
- maybe sstp has a good future (I didn't try it for now), but for now it's only for Windows vista, seven or 2008... too few opeating systems (... and Microsoft will not port it to XP, the most stable among their products!)
- ipsec is too difficult to implement if you don't have static addresses: it's not flexible.
- pptp is old protocol, only partially functioning behind nat, and you can't manage routes in the tunnel

So I say: OK, Mikrotik don't want us to use openvpn anymore, but which is a real alternative, with the same flexibility?
Give me a good alternative and I'll be happy to put ovpn out of the window. For "good" I mean:
- little protocol overhead (as in ovpn over udp)
- push configuration and routes from server to client (as ovpn does)
- nat and dynamic address proof (as ovpn)
These are the reasons, I think, that generated this thread.

The limited support to openvpn is really the only point I hate in routeros, for all my other needs is great.

I hope that Mikrotik team will reconsider ovpn support and implementation, or give a hint for a better protocol to use

Davide
 
void
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Nov 07, 2008 5:28 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 21, 2012 8:49 pm

+1

Mikrotik, please listen to your customers and don't implement new VPN protocols nobody is waiting for (SSTP).
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 21, 2012 10:51 pm

To be fair, I'm sure that many people are or will be happy with SSTP. It has considerable advantages over solutions previously available in Windows (I mean by default, without third-party software). So SSTP support in ROS is a good thing.

But for now, for me and many others, the best VPN solution is still OpenVPN and better support from MikroTik would be real nice. I have seen that famous "our developers almost all committed suicide trying to make it work" comment, which made me abandon almost all hope, but I still think some more suicide-proof developers must exist somewhere and MikroTik could hire them to make their users (i.e. us) happy. ;)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Location: France

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Feb 22, 2012 12:21 pm

I completly agree with you, MT should remove any mention on routerOS "supporting OpenVPN".
(like in official brochure: Point to point tunneling: OpenVPN,etc)
RB450G - OpenWrt (so much more stable than with routerOS)
-> now: UBNT EdgeRouter Lite

(very unlikely to be MT customer again in the future)
 
syadnom
Member
Member
Posts: 405
Joined: Thu Jan 27, 2011 7:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Feb 22, 2012 6:52 pm

+1 for udp

for site-2-site:
ipsec doesn't play nice with dynamic IP addresses and routeros doesnt implement any automated process to update VPN configs based on WAN address.
I have made IPSEC work buy ipsec 'transport' between the two WAN addresses and then an ipip/eoip tunnel between the WAN addresses. With dynamic clients I have to do a script to update the WAN address on a schedule. This should be an option to automate *OR* better yet, put a variable in the src-address to be $WANIP1$. Maybe in the ip address entry there can be a checkbox for VPNWANIP1 or something. Even better, make an ipsec client/server interface and do all the dirtywork behind the scenes, allowing for dynamic addressed clients and dns based server address(es)

pptp is old and crap.

lt2p is not secure without ipsec, then I need static WAN addresses so it is about equal to ipsec

openvpn is broken in routeros, no UDP

sstp is only tcp and cna suffer from tcp meltdown.

I would suggest you get on this pretty quick, vyatta is a pretty solid system and ubiquiti is deploying their edgeos product based on vyatta pretty soon (some say March)
 
piyokos
just joined
Posts: 9
Joined: Fri Mar 05, 2010 2:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Feb 26, 2012 2:10 pm

i can understand some routeros-specific openvpn oddities, like the use of auth-user-pass, since it allows openvpn to fit in with the rest of the system. but tcp-only mode for openvpn is a limitation that seems to be present for no reason at all. i think the mikrotik people became so angry with openvpn that they intentionally crippled it to punish it's users. eastern european developers can be vengeful bunch...
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Location: France

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 28, 2012 12:44 pm

eastern european developers can be vengeful bunch...
They may have no idea how angry future ex-consumers can cripple a business.
RB450G - OpenWrt (so much more stable than with routerOS)
-> now: UBNT EdgeRouter Lite

(very unlikely to be MT customer again in the future)
 
dtoffo
Trainer
Trainer
Posts: 97
Joined: Tue May 17, 2011 9:19 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 28, 2012 3:15 pm

eastern european developers can be vengeful bunch...
They may have no idea how angry future ex-consumers can cripple a business.
For me I think that ovpn yes or no is not the only parameter to select routeros or other products. I'm sure that if it was a simple implementation they would have done it years ago.
I just hope that someone at Mikrotik says us: "well, you will not use ovpn anymore, cause we now support <????> that is really better". That would be a great! RouterOs developers ARE great ... think about nv2, for example!
Let me say a technically stupid thing, but just to explain an idea: I'll be better if I'll have an "nv2 over udp" :?: !
 
piyokos
just joined
Posts: 9
Joined: Fri Mar 05, 2010 2:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 28, 2012 7:20 pm

eastern european developers can be vengeful bunch...
They may have no idea how angry future ex-consumers can cripple a business.
well, we test software all the time that does not meet our specific needs (often for unintelligible reasons) and we move on since you cannot really make demands on anyone unless you are the one writing the paychecks. people who buy licenses are just cattle :) but this is extra strange. i mean, they even modified openvpn to accept multiple encryption types (totally worthless), but they could not be bothered to allow to accept both/either protocol? makes no sense to me!
 
User avatar
Davis
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Mon Aug 01, 2011 12:27 pm
Location: Latvia, Riga
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Mar 13, 2012 2:53 pm

I think OpenVPN needs a bit different approach. I think MikroTik can make it as less as possible integrated with everything else (e.g. user specifies OpenVPN instances, for each instance an interface from dropdown and config text is specified, imho all keys, certificates etc. can be stored also in a subfolder in FTP).
I think it may be hard to integrate OpenVPN in existing architecture, but it should be relatively simple just to compile it and make a very simple user interface to it.
A good example is Cyanogenmod for Android and it's very limited OpenVPN "integration", there exist an alternative - application (OpenVPN settings) that has options to start/stop OpenVPN instances and a configurable folder for configuration files (that's all - all configuration is up to user and that is what most users want).
I think that other OpenVPN users can express their opinions about this compromise (that may be relatively easy for MikroTik to implement). And based on user feedback MikroTik can judge how good investment in their business this would be.

Of course I (as MikroTik user) want this, because it would solve most (currently all) of my OpenVPN issues with MikroTik.
 
piyokos
just joined
Posts: 9
Joined: Fri Mar 05, 2010 2:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Mar 14, 2012 3:06 pm

it is very easy to make mikrotik-compatible openvpn configurations on any operating system, so it is not a show-stopping issue there, just a little annoying. but the lack of udp openvpn support is a huge performance problem which cannot be worked around.
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Mar 14, 2012 8:36 pm

It's not show-stopping if you're in charge of things and can live with some compromises and shortcomings. But try to connect to someone else's standard server. Ooops...
... but it should be relatively simple just to compile it and make a very simple user interface to it.
Putting standard OpenVPN in ROS would be great. And as much as WinBox is probably the main reason why I like ROS so much, I'd happily make an exception for OpenVPN and live with "paste your text config here" type of GUI.
On the other hand, I'm not sure if it would be enough. I mean things like handling of interfaces, addresses, routes, I don't think MikroTik would want something else messing with them aside. So it would probably require a little more integration, meaning changing OpenVPN code and that in turn would bring licence issues I guess... But in this case it would be nice to be wrong. :)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
piyokos
just joined
Posts: 9
Joined: Fri Mar 05, 2010 2:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Mar 15, 2012 12:27 am

if mikrotik added these openvpn client features it would be able to connect to 99% of "standard" servers, no raw configuration needed:
  • comp-lzo support
  • some way to disable auth-user-pass (the servers i configure to have mikrotik clients must have a dummy auth script, what a joke!)
  • tls-auth key support
  • udp support (+fragment/mssfix)
 
_saik0
Member Candidate
Member Candidate
Posts: 127
Joined: Sun Aug 26, 2007 11:18 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Mar 15, 2012 2:16 pm

A rather disappointing turn of events for OpenVPN. UDP support seems essential to me.
Why even implement it in such a limited way, it's not like this helps much.

I would suggest pumping up the "votes" on the wiki request page: http://wiki.mikrotik.com/wiki/MikroTik_ ... e_Requests
Perhaps the number of votes from users will be able to stimulate some "suicide immune" developers to do something...
 
slech
Long time Member
Long time Member
Posts: 533
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Apr 03, 2012 11:06 pm

1. UDP Support
2. Compression support
3. Cert based Auth support
4. Route Push support
5. DNS Suffix support
6. Ldap Authentication
7. DHCP (?)

This will be a very nice VPN solution !!!
Last edited by slech on Wed Apr 04, 2012 12:16 pm, edited 1 time in total.
sorry for my english
 
wpeople
Member
Member
Posts: 352
Joined: Sat May 26, 2007 6:36 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Apr 04, 2012 11:33 am

+1
at least on UDP and compress support.
 
jerryroy1
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Sat Mar 17, 2007 4:55 am
Location: LA and OC USA
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Apr 12, 2012 1:58 am

So... Based on this thread. Does OpenVpn and Mikrotik work? And if so, is it only between Mikrotik and Mikrotik? If this is the case, does Mikrotik have a VMWare appliance I can run? Then I can have the MT to MT scenario with their version of openvpn
 
dtoffo
Trainer
Trainer
Posts: 97
Joined: Tue May 17, 2011 9:19 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Apr 12, 2012 10:57 am

So... Based on this thread. Does OpenVpn and Mikrotik work? And if so, is it only between Mikrotik and Mikrotik? If this is the case, does Mikrotik have a VMWare appliance I can run? Then I can have the MT to MT scenario with their version of openvpn

Openvpn on mikrotik works with any openvpn client or server, just you have to configure
- tcp only
- no lzo
- user and password AND keys
- no push options other than addresses, you must configure the other side correctly
I successfully run (the first on each couple is the client)
- mikrotik to mikrotik
- mikrotik to linux (debian)
- linux (centos) to mikrotik
- windows XP and seven to mikrotik

I don't think openvpn on mikrotik is bad, I just think it's a pity that they will not go developing it and they don't propose an alternative.

For the virtual machine:
- you can install the x86 version of routeros on vmware (just like any other pc) using netinstall... it's a matter of seconds.
 
JanezFord
Member Candidate
Member Candidate
Posts: 264
Joined: Wed May 23, 2012 10:58 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 23, 2012 11:31 am

Hi

It seems a bit odd (to say at least) to implement a feature as OpenVPN the way that makes it unusable for about 95% (my guess) of existing infrastructure. Not to mention that many of us do NOT always have an ability to change the server's side of configuration and that there are features in place (UDP) for a reason. So please fix this bummer OR add a big WARNING to any mention of OpenVPN on your wikis (Works ONLY with special server config - most uncommon in real world situations).

What openVPN on mikrotik IMHO needs is:

UDP
lzo-comp
push route
client key auth without a must for user/pass

This should be done ASAP and other openvpn features implemented later on to make this implementation 100% compatible with openvpn. Without this features mikrotik openvpn implementation is useless in existing, working (corporate) enviroments - developers should be aware of that.

OpenVPN is not some obscure feature... OpenVPN is used widely today because it's free, safe, quite easy to configure and works great on various software and hardware platforms ... except mikrotik (for now).


my 2 cents.

JF

RB450G
 
wpeople
Member
Member
Posts: 352
Joined: Sat May 26, 2007 6:36 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon May 28, 2012 9:59 pm

to come here by different way - why do we request to ADD UDP support and LZO comp as feature?
OpenVPN package - as it comes in source - support both above (and many others). So I'm asking, why they got removed???

I'm interested if Mikrotik's implementation based on original OpenVPN package, or they wrote their own compatible implementation? (i don't think the last one, since the first is free and working and original -so why waste time and money with it?)
If they are using the original source, do they allowed to remove a basic feature?
 
andriys
Forum Guru
Forum Guru
Posts: 1187
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 29, 2012 12:10 am

I'm interested if Mikrotik's implementation based on original OpenVPN package, or they wrote their own compatible implementation? (i don't think the last one, since the first is free and working and original -so why waste time and money with it?)
I assume MikroTik reimplemented the protocol from scratch. The most probable reason is simple- GPL. Totally IMHO.
 
janisbvp
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Jul 15, 2010 10:33 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 29, 2012 7:28 pm

Well, that seems to be the reason.
Honestly, Openvpn as it is in Routeros is by 90% useless.
For the owners of RB450 there is an answer - Openwrt, but for the roadwarrior scenario I hope to see Openwrt on RB750.
I have migrated to x86 with openwrt for just that reason.
 
MartinEmrich
just joined
Posts: 1
Joined: Tue May 22, 2012 10:09 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 30, 2012 11:25 am

FYI: We are running two RB750 with native OpenWRT trunk, it works great (including OpenVPN).

I used this tutorial http://blog.poettner.de/2011/05/27/open ... rd-411750/. Don't forget to move to Port 2 after flashing...
 
janisbvp
Frequent Visitor
Frequent Visitor
Posts: 75
Joined: Thu Jul 15, 2010 10:33 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 30, 2012 1:49 pm

I used this tutorial http://blog.poettner.de/2011/05/27/open ... rd-411750/. Don't forget to move to Port 2 after flashing...
Missed this one - thank you, MartinEmrich!
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Location: France

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu May 31, 2012 12:13 pm

I used this tutorial http://blog.poettner.de/2011/05/27/open ... rd-411750/. Don't forget to move to Port 2 after flashing...
Missed this one - thank you, MartinEmrich!
+1, thank you.
RB450G - OpenWrt (so much more stable than with routerOS)
-> now: UBNT EdgeRouter Lite

(very unlikely to be MT customer again in the future)
 
esorin0
newbie
Posts: 26
Joined: Tue Sep 27, 2011 8:40 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 23, 2012 5:46 pm

Any updates in this area? Or is there any VPN tunnel fully supported in ROS, that works over UDP? Well, except L2TP...
 
syadnom
Member
Member
Posts: 405
Joined: Thu Jan 27, 2011 7:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 23, 2012 6:08 pm

no, nothing. some improvements to SSTP, but SSTP isn't good for either low latency or site-to-site.

This single factor has caused me to look elseware. There is another vendor with an nice little router that does open vpn perfectly. Edge something or other...
 
esorin0
newbie
Posts: 26
Joined: Tue Sep 27, 2011 8:40 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 23, 2012 6:26 pm

EdgeMax is not yet available for buying. And no idea how it will perform, as it is in the "baby" stage. I will buy at least 3 as soon as they are available :)
 
syadnom
Member
Member
Posts: 405
Joined: Thu Jan 27, 2011 7:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 23, 2012 6:50 pm

EdgeMax is not yet available for buying. And no idea how it will perform, as it is in the "baby" stage. I will buy at least 3 as soon as they are available :)
It may not be 'available' for buying, but they are in some luck individual's hands ;) and they perform very well.
 
nse60
just joined
Posts: 2
Joined: Tue Oct 23, 2012 12:33 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 23, 2012 9:00 pm

Cisco VPN group authentication (group name & group password).
 
esorin0
newbie
Posts: 26
Joined: Tue Sep 27, 2011 8:40 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 23, 2012 10:50 pm

I just hope they support OpenVPN UDP.
I just don't get it why MTK refusest to implement this feature. Their passive-agressive answers on this forum are at least weird. They are inviting you to look someplace else. Too bad, it is a great product, flawed by some really bad choices. Too much "russian" approach in this product development.
 
syadnom
Member
Member
Posts: 405
Joined: Thu Jan 27, 2011 7:29 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Oct 24, 2012 12:15 am

I just hope they support OpenVPN UDP.
I just don't get it why MTK refusest to implement this feature. Their passive-agressive answers on this forum are at least weird. They are inviting you to look someplace else. Too bad, it is a great product, flawed by some really bad choices. Too much "russian" approach in this product development.
Yes, EdgeMAX supports UDP for OVPN.
 
JanezFord
Member Candidate
Member Candidate
Posts: 264
Joined: Wed May 23, 2012 10:58 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Oct 24, 2012 11:48 am

I just hope they support OpenVPN UDP.
I just don't get it why MTK refusest to implement this feature. Their passive-agressive answers on this forum are at least weird. They are inviting you to look someplace else. Too bad, it is a great product, flawed by some really bad choices. Too much "russian" approach in this product development.
Yes, EdgeMAX supports UDP for OVPN.
That's great news ... do you have any more info on their ovpn implementation (lzo, push route, certificate based auth) ... MT lacks all of theese features.

JF
 
syadnom
Member
Member
Posts: 405
Joined: Thu Jan 27, 2011 7:29 am

Feature Request: OpenVPN [ovpn] udp tunnels

Wed Oct 24, 2012 1:40 pm

I just hope they support OpenVPN UDP.
I just don't get it why MTK refusest to implement this feature. Their passive-agressive answers on this forum are at least weird. They are inviting you to look someplace else. Too bad, it is a great product, flawed by some really bad choices. Too much "russian" approach in this product development.
Yes, EdgeMAX supports UDP for OVPN.
That's great news ... do you have any more info on their ovpn implementation (lzo, push route, certificate based auth) ... MT lacks all of theese features.

JF
Easy, search google for vyatta openopen VPN.
 
prd0000
just joined
Posts: 6
Joined: Tue Apr 02, 2013 6:53 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Apr 04, 2013 6:47 am

Sorry for bringing this up again, but I can't make ipsec to work at all. Connection is dropping randomly. We are working on multiple site to one site with Citrix XenApp. Citrix got dumped randomly every few minutes on all sites. The only static ip and stable connection are on main office, while other sites are on GPRS connection, some on 3G.

My solution was using vyatta's openvpn on separate machine, but I want to put everything under RB750 we owned, and shut down that old vyatta machine. Efficiency was the main factor.

So, is there any alternative there, for stable openvpn udp with lzo compression? Compression is a MUST. We can't send much data over GPRS connection without compression. MT or anything? Or is there any suggestion what device with stable OpenVPN UDP so that we can replace our MT.
 
wpeople
Member
Member
Posts: 352
Joined: Sat May 26, 2007 6:36 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Apr 04, 2013 9:01 pm

you have many options - but only a few with Mikrotik
1) use routerboard with linux
2) use routeros with metarouter+openwrt for tunnel (hopefully there is a working package for that)
3) use Wrap/alix boards with linux
4) use atom based pc
5) use a raspberry pi (sadly it has only one NIC onboard) or other linux based small computer
 
erkel
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Sun May 27, 2007 12:04 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Apr 08, 2013 5:19 pm

Bump,

Please Mikrotik, stop ignoring the issue and please implement UDP for OpenVPN.
 
void
Frequent Visitor
Frequent Visitor
Posts: 61
Joined: Fri Nov 07, 2008 5:28 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Apr 08, 2013 7:55 pm

I've never seen a company ignoring customers like this. People are requesting this feature for years now. :cry:
 
justfishing
just joined
Posts: 23
Joined: Thu Jan 12, 2012 4:40 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Apr 09, 2013 12:13 am

Not to put a damper on things. But I have had all the support I have needed and haven't had a single box brick since I kept using and put out even more SonicWALL's.

Yes they cost more. But for business stuff, it is worth not only my time, but reputation. When I was asking the MT vendors about what to use, even they were like: why dont you use such and such instead?

I do love MT's stuff, but not enough to put ny lively-hood on it.

Just my 2 cents worth...

Sent from my DROIDX using Tapatalk 2
 
friction
newbie
Posts: 40
Joined: Sun Aug 26, 2012 1:27 pm
Location: Werchter, Belgium

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Apr 09, 2013 9:36 am

Thank for bringing up a thread more than a year old.
What about automatically locking topic after let say 6 months of inactivity?
not all topics get irrelevant after 6 months
For me this topic will never become irrelevant as long it is not implemented.

There is simply no alternative as flexible as OpenVPN with udp...

Like mentioned before... I won't mind even if we have to specify a regular openvpn configuration file, as long as it works...
I am not a complete idiot, some parts are missing. [CCNA Sec / CCNP / LPIC-1]
 
wpeople
Member
Member
Posts: 352
Joined: Sat May 26, 2007 6:36 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Apr 11, 2013 2:33 pm

what about offering a bounty for OpenVPN to Mikrotik? :-)
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Location: France

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Apr 19, 2013 3:58 pm

what about offering a bounty for OpenVPN to Mikrotik? :-)
You mean like paying a second time for a "feature" you already bought? Mmmmmm... :?
RB450G - OpenWrt (so much more stable than with routerOS)
-> now: UBNT EdgeRouter Lite

(very unlikely to be MT customer again in the future)
 
neptune
just joined
Posts: 9
Joined: Tue Jul 09, 2013 3:00 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jul 11, 2013 12:38 pm

We're mid-2013 already, and still no news of any udp support for RouterOS openvpn ?
 
DerSchaman
just joined
Posts: 2
Joined: Thu Aug 16, 2012 12:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jul 15, 2013 5:52 pm

+1
It has been repeatedly voiced by the addition of UDP requests to OpenVPN. Though approximate voiced plans to gentlemen developers :)).
 
agrevtcev
just joined
Posts: 3
Joined: Wed Jul 17, 2013 9:37 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jul 17, 2013 9:44 am

In fact, there's no anything such flexible as openvpn on market. So UDP and route-push support would be great.
 
naxos
just joined
Posts: 18
Joined: Mon Jul 08, 2013 9:04 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Aug 08, 2013 11:22 pm

I've already read many threads here about requests for UDP support for OpenVPN and I wasn't able to find one explanation why it is not supported or why it is not planned to be supported :-/ It's really shame :/

So count me as another customer "begging" for this feature. I think there is plenty of us. ;)
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Aug 09, 2013 12:05 am

I've already read many threads here about requests for UDP support for OpenVPN and I wasn't able to find one explanation why it is not supported or why it is not planned to be supported :-/ It's really shame :/

So count me as another customer "begging" for this feature. I think there is plenty of us. ;)
+1, but normis already said they aren't working on OpenVPN any more. And personally I'd rather see 802.11ac with wireless controller support first, but OpenVPN over UDP would be nice.
 
naxos
just joined
Posts: 18
Joined: Mon Jul 08, 2013 9:04 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Aug 09, 2013 9:12 am

I've already read many threads here about requests for UDP support for OpenVPN and I wasn't able to find one explanation why it is not supported or why it is not planned to be supported :-/ It's really shame :/

So count me as another customer "begging" for this feature. I think there is plenty of us. ;)
+1, but normis already said they aren't working on OpenVPN any more. And personally I'd rather see 802.11ac with wireless controller support first, but OpenVPN over UDP would be nice.
Thanks, I had to miss the thread where was this info (you know, there are many threads about UDP / OVPN :-) ). And personally UDP for OVPN is still my priority :D
 
User avatar
Kreacher
Member
Member
Posts: 359
Joined: Wed Sep 25, 2013 3:58 pm
Location: Hogwarts

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Sep 26, 2013 10:32 pm

Is it a joke or what?

1) UDP is suggested from openvpn creators and works better than tcp
2) apart from this ALL MY PARTNERS HAVE OPENVPN ON UDP and they will not change their setup because I HAVE A MIKROTIK. They laugh and says to me that debian or pfsense is free....
I don´t really know why they are not inserting all known variants of the VPN!
VPN is more and more present in all kind of computing, from the lowest bottom (private usage)
to the highest top (enterprise business) and with more then 30.000.000 sold new mobile devices
like smartphones all 2 years one of the biggest criteria to get new customers and clients in my eyes.

What could be wrong to chose a cpu from a vendor that comes with this capabilities to
compress and also made for de- and encryption so heavy tasks can be handled easily?
Exar formerly HiFn has some interesting chips that can nearly or more handling wired
speed encryption for each know VPN method on the market.

For sure inside of Latvia encryption is not permitted to use and also perhaps MikroTik has
some problems to set those things up, like the vendors in the USA are not able to export
their cryptography equipment outside of the USA to another country, but inside routers
this is since long time a very often used and asked function before buying a router.

And with the new Tilera series including the high speed encryption engine called MiCA, MikroTik has
once more the chance to roll out or inserting a ROS version with all kind of VPN methods!
SSL-VPN
SSTP-VPN
PPTP
PPPD
IPSec
L2TP
OpenVPN

I would more think in that direction, that it is better to offer more different VPN variants then my
concurrence on the router market, for sure. Perhaps some of yours want to spend one minute to
vote here for your favourite VPN method you will see inside of RouterOS or not. If not don´t give
the named VPN method not a point but the other, 8 points can given by your the poll is ending
never up, thanks first to spending a minute. RouterOS VPN types support
Kindly regards
Kreacher ♬

--------------------------------------
Karma points must not be paid by you
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jan 22, 2014 11:04 pm

if mikrotik added these openvpn client features it would be able to connect to 99% of "standard" servers, no raw configuration needed:
  • comp-lzo support
  • some way to disable auth-user-pass (the servers i configure to have mikrotik clients must have a dummy auth script, what a joke!)
  • tls-auth key support
  • udp support (+fragment/mssfix)
If only they could listen!
Just receive confirmation from their support, that they won't do anything about it.
I wanted to buy a MikroTik RB1100AHx2 to play with, now I'm lost cause I use OpenVPN a lot and I wanted to replace the server-side using RouterOS.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jan 22, 2014 11:12 pm

Is there a way for the community to create packages that could be use within RouterOS ?

Could be a solution to create one package with full OpenVPN support, cause that's the only thing that makes me refrain from buying a MikroTik device :-(
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jan 23, 2014 1:43 pm

If you really need those features at the moment. Run openwrt image in metarouter and run ovpn from there with full feature set.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jan 23, 2014 1:47 pm

Is it possible create virtual network interfaces on RouterOS that could be used from within openwrt for incoming and outcoming data ?

Anyway, all information/logs/graphs/users currently logged in, ... won't be there
 
doridian
just joined
Posts: 17
Joined: Mon Jan 20, 2014 3:08 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jan 23, 2014 3:47 pm

If you really need those features at the moment. Run openwrt image in metarouter and run ovpn from there with full feature set.
This is not the solution. With metarouter my router's CPU gets horribly overloaded so much that my whole LAN starts lagging (RB2011).
 
wpeople
Member
Member
Posts: 352
Joined: Sat May 26, 2007 6:36 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Jan 25, 2014 11:18 am

i'm very interested when we reach the point where Mikrotik will admint why they deny to use UDP and compression in OpenVPN.
 
miharoot
just joined
Posts: 21
Joined: Sun May 19, 2013 3:59 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Jan 25, 2014 1:34 pm

If you really need those features at the moment. Run openwrt image in metarouter and run ovpn from there with full feature set.
I understand that you advise me to buy a router which works fine openWRT and use that router but not mikrotik?
 
SynVisions
just joined
Posts: 2
Joined: Fri Feb 07, 2014 6:59 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Feb 07, 2014 7:03 am

When will this be added? :?
 
User avatar
DogHead
Member Candidate
Member Candidate
Posts: 194
Joined: Thu Jan 03, 2008 9:36 pm
Location: Anywhere you want me to be

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Feb 14, 2014 5:55 am

+1+1+1+1+1
Udp for ovpn now!!!
WOOF BANG!
 
jayhern
just joined
Posts: 3
Joined: Fri Apr 18, 2014 6:04 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Jul 27, 2014 5:11 pm

over 4 years and no comment from Mikrotik??
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jul 28, 2014 10:35 am

 
_saik0
Member Candidate
Member Candidate
Posts: 127
Joined: Sun Aug 26, 2007 11:18 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Jul 29, 2014 5:58 pm

Oh, we're making progress!
Few years ago it was almost written in stone that no UDP support is ever planned.
Those are good news, at least they are considering it now.
 
Tigerauge
just joined
Posts: 5
Joined: Sat Jul 05, 2014 3:18 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Aug 01, 2014 9:20 am

please add full openvpn support like OpenWTR software.

Thank You!
 
kartwall
just joined
Posts: 10
Joined: Thu Jul 24, 2014 11:14 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Aug 06, 2014 5:26 pm

+1

I really need UDP OpenVPN + compression. TCP OpenVPN doesn't perform well on latency.
 
joncolby
newbie
Posts: 39
Joined: Wed Nov 13, 2013 8:09 am
Location: Southern California

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Aug 09, 2014 11:44 pm

All of you, Go and vote your support here : http://forum.mikrotik.com/viewtopic.php?f=1&t=86461
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Aug 12, 2014 3:11 am

All of you, Go and vote your support here : http://forum.mikrotik.com/viewtopic.php?f=1&t=86461

Seriously. Not even related. Not at all. Thread jacking.
 
capa
just joined
Posts: 3
Joined: Thu Jan 31, 2013 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Nov 23, 2014 10:16 pm

+1

UDP + LZO
 
elgrandiegote
newbie
Posts: 40
Joined: Tue Feb 05, 2013 6:02 am
Location: Buenos Aires, Argentina

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Nov 24, 2014 5:20 am

+1

UDP + LZO
+ 1000000

but that mikrotik continually ignore our requests
 
esma
just joined
Posts: 6
Joined: Fri Nov 14, 2014 11:31 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Dec 03, 2014 12:37 am

+100 need LZO +UDP OpenVpn
 
esma
just joined
Posts: 6
Joined: Fri Nov 14, 2014 11:31 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Dec 03, 2014 12:39 am

+1

UDP + LZO
+ 1000000

but that mikrotik continually ignore our requests

after 30 day New Year 2015 but not LZO and UPD OpenVPN in Mikrotik Os 6 - OMG....
 
archroker
just joined
Posts: 4
Joined: Mon Oct 20, 2014 1:50 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Dec 08, 2014 9:09 pm

Looks like thay haven't managed to make it work like it should so they just cut it off from the software. It would be nice if they talk to us e tell why such important features inside OpenVPN are not going to be implemented.
Sorry mikrotik team... but it sounds like lazy developers trying to not have to debug the code...

Anyway...
+1 for OpenVPN full support!
 
jarda
Forum Guru
Forum Guru
Posts: 7604
Joined: Mon Oct 22, 2012 4:46 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Dec 09, 2014 7:24 pm

I also would like to see the ovpn over udp in ros.
 
ronybeck
just joined
Posts: 2
Joined: Mon Dec 29, 2014 12:50 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Dec 29, 2014 1:04 pm

Why is Mikrotik ignoring all those request for UDP based OpenVPN and proposing and TCP VPN solution as an alternative ?
OpenVPN is very very buggy and hard to implement. Our developers almost all committed suicide trying to make it work. It's a big mess, so we can't continue to implement it 100%
I don't think we need all features of OpenVPN. UDP support requires the same effort as TCP support, which I find hard to believe would be difficult at all. When I configure OpenVPN by hand, it is a single line where I write either "TCP" or "UDP". Not exactly rocket science. I don't believe that implementing that should trigger any suicide. Almost every OpenVPN implementation I have worked with is using UDP for performance reasons. The choice to use TCP to me is very strange anyhow.

At least consider to implement UDP. Please!
 
imaljko4
Member Candidate
Member Candidate
Posts: 247
Joined: Fri Apr 25, 2008 6:52 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Nov 02, 2016 3:49 pm

+1 for UDP on openvpn !
 
oscar120584
just joined
Posts: 7
Joined: Mon May 30, 2016 11:52 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Nov 10, 2016 3:14 pm

+100500 for ovpn udp lzo
 
Anibius
just joined
Posts: 4
Joined: Wed Mar 02, 2016 12:58 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Nov 22, 2016 8:29 am

Please add UDP for openvpn !
 
dasvos
newbie
Posts: 29
Joined: Sat Mar 14, 2015 7:10 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Nov 23, 2016 7:01 am

+1 for udp.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Nov 23, 2016 11:36 pm

+100999500100999500100999500100999500100999500 for ovpn udp lzo

pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz pleaz

ok just kidding. As stated before nobody cares about +1, please, whatsoever.
 
sysops
just joined
Posts: 1
Joined: Thu Dec 22, 2016 8:41 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Dec 22, 2016 8:46 pm

if mikrotik added these openvpn client features it would be able to connect to 99% of "standard" servers, no raw configuration needed:
  • comp-lzo support
  • some way to disable auth-user-pass (the servers i configure to have mikrotik clients must have a dummy auth script, what a joke!)
  • tls-auth key support
  • udp support (+fragment/mssfix)
I second tls-auth support. I work for an ISP that offers VPN services to our internet connectivity customers and if RouterOS supported TLS auth, we would sell *a lot* of these devices. The demand for our VPN keeps growing every day, more and more customers are looking to do "whole home VPN", and are struggling to find an inexpensive, "off the shelf" router that supports this with OpenVPN. I have wished a long time for myself and them ROS could do tls-auth.
 
VKVKVK
just joined
Posts: 1
Joined: Tue Jan 10, 2017 2:19 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Jan 10, 2017 2:21 pm

+100500 for ovpn udp!!!
 
rsalmon
just joined
Posts: 1
Joined: Mon Mar 20, 2017 4:06 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Mar 20, 2017 4:23 pm

+1 for lzo.

We are going to replace all our routers and lzo is a requirement :-(
 
Sparxx
just joined
Posts: 13
Joined: Wed Mar 18, 2015 7:59 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Mar 24, 2017 4:34 pm

Yes please, OpenVPN is in a urgent need of an update, I can't understand why this is being ignored for such a long time.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Mar 25, 2017 8:58 am

Probably because of RouterOS 7.x :-)
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Mar 25, 2017 12:06 pm

Yes please, OpenVPN is in a urgent need of an update, I can't understand why this is being ignored for such a long time.
At first I could not understand either, but now I do:
I thought that there was just a standard OpenVPN daemon running on the MikroTik, which maybe had to be updated to a
recent version and some config widgets added to the GUI.
But in one of the many posts about this subject it was revealed that this is not the case. The OpenVPN on RouterOS is an own
implementation that does only part of the protocol. And of course, extending that to a full version takes a lot of work.

I don't know why the existing and widely used OpenVPN is not used, but it may be a licensing issue.
I have had another router that once offered OpenVPN and after an update this functionality vanished without explanation.
Maybe the OpenVPN folks are actively pursuing use of their software outside of their conditions (e.g. in a close-source product).
 
Sparxx
just joined
Posts: 13
Joined: Wed Mar 18, 2015 7:59 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Mar 27, 2017 12:56 pm

Yes please, OpenVPN is in a urgent need of an update, I can't understand why this is being ignored for such a long time.
At first I could not understand either, but now I do:
I thought that there was just a standard OpenVPN daemon running on the MikroTik, which maybe had to be updated to a
recent version and some config widgets added to the GUI.
But in one of the many posts about this subject it was revealed that this is not the case. The OpenVPN on RouterOS is an own
implementation that does only part of the protocol. And of course, extending that to a full version takes a lot of work.

I don't know why the existing and widely used OpenVPN is not used, but it may be a licensing issue.
I have had another router that once offered OpenVPN and after an update this functionality vanished without explanation.
Maybe the OpenVPN folks are actively pursuing use of their software outside of their conditions (e.g. in a close-source product).
Well if to go on their website you can scroll through the Licensing page and you can clearly see there are 3 types of licensing, the first two are related to their own Access Server implementation and not the case we look for and the third one is the OpenVPN® Open Source Community Software which I suppose is the one most use, so if there are any licensing problems then those must be tied to these two:
• OpenVPN 2 Open Source Software License is governed by GNU General Public License version 2 (GPLv2).
• OpenVPN 3 Open Source Software License is governed by GNU Affero General Public License (AGPL).

That being said I don't think the case you were explaining is because of licensing as generally GPL is good for everyone, probably it's mostly tied to the popularity of a service, so if their metrics say that service was used by a low number of customers who purchased their routers then they wouldn't see any benefit in investing development resources into that, leading to an out of date service and it's removal as not to receive complaints about a service being offered but not working as it should.
 
tierpath
newbie
Posts: 47
Joined: Wed Oct 22, 2008 5:24 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 02, 2017 5:26 am

Unless this viewtopic.php?f=1&t=77898&start=150#p546841
post has been invalidated. It will be in V7.

Normis & Mr Z Please correct me if I am wrong.

Also I found out and interesting fact about OpenVPN, it is not multl-threaded, it is single threaded, meaing it doesn't scale with ANY SMP architecture.

Normis and Mrz are the IPSEC and SSTP Implementations in the RouterOS multi-threaded?
Is this and the other issues listed @ https://community.openvpn.net/openvpn/w ... #Threading the reason for the long delay in adding UDP and LZO Comp to OpenVPN?

If it is, do you plan to share how you are solving it with the OpenVPN Authors?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 02, 2017 10:52 am

Unless this viewtopic.php?f=1&t=77898&start=150#p546841
post has been invalidated. It will be in V7.
We all know that. But there is no indication whatsoever there will ever be a V7. So that is useless info.
People are waiting for something they can use, don't want to be referred to some future product that may or may not
become available in 3 years time.
 
tierpath
newbie
Posts: 47
Joined: Wed Oct 22, 2008 5:24 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 02, 2017 6:08 pm

Unless this viewtopic.php?f=1&t=77898&start=150#p546841
post has been invalidated. It will be in V7.
We all know that. But there is no indication whatsoever there will ever be a V7. So that is useless info.
People are waiting for something they can use, don't want to be referred to some future product that may or may not
become available in 3 years time.
True. I am more curious as to if the issues making it take so long are the ones I brought up.
 
ckishappy
just joined
Posts: 8
Joined: Fri May 19, 2017 9:03 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat May 20, 2017 12:35 am

openvpn clients in routers with tls-auth, udp, compression are industry standard by now... Did Mikrotik ever comment on the openvpn deficiency resp. corrective actions?
 
upower3
Member
Member
Posts: 384
Joined: Thu May 07, 2015 11:46 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 23, 2017 9:25 pm

While Mirotik plan for 100G ports in upcoming routers maybe they can offer open module spec if they unable to implement ovpn module?

OVPN is one os the main distinct feature of MT. And while ovpn developers at openvpn.net produce one version after another MT developers won't make good implementation?

Please, please! Ovpn is the Swish Knife in network field so it is a shame not to use it. Yes, this is not that Enterprise thing but a lot of people uses it!
 
gavakyan
just joined
Posts: 1
Joined: Fri Sep 08, 2017 12:34 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 08, 2017 12:36 pm

Its fall of 2017 now... 9 years from initial feature request.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 08, 2017 1:37 pm

teaser:
What's new in 7.0 alpha
*) added support for UDP OpenVPN;
No answer to your question? How to write posts
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 08, 2017 1:52 pm

teaser:
What's new in 7.0 alpha
*) added support for UDP OpenVPN;
U are So funny m8
RouterOS v7 is a funny joke
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 08, 2017 1:57 pm

It is actual copy from actual changelog.
No answer to your question? How to write posts
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 08, 2017 2:11 pm

Cool thing - Thanks for the info.
 
irghost
Member Candidate
Member Candidate
Posts: 281
Joined: Sun Feb 21, 2016 1:49 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 08, 2017 4:31 pm

It is actual copy from actual changelog.
OK Cool
Let Us test it
MTCNA MTCRE MTCTCE MTCUME MTCWE MTCIPv6E MTCINE
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Sep 08, 2017 5:36 pm

Hmm, alpha... it looks like we may get something ready for this thread's 10th anniversary. I just hope that other nice OpenVPN features will also make it to the party.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
Forage
just joined
Posts: 14
Joined: Tue Aug 22, 2017 8:39 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Sep 25, 2017 2:08 pm

Hmm, alpha... it looks like we may get something ready for this thread's 10th anniversary. I just hope that other nice OpenVPN features will also make it to the party.
LZO compression and SHA2 (SHA512) authentication come to mind...
 
nin
just joined
Posts: 22
Joined: Sat Feb 20, 2010 9:02 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jan 22, 2018 7:26 pm

Just wanted to setup another new MT device with openvpn / udp but now I am reading this. It's actually very disappointing to read the whole thread from the beginning guys.
 
swits1109
Frequent Visitor
Frequent Visitor
Posts: 65
Joined: Sat Sep 10, 2016 6:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Mar 04, 2018 6:54 am

It's a long standing request, and shouldn't be a lot of work.
This is a 12 year old request. What is going on?? Had to switch all of my VPN clients to other routers simply because of this. Mikrotik OpenVPN was 600+ms ping time and LOTS of packet loss. PPTP or IPsec was 90ms. But, OpenVPN is the only tech that the NSA can't break and that is truly secure. Also, it is the only one besides PPTP that AT&T's routers will allow to have servers.
 
dtoffo
Trainer
Trainer
Posts: 97
Joined: Tue May 17, 2011 9:19 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Mar 04, 2018 10:40 am

It's a long standing request, and shouldn't be a lot of work.
This is a 12 year old request. What is going on?? Had to switch all of my VPN clients to other routers simply because of this. Mikrotik OpenVPN was 600+ms ping time and LOTS of packet loss. PPTP or IPsec was 90ms. But, OpenVPN is the only tech that the NSA can't break and that is truly secure. Also, it is the only one besides PPTP that AT&T's routers will allow to have servers.
don't agree. routeros openvpn implementation sure is not complete neither perfect, but I have no problems on many ovpn over tcp tunnels I have. I don't have the big latency even if I ping traversing 2 tunnels.
 
intermod
newbie
Posts: 26
Joined: Mon Oct 01, 2012 5:59 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Mar 08, 2018 9:40 pm

Argh....stumbled across this limitation here. Needing UDP wOVPN here as well. The UDP seems to operate faster, and we use lots of VoIP here that cannot tolerate retries. Is this a CPU horsepower issue?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Mar 08, 2018 10:35 pm

No, the problem is that RouterOS does not use the opensource OpenVPN program but they have re-implemented it.
So the advances in OpenVPN with release of each new version do not carry over into the RouterOS version.
Apparently nobody at MikroTik dares to take on the task of updating their implementation or axing it entirely and using the open source version instead.
It has been promised that this would happen in RouterOS v7 but it looks like v7 has been indefinitely postponed.
(in another topic the remark has been made that "most features of v7 have been backported into v6 so why would we still want v7?")
 
4xy
just joined
Posts: 2
Joined: Sun Mar 25, 2018 7:26 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Mar 25, 2018 7:37 pm

I bought one due to it costs $20, looks very good all around and SUPPORT OpenVPN... It's really sad, it seemed the happiness is here!! :(
 
melky
just joined
Posts: 2
Joined: Wed May 09, 2018 11:02 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 09, 2018 11:05 am

+1 for UDP tunnels
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 5:51 am

I very disappointed to read this topic after i brought MikroTik hAP ac². :( :(
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 6:00 am

Still no news in June 2018 after two year.

viewtopic.php?f=1&t=77898&start=150#p527829
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 7:34 am

I very disappointed to read this topic after i brought MikroTik hAP ac². :( :(
Did you really buy an access point to establish OpenVPN connection(s) ?!
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 12:01 pm

I very disappointed to read this topic after i brought MikroTik hAP ac². :( :(
Did you really buy an access point to establish OpenVPN connection(s) ?!
I prepare to install OpenVPN server in hAP ac2.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 12:29 pm

I prepare to install OpenVPN server in hAP ac2.
It is possible but it will just be a server with very limited options.
After all this I start to think it would be better when MikroTik simply relabled the OpenVPN feature: name it something like MikroTikVPN and don't suggest any compatability to OpenVPN.
Then prospective buyers will no longer be deceived into thinking that they can use this OpenVPN feature to interconnect with some other OpenVPN service or client.
It would make it just an incompatible variant of SSTP and it could just as well be dropped entirely, but keeping it so existing users do not have to rework their setup would be nice.

As an OpenVPN server or client, well, it is just worthless.
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 12:33 pm

I prepare to install OpenVPN server in hAP ac2.
After all this I start to think it would be better when MikroTik simply relabled the OpenVPN feature: name it something like MikroTikVPN and don't suggest any compatability to OpenVPN.
Really agree your comment.
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 3:53 pm

Nah, give it a little time (*1), it will happen. Check it yourself, how the attitude changes from "no way" to "we already have it" (*2):

search.php?keywords=openvpn&author=normis

It's getting more optimistic over the time.

-
(*1) two or five years, ten maximum
(*2) at least a part of it
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 5:56 pm

Nah, give it a little time (*1), it will happen. Check it yourself, how the attitude changes from "no way" to "we already have it" (*2):

search.php?keywords=openvpn&author=normis

It's getting more optimistic over the time.

-
(*1) two or five years, ten maximum
(*2) at least a part of it
At least, they give the user a answer. Yes or no. It is very easy to answer. I don't know why they always silence.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 6:13 pm

What silence are you talking about? The answer was already given: "v6 - no UDP, v7 - UDP is ready, just wait for v7 itself".
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 8:11 pm

But there has also been the "well... maybe there will not be a v7... we already implemented most of the promised features in v6!".
Of course this does not include the promised features w.r.t. OpenVPN. (and others, e.g. BGP)
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 8:46 pm

Yep, we could use some update, at least about status of the thing, if not for OpenVPN itself. Because while some features might be impossible to add to v6, OpenVPN shouldn't be one of them.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 11:28 pm

Huh huh what about Metarouter on RB1100AHx2 :-)
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 4:06 am

What silence are you talking about? The answer was already given: "v6 - no UDP, v7 - UDP is ready, just wait for v7 itself".
Link, please.

v7 should be developed over FOUR Years. When we can get the v7 ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 10:50 am

Link, please.
search.php?keywords=openvpn&author=normis
v7 should be developed over FOUR Years.
Even more.
When we can get the v7 ?
When it's ready.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 12:30 pm

Link, please.
search.php?keywords=openvpn&author=normis
v7 should be developed over FOUR Years.
Even more.
When we can get the v7 ?
When it's ready.
I just wait until they ready. I hope my router is worked when they ready. :lol:
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 12:45 pm

We're all waiting for it :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
galeoner
just joined
Posts: 4
Joined: Wed Dec 25, 2013 9:35 pm
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 21, 2018 8:07 pm

we're still waiting +1
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jun 25, 2018 11:25 am

we're still waiting +1
Please post this only once a couple of month/years, not every week :)
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
AlexKV
just joined
Posts: 18
Joined: Tue Jul 06, 2010 9:57 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Sep 03, 2018 10:38 pm

up )
+1 UDP
 
gnro
just joined
Posts: 2
Joined: Sun Aug 05, 2018 9:52 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Sep 08, 2018 3:13 pm

Waiting...

+1 UDP suport OpenVPN ovpn
+1 RouterOS v7 :-)
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 05, 2018 9:31 am

Hmm, alpha... it looks like we may get something ready for this thread's 10th anniversary. I just hope that other nice OpenVPN features will also make it to the party.
LZO compression and SHA2 (SHA512) authentication come to mind...
wondering why one would go with ShA512 ... what is the big benefit (security/performance balance in mind) going with that?
sha256 brings no real security benefit over sha192 (hash length extension vuln. and so forth....)

LZO on the other hand would be a BIG improvement and UDP anyway! mikrotik is driving its users insane with still not implementing such "feature" (it is a basic openvpn mechanism AFAIK)....

come on guys ... this is not funny anymore and it's not getting better....
---
raiffeisen data center infrastructure and security
...stay curious
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 05, 2018 5:16 pm

LZO is deprecated, so you should be asking for LZ4 instead
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 05, 2018 7:20 pm

You better have LZ4 up your sleeve already, otherwise it's a cruel joke! :)
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
tkgit
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Sun Dec 23, 2012 8:32 am
Location: Dunedin, NZ
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 09, 2018 6:09 am

from here :
https://www.reddit.com/r/Windscribe/com ... ard_setup/

how about SHA512 auth,
I can not use my windscribe account
 
Paco
just joined
Posts: 6
Joined: Mon Dec 22, 2014 10:50 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Oct 10, 2018 9:59 pm

+1 for UDP support for OVPN on MikroTik
 
schadom
Member Candidate
Member Candidate
Posts: 139
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 11, 2018 3:31 am

from here :
https://www.reddit.com/r/Windscribe/com ... ard_setup/

how about SHA512 auth,
I can not use my windscribe account

+1 for sha256/sha512 in openvpn
seems it got implemented for ipsec recently
 
nin
just joined
Posts: 22
Joined: Sat Feb 20, 2010 9:02 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 11, 2018 11:05 pm

The long waiting time makes me so sad! Products and software - this is not a good match. One is good the other is a joke!
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 11, 2018 11:18 pm

The long waiting time makes me so sad! Products and software - this is not a good match. One is good the other is a joke!
Please enumerate your list of commercial routers (not alternative firmware) that actually have OpenVPN support that conforms to your wishes.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 12, 2018 9:49 am

Another solution would be to support and maintain Metarouter.... even on the RB1100AHx2, but that's another story.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 12, 2018 11:21 am

Another solution would be to support and maintain Metarouter.... even on the RB1100AHx2, but that's another story.
Yes, it would be very good to have metarouter back in service, or some other way of running user programs in some sandbox that only gives them some memory, a disk directory, and one or more network interfaces towards the physical router (tun/tap or similar).
That would allow all kinds of solutions to issues being posted all the time here and in the feature suggestion topic.
(OpenVPN, Wireguard, full-function DNS server, DHCP server for exotic requirements, etc etc)
 
pianisteg
just joined
Posts: 2
Joined: Sat Oct 13, 2018 12:10 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Oct 13, 2018 1:34 am

LZO is deprecated, so you should be asking for LZ4 instead
What about TLS auth and no username/password auth (only by keys)?
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Oct 13, 2018 8:22 am

Aaahhh Wireguard 😍
 
User avatar
spippan
Member Candidate
Member Candidate
Posts: 100
Joined: Wed Nov 12, 2014 1:00 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 18, 2018 4:21 pm

LZO is deprecated, so you should be asking for LZ4 instead
well ...

Image
---
raiffeisen data center infrastructure and security
...stay curious
 
xt22
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Tue Jul 14, 2015 1:16 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 18, 2018 4:58 pm

+1 for UDP.

Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP..
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 18, 2018 5:08 pm

+1 for UDP.

Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP..
Instead, pay them to implement the suggestion in message viewtopic.php?p=692031#p692031
That will serve a lot of other purposes on CCR.
 
xt22
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Tue Jul 14, 2015 1:16 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 19, 2018 12:36 pm

Instead, pay them to implement the suggestion in message viewtopic.php?p=692031#p692031
That will serve a lot of other purposes on CCR.
Although I agree, I believe that would take some serious time. I don't get the point of not implementing already finished UDP support and waiting years for v7.. this reminds me the play "Waiting for Godot" :-/ TCP ovpn between europe and usa is damn slow, I had to go back to the good old l2tp+ipsec
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 19, 2018 6:22 pm

It is likely quite easy to implement a user process but it could take some iterations to make it completely secure.
I would envision it like: you make a folder on the flash disk and put the executable there and add a config item which specifies the folder and the network devices you desire.
(like 1..4 tun/tap devices)
RouterOS creates/opens/initializes the tun/tap devices and chroots to the folder and starts the program. The program can read/write files (only) from "the root directory" which is the folder, and it can access the pre-opened network devices. The other end of those devices is visible in RouterOS where you can put them in a bridge, or set an IP address on them and route to them.
The program runs as a nonprivileged user which is disallowed to make critical system calls.
The user cross-compiles his software for the processor architecture (using gcc) and links it as a standalone executable. Maybe a libc shared library could be made available.

Once this is realized you can port a current version of standard OpenVPN or other software which includes all features you like, which is of course much easier to do than to add features to the rewrite that MikroTik is using in RouterOS.
I am running an old TCP/IP program (KA9Q NET) under Linux using this method in a Raspberry Pi, and it works perfectly.
 
jgro
newbie
Posts: 46
Joined: Sat Jun 10, 2017 7:33 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Nov 06, 2018 3:40 am

Count me as +10 for OpenVPN over UDP. If you do not know why this is important, see http://sites.inka.de/bigred/devel/tcp-tcp.html

I have iOS programs that simply do not work because of the transmission problems caused by trying to run their TCP connections over TCP-based OpenVPN. They just get into some kind of meltdown and give up.

I bought the hEX for only 2 reasons: to provide a IPv6 firewall and to provide remote access. I bought a hAP for only one reason: to enable remote access. Since I eventually decided that IPv6 was too much of a privacy risk and disabled it, it turns out that I pretty much wasted my money on the hardware and wasted a considerable amount of time (~200 hours) figuring all this out.
 
echo
just joined
Posts: 4
Joined: Mon Apr 16, 2018 10:55 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Nov 10, 2018 3:49 pm

+100 for standard openvpn realization.
It`s awful that 10 years old, very important issue is still open. OpenVPN nowadays is used by different kind of customers and there is no way to use mikrotik routers without openvpn with certs and udp protocol.
And another even bigger problem is that support team does not want (can`t) to tell when normal openvpn will be supported by router OS (if it will), so I have to guess what to do, whether to change the equipment or wait (it is not clear how long) that a miracle will happen and normal protocol support will finally appear.

Such a lack of information and lack of dates and workflows about this topic is very strange for a rather famous company.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Nov 10, 2018 4:39 pm

I have to guess what to do, whether to change the equipment or wait
I wonder what router equipment you are going to change to (with software supported by the router manufacturer) that will do what you need...
Of course a plain Linux system can do it, and some open router firmware replacement can do it, but what manufacturer-supported router is your alternative?
 
echo
just joined
Posts: 4
Joined: Mon Apr 16, 2018 10:55 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Nov 10, 2018 7:21 pm

This is not the same level but anyway for example ASUS right out of the box from 2017 for customers with 10-20 light users.
RT-AC66U

And as you mentioned - any router with replaced firmware "from Padavan", DD-WRT, Open-WRT, Tomato and so on.

Metarouter is not the same. OpenVPN in metarouter is very peculiar thing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Nov 10, 2018 9:26 pm

Of course you can install such alternative firmware on some of the MikroTik routers as well.
And mentions on spec sheets of other routers is not the full story!
Before my MikroTik router I had a Draytek router which claimed OpenVPN support on the spec leaflet, but by the time I had bought it and updated the firmware, the whole OpenVPN feature had been silently removed.
There probably are software licensing issues around it, which also could explain why MikroTik do not simply add the latest OpenVPN program in RouterOS but instead did their own rewrite of a subset of the functions.
 
jgro
newbie
Posts: 46
Joined: Sat Jun 10, 2017 7:33 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Nov 13, 2018 1:39 am

I wonder what router equipment you are going to change to (with software supported by the router manufacturer) that will do what you need...
I understand the OpenVPN license is problematic.

It would be fine with me if Mikrotik would only support OpenVPN udp and drop support for tcp. It would also be fine if they created a way for us to install an OpenVPN package from somewhere else.
 
stefan44
just joined
Posts: 3
Joined: Wed Oct 16, 2013 12:39 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Nov 14, 2018 5:39 pm

+1
We are installing Mikrotik Routers in renewable power plants for remote monitoring+control. Connection to our own VPN-Server is no Problem, but the connection to all the energyexchage traders must be done via ovpn udp. At the moment we are installing 2 Routers in each Plant, one Mikrotik for routing, firewall, NAT, VPN and WAN-connection and one Ubiquiti just for one ovpn-udp connection.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Nov 14, 2018 7:24 pm

You could consider using a single router or server at central location to do the OpenVPN and route everything first to central (using whatever VPN you like) and then further route it over OpenVPN there.
Or ask the traders to support really standard protocols in addition to OpenVPN. In a similar situation (which involved only us and 1 other party) I was successful in convincing them that only offering OpenVPN and not IPsec, L2TP/IPsec or similar was not very flexible.
 
maara
newbie
Posts: 43
Joined: Fri Jun 10, 2011 8:42 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Nov 22, 2018 1:12 pm

Just came here to update this 10 years old thread and to ask for a serious support of 17 years old widely used vpn...
 
User avatar
acald3ron
just joined
Posts: 18
Joined: Tue Jan 06, 2015 8:26 am
Location: Rosarito, México
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Nov 29, 2018 7:03 am

+1 for UDP tunnels Por favar.

I dont want to wait anymore !
 
SvenB
just joined
Posts: 1
Joined: Mon Dec 24, 2018 5:59 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Dec 24, 2018 6:07 pm

We are almost in 2019 and still no UDP support.
Shame on you :?

Would be great if we could get it and also not only sha1 and md5 for auth :)


Keep looking forward to this!
 
jgro
newbie
Posts: 46
Joined: Sat Jun 10, 2017 7:33 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Dec 31, 2018 8:32 am

In a similar situation (which involved only us and 1 other party) I was successful in convincing them that only offering OpenVPN and not IPsec, L2TP/IPsec or similar was not very flexible.
What options does Mikrotik have for a UDP (or at least not TCP) based secure connection that I could use to tunnel an EoIP connection?
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Dec 31, 2018 11:04 am

L2TP/IPsec, GRE/IPsec, IPIP/IPsec, plain IPsec transport.
 
msatter
Forum Guru
Forum Guru
Posts: 1302
Joined: Tue Feb 18, 2014 12:56 am
Location: Netherlands / Nīderlande

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Dec 31, 2018 6:23 pm

NordVPN says no. RouterOS is getting outdated.
Two RB760iGS (hEX S) in series. One does PPPoE and both do IKEv2.
Running:
RouterOS 6.46Beta59 / Winbox 3.20 / MikroTik APP 1.3.7
Having an Android device, use https://github.com/M66B/NetGuard/releases (no root required)
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Dec 31, 2018 9:30 pm

NordVPN says no. RouterOS is getting outdated.
Implementing such services on a router is silly. You should implement it on your end device so the entire path is protected.

Furthermore, when today's protocol enforced by something like NordVPN would be implemented by MikroTik, tomorrow they
will switch to another protocol that appears to be better at that time. Look, people are already requesting Wireguard
and unimplemented IKEv2 options. It is just not possible to satisfy everyone in a commercial closed-source router.
Either get some open box that you can tinker yourself, or do it on the endpoint (PC, phone, etc).

MikroTik could include an extension possibility in the form of a "MetaROUTER light" that allows the user to run processes that
implement network functions like exotic VPNs, special DNS servers, etc.
I have suggested it before but there is total lack of response, so apparently total lack of interest.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Feb 20, 2018 12:31 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Jan 01, 2019 8:33 pm

hi, I wanted to know if mikrotik intends to implement the protocol udp and security sha 256 on its openvpn.
Thank you
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jan 02, 2019 12:46 pm

hi, I wanted to know if mikrotik intends to implement the protocol udp
It's implemented already, just wait for the release :)
viewtopic.php?f=1&t=26499&p=617477#p617477
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Feb 20, 2018 12:31 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Jan 02, 2019 1:18 pm

perfetc
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Feb 20, 2018 12:31 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jan 03, 2019 12:20 pm

just to know, do you know an approximate release date? I would not wait all 2019 ...
 
baragoon
Member Candidate
Member Candidate
Posts: 125
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jan 03, 2019 12:53 pm

just to know, do you know an approximate release date? I would not wait all 2019 ...
in a far future :lol:
 
wispmikrotik
Frequent Visitor
Frequent Visitor
Posts: 56
Joined: Tue Apr 25, 2017 10:43 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jan 04, 2019 12:31 am

just to know, do you know an approximate release date? I would not wait all 2019 ...
Maybe @normis can say a date, will it be before 2020?
 
tigro11
Frequent Visitor
Frequent Visitor
Posts: 68
Joined: Tue Feb 20, 2018 12:31 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jan 04, 2019 10:24 am

let's not joke guys, we hope in a very short time that solve this gap
 
jrpaz
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Wed Jun 05, 2013 5:54 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jan 04, 2019 2:52 pm

I bet 2022 by then everything will be obsolete.
 
psydrohne
just joined
Posts: 3
Joined: Sun Jan 06, 2019 5:25 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Jan 06, 2019 5:38 pm

+1 for udp support for ovpn
 
rea1ity
just joined
Posts: 24
Joined: Mon Jun 24, 2013 10:24 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jan 10, 2019 1:10 am

Thank for bringing up a thread more than a year old.

The answer was clear - We will not make new OpenVPN features.
Noooooooooo.....
 
rea1ity
just joined
Posts: 24
Joined: Mon Jun 24, 2013 10:24 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jan 10, 2019 1:16 am

If you really need those features at the moment. Run openwrt image in metarouter and run ovpn from there with full feature set.
A-HA! :D
 
slech
Long time Member
Long time Member
Posts: 533
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Jan 13, 2019 10:44 pm

Introducing AWS Client VPN to Securely Access AWS and On-Premises Resources
AWS Client VPN is a new managed service that provides you with the ability to securely access your AWS and on-premises networks from anywhere, using OpenVPN-based clients.
sorry for my english
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jan 14, 2019 8:22 am

Does it require UDP? Can't find anything about that.
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jan 14, 2019 3:46 pm

https://youtu.be/qmKkbuS9gRs

TCP or UDP is being mentioned in the second part of the video

edit:
oh and: https://docs.aws.amazon.com/vpn/latest/ ... oints.html

(Optional) By default, the Client VPN server uses the UDP transport protocol. To use the TCP transport protocol instead, for Transport Protocol, select TCP.
Note: UDP typically offers better performance than TCP.
 
slech
Long time Member
Long time Member
Posts: 533
Joined: Thu Feb 14, 2008 4:03 pm
Location: Moldova, Chisinau

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jan 14, 2019 7:33 pm

Chupaka,

Yes, it should work with TCP too.

From he other side it works with:
- Active Directory authentication
- Certificate authentication

AWS VPN client was mentioned mostly to mention that this technology is used and maybe MIkrotik team will be able to pay attention to it.
sorry for my english
 
anav
Forum Guru
Forum Guru
Posts: 3122
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Feb 19, 2019 3:54 pm

In response to the openvpn teaser......

Its a promise for your grand children. 6.43.13, 6.43.14, 6.43.15.................................... 6.43.aa, 6.43.ab, 6.43.ac...........................................
6.44.1, ........6.44.aa
6.45.1,...........6.45.aa

zzzzzzzzz 15 minutes......... more like 15 years LOL.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
therealrockguy
just joined
Posts: 1
Joined: Mon Jan 14, 2019 7:40 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Mar 01, 2019 11:22 pm

I've been patiently waiting for 2 years. I might have better luck trying to convince my VPN provider to make a less secure connection just for mikrotik routers
 
adilsemedo
just joined
Posts: 14
Joined: Fri Sep 29, 2017 9:47 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Mar 08, 2019 7:55 pm

Does anyone here used successfull the OpenVPN with www.privatetunnel.com/
I´m struggling to make it work, but it doenst work...
WISP Engineer
MTCNA MTCRE MTCWE
 
draid
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Wed Aug 22, 2018 5:42 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Mar 09, 2019 12:22 am

+1 for the UDP

And the silly duplicate package error is terribly annoying don't know why it isn't addressed.
 
brandaoeb
just joined
Posts: 6
Joined: Fri Jan 27, 2017 9:06 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Mar 10, 2019 1:48 pm

Hi:
I just wont wait for Mikrotik no more.
Bought a ASUS RT-AX88U 186€ 200Mbits openvpn no cpu usage
chears
 
jrpaz
Frequent Visitor
Frequent Visitor
Posts: 83
Joined: Wed Jun 05, 2013 5:54 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Mar 12, 2019 2:33 pm

Why is everyone upset? It's all fixed in v7
 
User avatar
aszody
just joined
Posts: 3
Joined: Wed Sep 10, 2014 11:41 am
Location: Geneva, Switzerland

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Mar 14, 2019 10:20 pm

You should not continue waiting for something that may very well never happen.
As a general principle, when you buy some piece of equipment, from a core router down to your connected light bulb, buy it for what it's embedded software can *currently* do, not for feature XYZ that the seller tells you will be implemented in a future version. If you do the latter, you take the risk that XYZ will not be available over the whole replacement cycle of your hardware...
If that feature is vital for you, then either defer your procurement, get a contractual commitment that you will get it at a planned date, look for an alternative, or - if you have access to the necessary skills - find something that is open enough that you can go the open source route.

I maintain or have installed a couple of OpenVPN setups, and I have stopped years ago trying to terminate the VPNs on the router. I use mikrotik hardware for what they are great : simple, efficient routing, lots of interfaces, and a low price. RouterOS implementation of OpenVPN is deficient at best, so just stay away from it. My usual setup is a Pcengines' APU, attached to one or more of the interfaces of the router and running the open source version of OpenVPN on a current linux distribution. It comes with the latest features, like UDP (just joking...), offers all the configuration options that ROS lacks, and is easy to keep current. Besides, I can script the way I authenticate users, based on any kind of directory, which is much more flexible than ROS' users management.
 
echo
just joined
Posts: 4
Joined: Mon Apr 16, 2018 10:55 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Mar 27, 2019 12:14 am

aszody, it is ok if you have $100-toy used as vpn gate but that means additionl power consumption, additional loss of speed, additional problems with routing especially when you have another l2tp/ipsec vpn tunels to other offices and l2tp should not be inside openvpn.
If product has openvpn protocol in its spec than there should be working implementation of this protocol.
Or there should not be any mention of openvpn in specs because its not openvpn, its some strange "mikrotik vpn" but not openvpn.

By the way, are there any news about openvpn standard implementation? NordVPN does not support mikrotik routers nowadays (as almost all other vpn providers), and openvpn became the standard for vpn protocols.

It is very sad that there is no news at all about this problem. Maybe the current OS can not get the implementation of openvpn because of some economical issues or pricing? Tell us please what is the problem? I do not beleave that you could not create normal openvpn implementation because 10 years is, to my mind, enought to create anything and even a space rocket or Tesla.
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Mar 27, 2019 1:57 am

They are strategically waiting until OpenVPN becomes obsolete, to avoid implementing it in full. It will happen eventually, something better will come up, e.g. there currently seems to be big hype behind WireGuard and some see it as future OpenVPN killer. RouterOS has currently zero support for that, but it can change if it catches up, especially if it's easier to implement than OpenVPN. And I remember that OpenVPN being too complicated was a reason given it the past, why they stopped with tcp and don't want to touch it anymore. Supposedly, they already implemented udp support since then, but there must still be some problem, otherwise they would have released it already.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 193
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Mar 27, 2019 9:55 am

WG is making it soon into the kernel:
https://www.phoronix.com/scan.php?page= ... ot-In-4.20

Mtik first have to update the kernel though or run a version that supports WG module.
Just forget about OpenVPN and go straight to WG guys!
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Mar 27, 2019 4:58 pm

And I remember that OpenVPN being too complicated was a reason given it the past, why they stopped with tcp and don't want to touch it anymore.
The issue is that they re-wrote an OpenVPN implementation instead of just taking the OpenVPN code that everyone uses, and now the original code is being extended all the time and it would be complicated to follow that.
RouterOS contains a lot of code that was directly copied from an opensource product and then modified, but OpenVPN seems to be a different case.
There likely are licensing issues with just taking openvpn and put it in your own router product, I have seen other cases where OpenVPN was first supported and then suddenly gone in a firmware update.

New kernel will be in version 7. We all know how that goes.
 
User avatar
awacenter
Member Candidate
Member Candidate
Posts: 200
Joined: Thu Dec 09, 2004 12:58 pm
Location: Castellón
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Apr 17, 2019 11:31 am

So, In that case we have to wait until v7 es stable.

Can I know if route-push feature will be implementrd in OVPN in v7?
ImageImage
 
User avatar
Specialised
just joined
Posts: 8
Joined: Tue Jan 09, 2018 2:40 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu May 02, 2019 5:18 am

I am from the future (2040) - UDP is still not implemented.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu May 02, 2019 10:28 am

You must be from alternate future.
 
chiem
just joined
Posts: 19
Joined: Fri Oct 24, 2014 4:48 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon May 06, 2019 9:33 am

You must be from alternate future.
Go ahead and prove him wrong please.
 
User avatar
anthonws
just joined
Posts: 22
Joined: Sat Jan 09, 2016 6:46 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 08, 2019 2:33 am

This is getting to a point of being just plain pathetic...

Just forget about UDP and/or LZO...

Just make a decision, and if possible, fast!

#1 Adopt OVPN from source (not this crippled implementation)
#2 Adopt WireGuard (it's more than a "standard" now)

Oh, and provide timelines for this please.
Last edited by anthonws on Thu May 09, 2019 1:03 am, edited 1 time in total.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8319
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 08, 2019 10:14 am


Go ahead and prove him wrong please.
No problem, just wait for 2040
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.
 
sdugoten
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun May 12, 2019 9:29 am

Been wait OpenVPN + UDP + LZO for at least 4 years. A lot of VPN service provider just stop providing other connection type except OpenVPN.

This is getting to a point that I have to move away from Mikrotik router because this is becoming a deal breaker.


I mean...just look at this

https://nordvpn.com/tutorials/

every major router support OpenVPN + UDP + LZO except....routerOS
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun May 12, 2019 6:52 pm

@sdugoten: If it goes well, soon you may have some luck with NordVPN and IKEv2 (see here). Not that it would be an argument against full OpenVPN support.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sdugoten
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon May 13, 2019 11:10 am

@sdugoten: If it goes well, soon you may have some luck with NordVPN and IKEv2 (see here). Not that it would be an argument against full OpenVPN support.
To be honest, IKEv2 is not as popular as OpenVPN. It's a bit too late.

RouterOS in general is late.

Having said that, I started to move my stuff to pfsense. pfsense just provide more functionalities that is commonly used in the public. And it's stable because it's build on top of FreeBSD. It also comes with Web interface that do most complex home networking stuff like policy base routing over VPN via their GUI. OpenVPN UDP is supported for MANY years already with AES-NI acceleration support, and Wireguard VPN is already coming on the way to pfsense. I mean..OpenVPN UDP takes Mikrotik 11+ years to analyze and have yet implement, which this function is so COMMONLY use out there, let's imagine how long you will see Wireguard VPN. I won't even think about AES acceleration support for those cpu that support it....because I don't see Mikrotik would even have time for that. This thread start in year 2008 and it is such a popular feature since 2012, this is no excuse.

I just stop waiting and move on.
 
User avatar
anthonws
just joined
Posts: 22
Joined: Sat Jan 09, 2016 6:46 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon May 13, 2019 1:28 pm

I'm going to stick around for more 9 years at least. 11 years is not enough time to age properly a piece of software.

To me, software has to be distilled for a minimum of 20 years!

No one better than Mikrotik knows how to do this properly!!

/S
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon May 13, 2019 5:39 pm

To be honest, IKEv2 is not as popular as OpenVPN. It's a bit too late.

RouterOS in general is late.
Please give a list of commercial router manufacturers that do support OpenVPN in their products and which have a level of support that is adequate.
(not opensource projects like OpenWRT or Pihole, actual manufacturers like MikroTik, Cisco, Juniper, Netgear, ZyXel, Draytek etc)
 
oscar120584
just joined
Posts: 7
Joined: Mon May 30, 2016 11:52 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon May 13, 2019 10:19 pm

To be honest, IKEv2 is not as popular as OpenVPN. It's a bit too late.

RouterOS in general is late.
Please give a list of commercial router manufacturers that do support OpenVPN in their products and which have a level of support that is adequate.
(not opensource projects like OpenWRT or Pihole, actual manufacturers like MikroTik, Cisco, Juniper, Netgear, ZyXel, Draytek etc)
It's easy ... For example ZyXEL Keenetic: https://help.keenetic.com/hc/en-us/arti ... VPN-client
TpLink: https://www.tp-link.com/en/support/faq/1544/

request to Google "<vendor> openvpn" gives a lot of articles. Only if <vendor> != mikrotik...
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 14, 2019 10:53 am

I think you'll have to agree that the majority of routers do not support OpenVPN, you may be able to find the odd product that does, but not like client and server across the entire product line of the manufacture, which MikroTik does offer.
The problem with OpenVPN on RouterOS is that it is a re-created implementation that was not further developed once it was "working", and the real OpenVPN product was.
So the MikroTik version became more and more incomplete.

But it is not like OpenVPN is the lingua franca of VPN that everyone supports except MikroTik, and MikroTik is behind for not having it.
You will find many many more routers that do IPsec than OpenVPN.

And there likely is a reason for not using the opensource version. Some time ago I bought a Draytek router and its specs leaflet included OpenVPN.
"nice", I thought, I may be able to use that.
But first thing I did was to bring the firmware to the updated version, and OpenVPN was gone! Not to be found anymore! later it was deleted from the specs leaflet too.
Why? We can only guess...
 
sdugoten
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 14, 2019 6:31 pm

I think you'll have to agree that the majority of routers do not support OpenVPN, you may be able to find the odd product that does, but not like client and server across the entire product line of the manufacture, which MikroTik does offer.
The problem with OpenVPN on RouterOS is that it is a re-created implementation that was not further developed once it was "working", and the real OpenVPN product was.
So the MikroTik version became more and more incomplete.

But it is not like OpenVPN is the lingua franca of VPN that everyone supports except MikroTik, and MikroTik is behind for not having it.
You will find many many more routers that do IPsec than OpenVPN.

And there likely is a reason for not using the opensource version. Some time ago I bought a Draytek router and its specs leaflet included OpenVPN.
"nice", I thought, I may be able to use that.
But first thing I did was to bring the firmware to the updated version, and OpenVPN was gone! Not to be found anymore! later it was deleted from the specs leaflet too.
Why? We can only guess...


I think you should look into the router brand that is for home networking, like Asus, DLink, Netgear, TP-Link...etc . Just so let you know, one way or the other, either stock firmware or DDWRT already support numerous VPN connection method including but not limited to OpenVPN UDP Lzo. On top of that, most home network function including stuff like DDNS on numerous platform, policy base routing, VPN client and VPN server , fiilter rules, NAT rules, switched port are all included. What else function you need besides these for home networking?

You want something more powerful? Edgerouter and Netgate router all comes with all the listed feature + all the stuff from RouterOS. Performance wise, whatever router that you buy after 2017 should reach NAT 1000Mbps no problem. These kind of performance is more than most people needed.

I mean...you really need to take a look what other brand is offering in 2019. You just need to take a look Netgate router with pfsense and see what function they offer.
 
pe1chl
Forum Guru
Forum Guru
Posts: 5927
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 14, 2019 8:29 pm

I think you should look into the router brand that is for home networking
Well, I not really am into home networking...
When I use VPN, I use it in the traditional way. To connect two networks over a tunnel across internet.
IPsec is normally fine for that.

And again, undoubtedly many open source projects use and support OpenVPN, I have an OpenVPN server running on a Linux box.
However, that is not what I consider "supported by a router manufacturer".
I don't see OpenVPN support in native firmware for brandname network routers like Cisco, Juniper, etc, and for "home routers" it also
appears to be more an exception than the rule.
 
Sob
Forum Guru
Forum Guru
Posts: 4808
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue May 14, 2019 10:31 pm

Look at it from historical perspective. Static VPNs between two networks didn't have problems, simple IPSec could do the job. But the real fun was road-warrior VPN, i.e. connecting from all kinds of unpredictable networks. PPTP wasn't great with NAT, IPSec neither and L2TP was paired with IPSec, so same thing. Then there were other problems like routes, if you wanted to tunnel only some subnets (and no, road-warriors and BGP don't go well together ;)). Then came OpenVPN and it was like miracle, it needed only a single port to work, didn't care how much NATs are in the way, pushing routes from server was possible, ... everything a road-warrior VPN user could wish for. Maybe the big ones like Cisco weren't excited, because their target group was elsewhere, but the small users were and OpenVPN became standard for them.
People who quote full posts should be spanked with ethernet cable. Some exceptions for multi-topic threads may apply.
 
sdugoten
Frequent Visitor
Frequent Visitor
Posts: 63
Joined: Wed Aug 04, 2010 7:55 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 15, 2019 6:13 pm

I think you should look into the router brand that is for home networking
Well, I not really am into home networking...
When I use VPN, I use it in the traditional way. To connect two networks over a tunnel across internet.
IPsec is normally fine for that.

And again, undoubtedly many open source projects use and support OpenVPN, I have an OpenVPN server running on a Linux box.
However, that is not what I consider "supported by a router manufacturer".
I don't see OpenVPN support in native firmware for brandname network routers like Cisco, Juniper, etc, and for "home routers" it also
appears to be more an exception than the rule.


you can check out all ASUS routers. They obviously not an "odd product" . Asus is one of the top brand for router in 2019 if you google it. Their stock firmware by default comes with all those features (policy base routing, opevpn/pptp/l2tp server and client) + mesh network as standard feature for router newer than 2017. If you look other home networking router forum, ASUS is pretty much the "standard" for home user. The other one is Edgerouter. Stock firmware comes with those feature already as well. Edgerouter is also one of the main competitor for Mikrotik in home networking and small office networking area. https://www.snbforums.com/threads/edger ... 011.54442/

If you look at viewforum.php?f=13 , just by looking at their question and the scale they describe, you should realize that a lot of users use routeros for home networking. Unlike Cisco or juniper, their target is 100% on business. Home networking users contribute a pretty big user base. Mikrotik ignoring a big percentage of their user base seems a bit weird to me. For other major router discussion forum like this one, https://www.snbforums.com/forums/routers.7/ , Asus, Edgerouter, Mikrotik are the main one used by home networking users.

About 10 years ago, Mikrotik was the king for home networking. It had features that none of the home router brand had back then. That's why I bought my first Mikrotik router, Routerboard 800, which was a home networking grade router back then. However, other brand started to catch up in recent years as I mentioned in my last post. Some of those brands even have more features than Mikrotik, including both home networking and business networking area due to a much larger user base and support from the community.

I
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24272
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri May 17, 2019 4:50 pm

This is going far from the topic.
RouterOS v7 internal beta has OpenVPN UDP mode. Please wait until we release a public version and you will have it.
No answer to your question? How to write posts

Who is online

Users browsing this forum: No registered users and 99 guests