Community discussions

MUM Europe 2020
 
User avatar
mag
Member
Member
Topic Author
Posts: 378
Joined: Thu Jul 01, 2004 12:32 pm
Location: Cologne, NRW, Germany
Contact:

OpenVPN

Sat May 20, 2006 6:56 pm

Maybe it would be worth to consider implementing OpenVPN in 2.1 or 2.x.
 
hennessy
just joined
Posts: 7
Joined: Sat May 27, 2006 6:21 am

Mon Oct 23, 2006 11:16 am

I would definitely vote for that
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Oct 23, 2006 11:26 am

it's on the wish list, maybe in v3 it will be made
 
changeip
Forum Guru
Forum Guru
Posts: 3804
Joined: Fri May 28, 2004 5:22 pm

Re: OpenVPN

Mon Oct 23, 2006 6:54 pm

Maybe it would be worth to consider implementing OpenVPN in 2.1 or 2.x.
I havent looked into OpenVPN much, but if it's OPEN why can't it talk with the standard VPN protocols as well? : )

Sam
 
cmit
Forum Guru
Forum Guru
Posts: 1552
Joined: Fri May 28, 2004 12:49 pm
Location: Germany

Mon Oct 23, 2006 7:23 pm

Different kind of beast - OpenVPN is basically a SSL-based VPN solution.

But a good one, for several scenarios. One of the sexy things is that you can get it through almost every firewall - you just need to open a single port...

Best regards,
Christian Meis
 
npero
Member
Member
Posts: 316
Joined: Tue Mar 01, 2005 1:59 pm
Location: Serbia

Tue Oct 24, 2006 8:15 am

One more vote for OpenVPN. Also work throughout proxy try some other VPN solution but this work almost on any place only need one port open to work.

Best regards.
 
User avatar
BrianHiggins
Long time Member
Long time Member
Posts: 598
Joined: Mon Jan 16, 2006 6:07 am
Location: Norwalk, CT
Contact:

Fri Oct 27, 2006 5:28 am

you have my vote as well, many cellular carriers will not allow VPN traffic through your data service without paying additional fees, a SSL VPN would be nice.
 
J0ke
just joined
Posts: 1
Joined: Fri Mar 17, 2006 1:18 am

Tue Nov 07, 2006 3:25 pm

must have!
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Tue Nov 07, 2006 3:26 pm

already in development
 
wsgtrsys
newbie
Posts: 36
Joined: Sat Dec 25, 2004 2:22 pm

Mon Jan 29, 2007 3:42 pm

Hope add in 3.0
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Mon Jan 29, 2007 3:44 pm

YES! see above post
 
User avatar
NoXy
just joined
Posts: 15
Joined: Thu Sep 15, 2005 11:07 am
Location: Hungary

Thu Feb 01, 2007 11:23 pm

Yes, OpenVPN support would be nice?

Maybe v3beta6 includes that????? 8)
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Fri Feb 02, 2007 10:31 am

as normis said it is in development but there will be no other deadline other than stable 3.0 hope it gets faster, but it only depends on MT programmers :) when they manage to get code stable enough.

so patience.. :oops:
 
quican
just joined
Posts: 7
Joined: Wed Feb 14, 2007 2:53 pm

openvpn

Wed Feb 14, 2007 2:58 pm

Any have a "how to" guide about Openvpn and mikrotik conections?

i need connect my computer to a remote mikrotik router.


Cya! and thanks.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Wed Feb 14, 2007 3:01 pm

if you read this thread carefully, you will see that openvpn is not supported by RouterOS right now.
 
quican
just joined
Posts: 7
Joined: Wed Feb 14, 2007 2:53 pm

Wed Feb 14, 2007 4:04 pm

oh! tank you and sorry.. im from argentina and my inglish is not good. thanks a lot for answer and sorry for disturb the people.
 
burkon
newbie
Posts: 37
Joined: Tue Sep 12, 2006 2:57 pm

Re: OpenVPN

Thu May 31, 2007 12:48 pm

Is there any update on this available?

Thank you
Ekkehard
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5955
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN

Thu May 31, 2007 12:57 pm

It looks like in Ros beta8 supports OpenVPN

you can access it in console:
/interface ovpn-server
/interface ovpn-client
 
Alex
Member Candidate
Member Candidate
Posts: 214
Joined: Thu Sep 30, 2004 11:07 am

Re: OpenVPN

Thu May 31, 2007 1:27 pm

with what packages?
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5955
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: OpenVPN

Thu May 31, 2007 1:40 pm

with ppp package
 
rabbtux
newbie
Posts: 49
Joined: Mon Dec 11, 2006 7:19 pm

Re: OpenVPN, ... openVPN ROCKS!

Fri Jun 01, 2007 9:40 am

I've been using this many places for several years. Never did the pptp thing until I migrated many APs to Mikrotik. Ran into all kinds of problems, in that pptp does not support multiple connections from behind a single nat firewall to one destination! With openVPN you can run through all kinds of nat firewalls and only use one port on the server.

Never tried the Version 3 beta. how stable is the hotspot functions?

My 7 MT systems vote for openVPN to show up in V2.9! :)
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: OpenVPN, ... openVPN ROCKS!

Fri Jun 01, 2007 10:29 am

I've been using this many places for several years. Never did the pptp thing until I migrated many APs to Mikrotik. Ran into all kinds of problems, in that pptp does not support multiple connections from behind a single nat firewall to one destination! With openVPN you can run through all kinds of nat firewalls and only use one port on the server.

Never tried the Version 3 beta. how stable is the hotspot functions?

My 7 MT systems vote for openVPN to show up in V2.9! :)
for PPTP worh through firewall use PPTP helper, that way you can have as many as you want pptp tunnels through nat
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN

Fri Jun 01, 2007 4:42 pm

to translate the previous post - to make PPTP work through NAT, you have to enable the GRE NAT HELPER. See manual (eg. read how to configure it, and then it will work fine)
 
rabbtux
newbie
Posts: 49
Joined: Mon Dec 11, 2006 7:19 pm

Re: OpenVPN, ... openVPN ROCKS!

Sat Jun 02, 2007 4:32 am

I've been using this many places for several years. Never did the pptp thing until I migrated many APs to Mikrotik. Ran into all kinds of problems, in that pptp does not support multiple connections from behind a single nat firewall to one destination! With openVPN you can run through all kinds of nat firewalls and only use one port on the server.

Never tried the Version 3 beta. how stable is the hotspot functions?

My 7 MT systems vote for openVPN to show up in V2.9! :)
for PPTP worh through firewall use PPTP helper, that way you can have as many as you want pptp tunnels through nat
unfortunately my border firewall/nat is not Mikrotik, rather Gentoo. The real point is that with openVPN I never need firewall helpers/modification for VPN clients.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN, ... openVPN ROCKS!

Mon Jun 04, 2007 2:47 pm

unfortunately my border firewall/nat is not Mikrotik, rather Gentoo. The real point is that with openVPN I never need firewall helpers/modification for VPN clients.
too bad then. in this case you can also use L2TP which is similar to PPTP but does not require a helper
 
rabbtux
newbie
Posts: 49
Joined: Mon Dec 11, 2006 7:19 pm

Re: OpenVPN

Tue Jun 05, 2007 2:13 am

Thanks for suggestion. Are we talking about putting pptp inside L2TP tunnel, or just L2TP by itself?

Is L2PT hard to setup on my Ubuntu virtual server (on the net), as I assume it's not too difficult with Mikrotik :-)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN

Tue Jun 05, 2007 8:25 am

In mikrotik it's a piece of cake. yes, I was talking about a standalone L2TP tunnel.
 
bcnl
just joined
Posts: 5
Joined: Wed Jun 06, 2007 9:19 pm

Re: OpenVPN

Thu Jun 07, 2007 3:08 am

Can you use winbox to setup the parameters for the OpenVPN server? Is there any documentation for this yet?

PS: Thank you VERY VERY much, I bought a routerboard a while ago but did not deploy it yet as I was waiting for the OpenVPN support to be added. Now all we need is hardware support for the hardware encyption cards :D
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: OpenVPN

Thu Jun 07, 2007 1:06 pm

sorry currently only console is available
 
bcnl
just joined
Posts: 5
Joined: Wed Jun 06, 2007 9:19 pm

Re: OpenVPN

Thu Jun 07, 2007 6:30 pm

Where would I find information on setting it up? I assume I need to put my root CA on the router as well as generate a CA for the router, would that be under certificates? After that's done I'm still not sure on the best way to actually set it up, it's not like I can just edit the openvpn.conf file like I can on a Unix system.

Thanks in advance for any help or advice.
 
changeip
Forum Guru
Forum Guru
Posts: 3804
Joined: Fri May 28, 2004 5:22 pm

Re: OpenVPN

Thu Jun 07, 2007 6:42 pm

winbox does have a gui for it under PPP.

Sam
 
bcnl
just joined
Posts: 5
Joined: Wed Jun 06, 2007 9:19 pm

Re: OpenVPN

Fri Jun 08, 2007 2:20 am

Cool,

Well I enabled it under PPP , created a open-vpn server interface, uploaded my root CA, and uploaded a signed cert for the rb500 but I cannot seem to connect to it from a workstation... I get no response. Sorry for all the questions, but I'm quite new to the routerboard and do not know where to look to diagnose this problem.

Any help would be appreciated.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24361
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: OpenVPN

Fri Jun 08, 2007 8:54 am

what client are you using on a workstation? surely you are aware that you need an openvpn client, which is not easy to configure.
 
YourSelf
just joined
Posts: 15
Joined: Fri May 26, 2006 5:31 pm

Re: OpenVPN

Fri Jun 08, 2007 11:54 am

I have tested it for a few moments, I also had a problems connecting in and out, but then I noticed that Mikrotik uses OpenVPN via TCP not via UDP which is normally default. When I changed to TCP on the other side, it partialy worked - I connected but then it got stuck somewhere after that. I could look at it again, but I had a little time. If I have not missed anything, there is currently no way how to change to UDP in mikrotik OpenVPN. I have used winbox, it could still be possible in command line, but I have not tested that.
Also I have noticed that in "ethernet" mode, the OpenVPN interface does not support bridging, bonding and possibly other ethernet-like interface features.
 
bcnl
just joined
Posts: 5
Joined: Wed Jun 06, 2007 9:19 pm

Re: OpenVPN

Fri Jun 08, 2007 6:41 pm

Normis,

I'm using the latest 2.0.9 client on windows, however in my setup I have unix/mac/pocket pc/windows clients and servers so I'm moderately experienced with configuration of the software. Currently for testing I'm using Mathias Sundman's excellent OpenVPN Gui as it's status window is a lot better than a dos box IMO.

I've changed my protocol to TCP as suggested by another board member and can now initialize the connection, however I'm still having some issues but at least I'm on the right track. Is there a chance that UDP support will be added before the beta is over? Tunneling TCP inside of TCP is a bit of a waste, and the UDP support of OpenVPN is one of the reasons I chose to go with it in the beginning.
 
bcnl
just joined
Posts: 5
Joined: Wed Jun 06, 2007 9:19 pm

Re: OpenVPN

Thu Jun 28, 2007 6:27 pm

Hello,

Will there be any inprovements made to the OpenVPN code in the next beta? Is there anything I can do to help with the development or testing?
 
wsgtrsys
newbie
Posts: 36
Joined: Sat Dec 25, 2004 2:22 pm

Re: OpenVPN

Fri Sep 07, 2007 2:54 pm

wish add UDP support!!
 
netrat
Member
Member
Posts: 403
Joined: Thu Jun 07, 2007 1:16 pm
Location: Virginia

Re: OpenVPN

Tue Sep 11, 2007 7:31 am

wish add UDP support!!
Yes I think this should be at the top of the list. Why are TCP tunnels even used? This is a newer feature in OpenVPN and they recommend that you don't use it, due to connections stalling out and the overhead.
OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations where UDP cannot be used. In comparison with UDP, TCP will usually be somewhat less efficient and less robust when used over unreliable or congested networks.
 
rabbtux
newbie
Posts: 49
Joined: Mon Dec 11, 2006 7:19 pm

Re: OpenVPN

Tue Sep 11, 2007 9:54 am

me two, or three. This is the killer app for me, as I could replace several embedded linux boxes with mikrotik if only it had 'normal' openvpn support. (UDP and certificate support)
wish add UDP support!!
Yes I think this should be at the top of the list. Why are TCP tunnels even used? This is a newer feature in OpenVPN and they recommend that you don't use it, due to connections stalling out and the overhead.
OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations where UDP cannot be used. In comparison with UDP, TCP will usually be somewhat less efficient and less robust when used over unreliable or congested networks.

Who is online

Users browsing this forum: archerious, bpwl and 76 guests