Community discussions

 
kennerblick
just joined
Topic Author
Posts: 12
Joined: Tue Apr 25, 2017 8:56 am

Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Fri Oct 26, 2018 10:18 am

I bought a Mikrotik router to have an all-round router that is very configurable and extensible.
Unfortunately, I quickly reached its limits. I tried to secure my internet traffic via the microtic router with a VPN provider. I have set up trial accounts with several VPN providers such as NordVPN, ExpressVPN or HidemyAss. For no VPN provider I found a working guide for the configuration as a client with dial-in via IPSec, L2TP or OpenVPN. Either the EAP authentication (L2TP) or cipher aes256 implementation (OpenVPN) was missing. Dialing via the obsolete PPTP works. A request to support supported VPN providers resulted only in the answer: "Unfortunately we cannot recommend any specific VPN providers. That is a subject you need to research for yourself."
I would be very grateful for ideas for problem solving.
Best Regards
 
chriscolden
just joined
Posts: 9
Joined: Fri May 04, 2018 3:41 pm

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Fri Oct 26, 2018 10:55 am

These have a guide for Mikrotik, dont know if it works or not though or if they are any good. https://www.safervpn.com
 
kennerblick
just joined
Topic Author
Posts: 12
Joined: Tue Apr 25, 2017 8:56 am

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Fri Oct 26, 2018 11:14 am

These have a guide for Mikrotik, dont know if it works or not though or if they are any good. https://www.safervpn.com
As far as I have seen L2TP is used without IPSec and OpenVPN without authentication.
I don't know if this is so secure.
Does anyone know better?
 
Binwalk
just joined
Posts: 6
Joined: Mon Mar 20, 2017 4:15 pm

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Fri Oct 26, 2018 2:11 pm

Depending on your goal, you could always setup a virtual private server.
You can run OpenVPN on the VPS without UDP or LZO compression so you can connect with your Mikrotik.
Another option is to use a router/firmware that will support those standards and use it to connect to one of those VPNs.
 
wispmikrotik
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Apr 25, 2017 10:43 am

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Fri Oct 26, 2018 4:05 pm

I bought a Mikrotik router to have an all-round router that is very configurable and extensible.
Unfortunately, I quickly reached its limits. I tried to secure my internet traffic via the microtic router with a VPN provider. I have set up trial accounts with several VPN providers such as NordVPN, ExpressVPN or HidemyAss. For no VPN provider I found a working guide for the configuration as a client with dial-in via IPSec, L2TP or OpenVPN. Either the EAP authentication (L2TP) or cipher aes256 implementation (OpenVPN) was missing. Dialing via the obsolete PPTP works. A request to support supported VPN providers resulted only in the answer: "Unfortunately we cannot recommend any specific VPN providers. That is a subject you need to research for yourself."
I would be very grateful for ideas for problem solving.
Best Regards
Hi,

Another provider that supports mikrotik:

- OpenVPN:
https://vpnptp.com/openvpn.html#mikrotik
- L2TP+IPsec
https://vpnptp.com/l2tp.html#mikrotikes

Regards.
 
Pericynthion
newbie
Posts: 37
Joined: Tue Jan 02, 2018 8:54 pm

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Fri Oct 26, 2018 8:30 pm

@kennerblick - I think you and I are going to be spending a lot of time together on here :)

#1 LT2P/IPSEC works... for now (VPN provider dependent)
This was also one of the main reasons I switched over to Mikrotik - with the ability to split traffic using the routing/connection marking and the mangle rules (which no other router seems to do) I successfully setup an LT2P w/IPSEC connection to my provider (https://www.hideipvpn.com/) taking advantage of the hardware acceleration of IPSEC in the Mikrotik. Here are the threads that lead me to the answer in the end (basically Sindy knows everything!!);

viewtopic.php?f=2&t=132194&p=652120#p652120

viewtopic.php?f=2&t=134048&p=659609#p659609

In my case it was a little complex - I wanted 99% of the local clients to route all their traffic out of the VPN provider gateway, over the L2TP/IPSEC interface, but for certain devices that demand an inbound DST-NAT (externally addressable media servers etc) or are using their IP geo-location to control services (e.g. live TV streamin based on 'home' location) , I wanted those to follow the regular local ISP route.
My config works, incl. hardware acceleration of the IPSEC for the L2TP interface, so PM if you like and I'm happy to share my config with you directly. If the provider is committed to the L2TP config, you'll be fine - but not sure for how long..

#2 Most of the VPN providers seems to be downgrading or reducing their L2TP support

Even HideIPVPN seems to treat their L2TP as an after thought - my L2TP session drops sometimes every couple of days, and then again sometimes a couple of times in a single day - getting support on it is pretty much 'looks ok at our end', and detailed logging of the client at this end just shows the connection drops randomly. I read on a similar thread that NordVPN is shuttering their L2TP servers to a fraction of their thousands of servers
Most of the VPN providers incl. HideIPVPN are pushing people to SSTP/Softether becuase its more easily available on clients like iPhones, Android and Windoze. However because its a TCP/SSL transport , its very flexible and navigates routers/firewalls easily but has a high overhead and makes things like VOIP and high throughput services tricky without experience some kind of jitter or buffering. The same is true of the OpenVPN implementation on RouterOS at the moment (its TCP only , currently no support for UDP) which carries the same session overhead.


So then when you look at whats left as a combination, most vendors also offer IPSEC as part of an IKEv2/IPSEC connection - which I'm currently struggling to setup in this thread here.

viewtopic.php?f=2&t=140250&p=694507#p694507

It seems a lot of the vendors offer it, but not a single one of the seems to know how to setup a remote client to use it. Everyone seems to categorize it as a site-2-site VPN, and having a Mikrotik client connecting to a 3rd party server isnt generally discussed.


So....Having picked through all the various options both at the RouterOS side and the VPN vendors (expressVPN, HideIPvpn, NordVPN etc etc), it seems like the best 'generally supported' option would be to have an OpenVPN UDP connection available in RouterOS and use that as the default gateway (unless you want to split some traffic like I do in my config).
Still unlikely to be as fast as the native L2TP/IPSEC, but for now I think this is our best long term option for now..

Unless of course, anyone has another opinion / experience on the matter.
 
kennerblick
just joined
Topic Author
Posts: 12
Joined: Tue Apr 25, 2017 8:56 am

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Mon Oct 29, 2018 11:16 am

I bought a Mikrotik router to have an all-round router that is very configurable and extensible.
Unfortunately, I quickly reached its limits. I tried to secure my internet traffic via the microtic router with a VPN provider. I have set up trial accounts with several VPN providers such as NordVPN, ExpressVPN or HidemyAss. For no VPN provider I found a working guide for the configuration as a client with dial-in via IPSec, L2TP or OpenVPN. Either the EAP authentication (L2TP) or cipher aes256 implementation (OpenVPN) was missing. Dialing via the obsolete PPTP works. A request to support supported VPN providers resulted only in the answer: "Unfortunately we cannot recommend any specific VPN providers. That is a subject you need to research for yourself."
I would be very grateful for ideas for problem solving.
Best Regards
Another provider that supports mikrotik:

- OpenVPN:
https://vpnptp.com/openvpn.html#mikrotik
- L2TP+IPsec
https://vpnptp.com/l2tp.html#mikrotikes

Regards.
Thank you very much for the information. I searched for VPNPTP. I did not find an independent rating or comparison to other providers for this provider.
Can anyone explain this to me?
 
tippenring
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Oct 02, 2014 8:54 pm
Location: St Louis MO
Contact:

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Mon Oct 29, 2018 10:51 pm

I've had a Torguard tunnel up via L2TP/IPSec for a couple of years. No problems. Torguard has a guide.

It may not be the best, but it serves my purpose.
 
WeWiNet
Member Candidate
Member Candidate
Posts: 168
Joined: Thu Sep 27, 2018 4:11 pm

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Tue Oct 30, 2018 11:00 am

I use Cyberghost , it does run with Mikrotik and there is a guide on the internet.
Don;t have the link on hand, but can provide later.
WeWiNet

**
MTCNA
hapac2, map, hap-lite, ltap-mini, RB4011 :-) !!!
 
wispmikrotik
Frequent Visitor
Frequent Visitor
Posts: 53
Joined: Tue Apr 25, 2017 10:43 am

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Wed Oct 31, 2018 8:20 pm

I bought a Mikrotik router to have an all-round router that is very configurable and extensible.
Unfortunately, I quickly reached its limits. I tried to secure my internet traffic via the microtic router with a VPN provider. I have set up trial accounts with several VPN providers such as NordVPN, ExpressVPN or HidemyAss. For no VPN provider I found a working guide for the configuration as a client with dial-in via IPSec, L2TP or OpenVPN. Either the EAP authentication (L2TP) or cipher aes256 implementation (OpenVPN) was missing. Dialing via the obsolete PPTP works. A request to support supported VPN providers resulted only in the answer: "Unfortunately we cannot recommend any specific VPN providers. That is a subject you need to research for yourself."
I would be very grateful for ideas for problem solving.
Best Regards
Another provider that supports mikrotik:

- OpenVPN:
https://vpnptp.com/openvpn.html#mikrotik
- L2TP+IPsec
https://vpnptp.com/l2tp.html#mikrotikes

Regards.
Thank you very much for the information. I searched for VPNPTP. I did not find an independent rating or comparison to other providers for this provider.
Can anyone explain this to me?
Hi,

vpnptp is a recent company in the market as a VPN provider. Personally I have configured a tunnel L2TP + IPsec without problems, good speed and stable. It has a guide on its website.

A greeting.

A greeting.
 
khaverblad
newbie
Posts: 38
Joined: Sat Mar 08, 2014 12:32 am
Location: Sweden

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Thu Oct 10, 2019 9:53 pm

What about if you just want to route web traffic via vpn provider, lets say that you utilize the Mikrotik as proxy and push traffic out via vpn provider. Wouldn't that be possible? Meaning instead of configure the client web browser with vpn settings the mikrotik is used for proxy settings. Possible?
 
sindy
Forum Guru
Forum Guru
Posts: 3959
Joined: Mon Dec 04, 2017 9:19 pm

Re: Mikrotik does not support IPSec, L2TP or OpenVPN connections to any VPN provider

Sun Nov 10, 2019 4:49 pm

Meaning instead of configure the client web browser with vpn settings the mikrotik is used for proxy settings. Possible?
Can you elaborate? Web proxy has a specific meaning and I'm not sure it is appropriate in this context.

If you want the VPN tunnel to be terminated at the Mikrotik (i.e. that the Mikrotik would act as a VPN client instead of the PC), that's definitely possible except VPN providers who use OpenVPN in UDP mode, Softether VPN, or Wireguard.

If that same Mikrotik is also the PC's gateway to the internet, you can simply route all traffic of that PC via the VPN. In that case, indicating it as a web proxy in the browser's configuration would only make sense if you wanted to let only the browser use the VPN while the rest of the PC's connections should be using the direct connection. If the Mikrotik acting as the VPN client is not the PC's gateway to the internet, then setting it as a web proxy for the browser allows you to divert only the browser traffic via it and keep using the direct connection via the other router for all the other traffic.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: No registered users and 121 guests