Page 1 of 1
OpenVPN
Posted: Sat May 20, 2006 6:56 pm
by mag
Maybe it would be worth to consider implementing OpenVPN in 2.1 or 2.x.
Posted: Mon Oct 23, 2006 11:16 am
by hennessy
I would definitely vote for that
Posted: Mon Oct 23, 2006 11:26 am
by normis
it's on the wish list, maybe in v3 it will be made
Re: OpenVPN
Posted: Mon Oct 23, 2006 6:54 pm
by changeip
Maybe it would be worth to consider implementing OpenVPN in 2.1 or 2.x.
I havent looked into OpenVPN much, but if it's OPEN why can't it talk with the standard VPN protocols as well? : )
Sam
Posted: Mon Oct 23, 2006 7:23 pm
by cmit
Different kind of beast - OpenVPN is basically a SSL-based VPN solution.
But a good one, for several scenarios. One of the sexy things is that you can get it through almost every firewall - you just need to open a single port...
Best regards,
Christian Meis
Posted: Tue Oct 24, 2006 8:15 am
by npero
One more vote for OpenVPN. Also work throughout proxy try some other VPN solution but this work almost on any place only need one port open to work.
Best regards.
Posted: Fri Oct 27, 2006 5:28 am
by BrianHiggins
you have my vote as well, many cellular carriers will not allow VPN traffic through your data service without paying additional fees, a SSL VPN would be nice.
Posted: Tue Nov 07, 2006 3:25 pm
by J0ke
must have!
Posted: Tue Nov 07, 2006 3:26 pm
by normis
already in development
Posted: Mon Jan 29, 2007 3:42 pm
by wsgtrsys
Hope add in 3.0
Posted: Mon Jan 29, 2007 3:44 pm
by normis
YES! see above post
Posted: Thu Feb 01, 2007 11:23 pm
by NoXy
Yes, OpenVPN support would be nice?
Maybe v3beta6 includes that?????
Posted: Fri Feb 02, 2007 10:31 am
by janisk
as normis said it is in development but there will be no other deadline other than stable 3.0 hope it gets faster, but it only depends on MT programmers
when they manage to get code stable enough.
so patience..
openvpn
Posted: Wed Feb 14, 2007 2:58 pm
by quican
Any have a "how to" guide about Openvpn and mikrotik conections?
i need connect my computer to a remote mikrotik router.
Cya! and thanks.
Posted: Wed Feb 14, 2007 3:01 pm
by normis
if you read this thread carefully, you will see that openvpn is not supported by RouterOS right now.
Posted: Wed Feb 14, 2007 4:04 pm
by quican
oh! tank you and sorry.. im from argentina and my inglish is not good. thanks a lot for answer and sorry for disturb the people.
Re: OpenVPN
Posted: Thu May 31, 2007 12:48 pm
by burkon
Is there any update on this available?
Thank you
Ekkehard
Re: OpenVPN
Posted: Thu May 31, 2007 12:57 pm
by mrz
It looks like in Ros beta8 supports OpenVPN
you can access it in console:
/interface ovpn-server
/interface ovpn-client
Re: OpenVPN
Posted: Thu May 31, 2007 1:27 pm
by Alex
with what packages?
Re: OpenVPN
Posted: Thu May 31, 2007 1:40 pm
by mrz
with ppp package
Re: OpenVPN, ... openVPN ROCKS!
Posted: Fri Jun 01, 2007 9:40 am
by rabbtux
I've been using this many places for several years. Never did the pptp thing until I migrated many APs to Mikrotik. Ran into all kinds of problems, in that pptp does not support multiple connections from behind a single nat firewall to one destination! With openVPN you can run through all kinds of nat firewalls and only use one port on the server.
Never tried the Version 3 beta. how stable is the hotspot functions?
My 7 MT systems vote for openVPN to show up in V2.9!
Re: OpenVPN, ... openVPN ROCKS!
Posted: Fri Jun 01, 2007 10:29 am
by janisk
I've been using this many places for several years. Never did the pptp thing until I migrated many APs to Mikrotik. Ran into all kinds of problems, in that pptp does not support multiple connections from behind a single nat firewall to one destination! With openVPN you can run through all kinds of nat firewalls and only use one port on the server.
Never tried the Version 3 beta. how stable is the hotspot functions?
My 7 MT systems vote for openVPN to show up in V2.9!
for PPTP worh through firewall use PPTP helper, that way you can have as many as you want pptp tunnels through nat
Re: OpenVPN
Posted: Fri Jun 01, 2007 4:42 pm
by normis
to translate the previous post - to make PPTP work through NAT, you have to enable the GRE NAT HELPER. See manual (eg. read how to configure it, and then it will work fine)
Re: OpenVPN, ... openVPN ROCKS!
Posted: Sat Jun 02, 2007 4:32 am
by rabbtux
I've been using this many places for several years. Never did the pptp thing until I migrated many APs to Mikrotik. Ran into all kinds of problems, in that pptp does not support multiple connections from behind a single nat firewall to one destination! With openVPN you can run through all kinds of nat firewalls and only use one port on the server.
Never tried the Version 3 beta. how stable is the hotspot functions?
My 7 MT systems vote for openVPN to show up in V2.9!
for PPTP worh through firewall use PPTP helper, that way you can have as many as you want pptp tunnels through nat
unfortunately my border firewall/nat is not Mikrotik, rather Gentoo. The real point is that with openVPN I never need firewall helpers/modification for VPN clients.
Re: OpenVPN, ... openVPN ROCKS!
Posted: Mon Jun 04, 2007 2:47 pm
by normis
unfortunately my border firewall/nat is not Mikrotik, rather Gentoo. The real point is that with openVPN I never need firewall helpers/modification for VPN clients.
too bad then. in this case you can also use L2TP which is similar to PPTP but does not require a helper
Re: OpenVPN
Posted: Tue Jun 05, 2007 2:13 am
by rabbtux
Thanks for suggestion. Are we talking about putting pptp inside L2TP tunnel, or just L2TP by itself?
Is L2PT hard to setup on my Ubuntu virtual server (on the net), as I assume it's not too difficult with Mikrotik
Re: OpenVPN
Posted: Tue Jun 05, 2007 8:25 am
by normis
In mikrotik it's a piece of cake. yes, I was talking about a standalone L2TP tunnel.
Re: OpenVPN
Posted: Thu Jun 07, 2007 3:08 am
by bcnl
Can you use winbox to setup the parameters for the OpenVPN server? Is there any documentation for this yet?
PS: Thank you VERY VERY much, I bought a routerboard a while ago but did not deploy it yet as I was waiting for the OpenVPN support to be added. Now all we need is hardware support for the hardware encyption cards
Re: OpenVPN
Posted: Thu Jun 07, 2007 1:06 pm
by janisk
sorry currently only console is available
Re: OpenVPN
Posted: Thu Jun 07, 2007 6:30 pm
by bcnl
Where would I find information on setting it up? I assume I need to put my root CA on the router as well as generate a CA for the router, would that be under certificates? After that's done I'm still not sure on the best way to actually set it up, it's not like I can just edit the openvpn.conf file like I can on a Unix system.
Thanks in advance for any help or advice.
Re: OpenVPN
Posted: Thu Jun 07, 2007 6:42 pm
by changeip
winbox does have a gui for it under PPP.
Sam
Re: OpenVPN
Posted: Fri Jun 08, 2007 2:20 am
by bcnl
Cool,
Well I enabled it under PPP , created a open-vpn server interface, uploaded my root CA, and uploaded a signed cert for the rb500 but I cannot seem to connect to it from a workstation... I get no response. Sorry for all the questions, but I'm quite new to the routerboard and do not know where to look to diagnose this problem.
Any help would be appreciated.
Re: OpenVPN
Posted: Fri Jun 08, 2007 8:54 am
by normis
what client are you using on a workstation? surely you are aware that you need an openvpn client, which is not easy to configure.
Re: OpenVPN
Posted: Fri Jun 08, 2007 11:54 am
by YourSelf
I have tested it for a few moments, I also had a problems connecting in and out, but then I noticed that Mikrotik uses OpenVPN via TCP not via UDP which is normally default. When I changed to TCP on the other side, it partialy worked - I connected but then it got stuck somewhere after that. I could look at it again, but I had a little time. If I have not missed anything, there is currently no way how to change to UDP in mikrotik OpenVPN. I have used winbox, it could still be possible in command line, but I have not tested that.
Also I have noticed that in "ethernet" mode, the OpenVPN interface does not support bridging, bonding and possibly other ethernet-like interface features.
Re: OpenVPN
Posted: Fri Jun 08, 2007 6:41 pm
by bcnl
Normis,
I'm using the latest 2.0.9 client on windows, however in my setup I have unix/mac/pocket pc/windows clients and servers so I'm moderately experienced with configuration of the software. Currently for testing I'm using Mathias Sundman's excellent OpenVPN Gui as it's status window is a lot better than a dos box IMO.
I've changed my protocol to TCP as suggested by another board member and can now initialize the connection, however I'm still having some issues but at least I'm on the right track. Is there a chance that UDP support will be added before the beta is over? Tunneling TCP inside of TCP is a bit of a waste, and the UDP support of OpenVPN is one of the reasons I chose to go with it in the beginning.
Re: OpenVPN
Posted: Thu Jun 28, 2007 6:27 pm
by bcnl
Hello,
Will there be any inprovements made to the OpenVPN code in the next beta? Is there anything I can do to help with the development or testing?
Re: OpenVPN
Posted: Fri Sep 07, 2007 2:54 pm
by wsgtrsys
wish add UDP support!!
Re: OpenVPN
Posted: Tue Sep 11, 2007 7:31 am
by netrat
wish add UDP support!!
Yes I think this should be at the top of the list. Why are TCP tunnels even used? This is a newer feature in OpenVPN and they recommend that you
don't use it, due to connections stalling out and the overhead.
OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations where UDP cannot be used. In comparison with UDP, TCP will usually be somewhat less efficient and less robust when used over unreliable or congested networks.
Re: OpenVPN
Posted: Tue Sep 11, 2007 9:54 am
by rabbtux
me two, or three. This is the killer app for me, as I could replace several embedded linux boxes with mikrotik if only it had 'normal' openvpn support. (UDP and certificate support)
wish add UDP support!!
Yes I think this should be at the top of the list. Why are TCP tunnels even used? This is a newer feature in OpenVPN and they recommend that you
don't use it, due to connections stalling out and the overhead.
OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations where UDP cannot be used. In comparison with UDP, TCP will usually be somewhat less efficient and less robust when used over unreliable or congested networks.