Community discussions

MikroTik App
 
User avatar
gnulab
newbie
Topic Author
Posts: 27
Joined: Sun Aug 31, 2014 10:27 pm
Location: Jakarta, Indonesia

OpenVPN Client

Sat Feb 22, 2020 4:51 am

Hi gurus and members,

I am having difficulties in figuring out where should I insert the settings provided by my VPN provider.

The settings laid out by the provider is as follows:
client
dev tun
reneg-sec 0
persist-tun
persist-key
ping 5
ping-exit 30
nobind
comp-lzo no
remote-random
remote-cert-tls server
auth-nocache
route-metric 1
cipher AES-256-CBC
auth sha512

From winbox, the settings available aren't many and thus many of the settings I don't know where to plug them in, especially the auth section where I read https://wiki.mikrotik.com/wiki/Manual:I ... r_.28AH.29 sha2 = sha256/512, while in my RB951G it is not available.
Screenshot - 2020-02-22, 09_48.jpg
So, where do I input the settings above in the Mikrotik?

Thank you.
H
You do not have the required permissions to view the files attached to this post.
 
User avatar
rooted
Member Candidate
Member Candidate
Posts: 129
Joined: Tue Feb 04, 2020 5:58 pm

Re: OpenVPN Client

Sat Feb 22, 2020 5:16 am

The option "auth sha512" isn't supported I don't believe.
 
User avatar
gnulab
newbie
Topic Author
Posts: 27
Joined: Sun Aug 31, 2014 10:27 pm
Location: Jakarta, Indonesia

Re: OpenVPN Client

Sun Feb 23, 2020 4:38 am

yeah, I suspected the sha512 setting causes connection failure. Hard to believe that Mikrotik does not support sha512 in the RB951. :(
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVPN Client

Sun Feb 23, 2020 8:58 pm

It's actually not at all hard to believe, they had half-implemented OpenVPN for many years, so one more missing feature is no surprise. They will surely add it, but OpenVPN was never high priority for them.
 
User avatar
gnulab
newbie
Topic Author
Posts: 27
Joined: Sun Aug 31, 2014 10:27 pm
Location: Jakarta, Indonesia

Re: OpenVPN Client

Mon Feb 24, 2020 10:34 am

I say it is surprising because Mikrotik is a commercial/enterprise grade versatile network product, yet it does not support sha256/512.

Yet, household grade router that can be installed DDWRT firmware actually supports sha512 in OpenVPN.

Hopefully Mikrotik can implement ciper sha256/512 in OpenVPN soon.


Henry
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVPN Client

Mon Feb 24, 2020 11:26 am

There's simple explanation, others simply took open-source OpenVPN with all features, MikroTik wrote their own implementation.
 
User avatar
rooted
Member Candidate
Member Candidate
Posts: 129
Joined: Tue Feb 04, 2020 5:58 pm

Re: OpenVPN Client

Mon Feb 24, 2020 12:33 pm

It's the only way it would fit.
 
User avatar
thuety
just joined
Posts: 16
Joined: Fri Jul 09, 2021 7:03 pm

Re: OpenVPN Client

Wed Mar 02, 2022 11:34 am

Two years later... release 7.1.3 finally supports UDP, but still no SHA512 :shock:
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: OpenVPN Client

Thu Mar 03, 2022 4:32 am

Sha512 is in 7.2rc.
 
MrDim
just joined
Posts: 7
Joined: Mon Sep 09, 2019 12:08 pm

Re: OpenVPN Client

Wed May 25, 2022 8:39 pm

Sha512 is in 7.2rc.
What about AES-GCM? Because CBC mode is insecure and must not be used - it's dropped by many apps/protocols.

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot] and 77 guests