Community discussions

MikroTik App
 
User avatar
stek
newbie
Topic Author
Posts: 39
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland
Contact:

OpenVPN in server mode ??

Tue Mar 09, 2010 11:51 am

Hi,
I can read on the wiki (http://wiki.mikrotik.com/wiki/OpenVPN), that OpenVPN is not supported in server mode (multi client to server).

I tried out and I'm able to connect more RB-client to one RB-server with OpenVPN.

Then, I'm asking: is the wiki incorrect ? or what?

Regards
Stefano
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6045
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 12:33 pm

There is definitely a mistake. You can connect more than one client to OVPN server.
 
User avatar
stek
newbie
Topic Author
Posts: 39
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland
Contact:

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 12:41 pm

Ok, then there is a mistake in the MUM presentation:

VPN technology: IPsec, OpenVPN, PPTP - which is better? by Pawel Cieplinski
(AkademiaWIFI.pl, Poland)
http://mum.mikrotik.com/presentations/P ... ademia.pdf


regards
Stefano
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24608
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 12:42 pm

That presentation is about OpenVPN in general. In RouterOS it does support this mode.
No answer to your question? How to write posts
 
User avatar
stek
newbie
Topic Author
Posts: 39
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland
Contact:

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 12:45 pm

Now I'm really confused!

Is supported or not?
and what is not supported?

Stefano
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24608
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 12:46 pm

There is definitely a mistake. You can connect more than one client to OVPN server.
No answer to your question? How to write posts
 
User avatar
stek
newbie
Topic Author
Posts: 39
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland
Contact:

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 12:49 pm

The presentation is saying that OpenVPN on MT dosen't support server mode, exactly like writted in the wiki.

But forunately is a mistake!!

Stefano
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24608
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 12:50 pm

apparently this person took the information from wiki, we will notify him of his mistake, thanks for pointing it out.
No answer to your question? How to write posts
 
cieplik206
Trainer
Trainer
Posts: 290
Joined: Sun Jul 01, 2007 12:25 am
Contact:

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 2:08 pm

Hello

In this case it is a mistake then. I have to confess that my experience in OpenVPN in RouterOS is poor, but in general I implemented few times OpenVPN on Debian / OpenWRT. My Goal was to talk about VPN in general. I took information from WIKI as granted without verification. Thank you for your comment.


Pawel Cieplinski
https://www.wispcasts.com - Mikrotik Video Tutorials.

The best place where you can improve your skills!

Facebook - F/wispcasts
Twitter - @wispcasts
 
duvi
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Fri Jun 05, 2009 12:32 pm
Contact:

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 2:19 pm

Are you sure about this?
I have one rb running ovpn-server, and 2, sometimes 3-4 ovpn client rbs connecting to it at the same time.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24608
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 2:20 pm

Are you sure about this?
I have one rb running ovpn-server, and 2, sometimes 3-4 ovpn client rbs connecting to it at the same time.
did you read the rest of the discussion, particularly the post above yours?
No answer to your question? How to write posts
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 2:32 pm

Right now there are 84 ovpn connections to my RB1000.


Yes, it works.
 
User avatar
stek
newbie
Topic Author
Posts: 39
Joined: Fri Jul 11, 2008 6:22 pm
Location: Switzerland
Contact:

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 3:30 pm

ok,
many tnks
Stefano
 
jschulze
just joined
Posts: 16
Joined: Wed Sep 30, 2009 3:31 pm

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 6:10 pm

Roadracer,

would you care to share your config ? We currently have 50 tunnels (OpenVPN) to a RB1000, but the RB1000 does not manage to stay alive for longer then a day or 2 and then it crashes. This has been turned into a support call for Mikrotik who seem to think there is a memory leak. I wonder what your uptime is ?
 
roadracer96
Forum Veteran
Forum Veteran
Posts: 714
Joined: Tue Aug 25, 2009 12:01 am

Re: OpenVPN in server mode ??

Tue Mar 09, 2010 9:16 pm

I had the same problem and had a support ticket open with MT support. I think I figured it out, though. try changing the profile to "only-one=no"

I think the server was colliding with itself when assigning IPs to clients if they disconnected and reconnected before openvpn realized they were gone. Since I changed this, I havent had a lockup. I was having it happen at LEAST weekly, normally ever 2-3 days, and sometimes twice/day. Right now, I am at 10 days since the last restart and that restart was an accident (didnt pay attention to what router I was in). So it has been 14ish days since I have seen it happen.

I use 2048bit certs for every client, require client cert, clients are a /32 point to point link, server address for every client is the same. AES-128 w/ SHA.

Here is the profile I use for 82 of the 86 connections:

/ppp profile
add change-tcp-mss=no comment="" local-address=10.16.128.1 name=Customer \
only-one=no use-compression=no use-encryption=required \
use-vj-compression=no

/interface ovpn-server server
/interface ovpn-server server
set auth=sha1 certificate=fw-1 cipher=aes128,aes192,aes256 default-profile=\
Customer enabled=yes keepalive-timeout=60 mac-address=FE:1D:10:11:78:AB \
max-mtu=1500 mode=ip netmask=32 port=1194 require-client-certificate=yes

clients are authenticated via RADIUS to a FreeRADIUS server w/ MySQL backend behind the RB1000.

Like I said, Im at almost 10 days of uptime right now and ~100gb of traffic has traversed the firewall. RouterOS v4.5

Who is online

Users browsing this forum: sindy, UpRunTech and 94 guests