Community discussions

 
dtoffo
Trainer
Trainer
Posts: 88
Joined: Tue May 17, 2011 9:19 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Mar 04, 2018 10:40 am

It's a long standing request, and shouldn't be a lot of work.
This is a 12 year old request. What is going on?? Had to switch all of my VPN clients to other routers simply because of this. Mikrotik OpenVPN was 600+ms ping time and LOTS of packet loss. PPTP or IPsec was 90ms. But, OpenVPN is the only tech that the NSA can't break and that is truly secure. Also, it is the only one besides PPTP that AT&T's routers will allow to have servers.
don't agree. routeros openvpn implementation sure is not complete neither perfect, but I have no problems on many ovpn over tcp tunnels I have. I don't have the big latency even if I ping traversing 2 tunnels.
 
intermod
just joined
Posts: 23
Joined: Mon Oct 01, 2012 5:59 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Mar 08, 2018 9:40 pm

Argh....stumbled across this limitation here. Needing UDP wOVPN here as well. The UDP seems to operate faster, and we use lots of VoIP here that cannot tolerate retries. Is this a CPU horsepower issue?
 
pe1chl
Forum Guru
Forum Guru
Posts: 4814
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Mar 08, 2018 10:35 pm

No, the problem is that RouterOS does not use the opensource OpenVPN program but they have re-implemented it.
So the advances in OpenVPN with release of each new version do not carry over into the RouterOS version.
Apparently nobody at MikroTik dares to take on the task of updating their implementation or axing it entirely and using the open source version instead.
It has been promised that this would happen in RouterOS v7 but it looks like v7 has been indefinitely postponed.
(in another topic the remark has been made that "most features of v7 have been backported into v6 so why would we still want v7?")
 
4xy
just joined
Posts: 2
Joined: Sun Mar 25, 2018 7:26 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sun Mar 25, 2018 7:37 pm

I bought one due to it costs $20, looks very good all around and SUPPORT OpenVPN... It's really sad, it seemed the happiness is here!! :(
 
melky
just joined
Posts: 2
Joined: Wed May 09, 2018 11:02 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed May 09, 2018 11:05 am

+1 for UDP tunnels
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 5:51 am

I very disappointed to read this topic after i brought MikroTik hAP ac². :( :(
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 6:00 am

Still no news in June 2018 after two year.

viewtopic.php?f=1&t=77898&start=150#p527829
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 178
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 7:34 am

I very disappointed to read this topic after i brought MikroTik hAP ac². :( :(
Did you really buy an access point to establish OpenVPN connection(s) ?!
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 12:01 pm

I very disappointed to read this topic after i brought MikroTik hAP ac². :( :(
Did you really buy an access point to establish OpenVPN connection(s) ?!
I prepare to install OpenVPN server in hAP ac2.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4814
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 12:29 pm

I prepare to install OpenVPN server in hAP ac2.
It is possible but it will just be a server with very limited options.
After all this I start to think it would be better when MikroTik simply relabled the OpenVPN feature: name it something like MikroTikVPN and don't suggest any compatability to OpenVPN.
Then prospective buyers will no longer be deceived into thinking that they can use this OpenVPN feature to interconnect with some other OpenVPN service or client.
It would make it just an incompatible variant of SSTP and it could just as well be dropped entirely, but keeping it so existing users do not have to rework their setup would be nice.

As an OpenVPN server or client, well, it is just worthless.
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 12:33 pm

I prepare to install OpenVPN server in hAP ac2.
After all this I start to think it would be better when MikroTik simply relabled the OpenVPN feature: name it something like MikroTikVPN and don't suggest any compatability to OpenVPN.
Really agree your comment.
 
Sob
Forum Guru
Forum Guru
Posts: 3576
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 3:53 pm

Nah, give it a little time (*1), it will happen. Check it yourself, how the attitude changes from "no way" to "we already have it" (*2):

search.php?keywords=openvpn&author=normis

It's getting more optimistic over the time.

-
(*1) two or five years, ten maximum
(*2) at least a part of it
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 5:56 pm

Nah, give it a little time (*1), it will happen. Check it yourself, how the attitude changes from "no way" to "we already have it" (*2):

search.php?keywords=openvpn&author=normis

It's getting more optimistic over the time.

-
(*1) two or five years, ten maximum
(*2) at least a part of it
At least, they give the user a answer. Yes or no. It is very easy to answer. I don't know why they always silence.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8072
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 6:13 pm

What silence are you talking about? The answer was already given: "v6 - no UDP, v7 - UDP is ready, just wait for v7 itself".
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4814
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 8:11 pm

But there has also been the "well... maybe there will not be a v7... we already implemented most of the promised features in v6!".
Of course this does not include the promised features w.r.t. OpenVPN. (and others, e.g. BGP)
 
Sob
Forum Guru
Forum Guru
Posts: 3576
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 8:46 pm

Yep, we could use some update, at least about status of the thing, if not for OpenVPN itself. Because while some features might be impossible to add to v6, OpenVPN shouldn't be one of them.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 178
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 14, 2018 11:28 pm

Huh huh what about Metarouter on RB1100AHx2 :-)
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 4:06 am

What silence are you talking about? The answer was already given: "v6 - no UDP, v7 - UDP is ready, just wait for v7 itself".
Link, please.

v7 should be developed over FOUR Years. When we can get the v7 ?
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8072
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 10:50 am

Link, please.
search.php?keywords=openvpn&author=normis
v7 should be developed over FOUR Years.
Even more.
When we can get the v7 ?
When it's ready.
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
z1022
just joined
Posts: 16
Joined: Wed Jun 06, 2018 5:51 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 12:30 pm

Link, please.
search.php?keywords=openvpn&author=normis
v7 should be developed over FOUR Years.
Even more.
When we can get the v7 ?
When it's ready.
I just wait until they ready. I hope my router is worked when they ready. :lol:
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8072
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Jun 15, 2018 12:45 pm

We're all waiting for it :)
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
galeoner
just joined
Posts: 4
Joined: Wed Dec 25, 2013 9:35 pm
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Jun 21, 2018 8:07 pm

we're still waiting +1
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8072
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Jun 25, 2018 11:25 am

we're still waiting +1
Please post this only once a couple of month/years, not every week :)
Russian-speaking forum: http://forum.mikrotik.by. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

¡ɹǝ|SOɹǝʇnoɹ ʞıʇoɹʞıW ɯ‚|

MikroTik. Your life. Your routing.
 
AlexKV
just joined
Posts: 16
Joined: Tue Jul 06, 2010 9:57 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Mon Sep 03, 2018 10:38 pm

up )
+1 UDP
 
gnro
just joined
Posts: 1
Joined: Sun Aug 05, 2018 9:52 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Sep 08, 2018 3:13 pm

Waiting...

+1 UDP suport OpenVPN ovpn
+1 RouterOS v7 :-)
 
User avatar
spippan
Frequent Visitor
Frequent Visitor
Posts: 98
Joined: Wed Nov 12, 2014 1:00 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 05, 2018 9:31 am

Hmm, alpha... it looks like we may get something ready for this thread's 10th anniversary. I just hope that other nice OpenVPN features will also make it to the party.
LZO compression and SHA2 (SHA512) authentication come to mind...
wondering why one would go with ShA512 ... what is the big benefit (security/performance balance in mind) going with that?
sha256 brings no real security benefit over sha192 (hash length extension vuln. and so forth....)

LZO on the other hand would be a BIG improvement and UDP anyway! mikrotik is driving its users insane with still not implementing such "feature" (it is a basic openvpn mechanism AFAIK)....

come on guys ... this is not funny anymore and it's not getting better....
---
networking technician in a data center in austria
RB922UAGS-5HPacD > SXT LTE > Hutchinson 3G Austria/LTE
hAP ac lite > Hutchinson 3G Austria/LTE (brg)
RB951Ui-2HnD > A1 Telekom ADSL(brg)
RB951Ui-2HnD > A1 VDSL(brg)
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5683
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 05, 2018 5:16 pm

LZO is deprecated, so you should be asking for LZ4 instead
 
Sob
Forum Guru
Forum Guru
Posts: 3576
Joined: Mon Apr 20, 2009 9:11 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 05, 2018 7:20 pm

You better have LZ4 up your sleeve already, otherwise it's a cruel joke! :)
 
tkgit
Frequent Visitor
Frequent Visitor
Posts: 59
Joined: Sun Dec 23, 2012 8:32 am
Location: Dunedin, NZ
Contact:

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Tue Oct 09, 2018 6:09 am

from here :
https://www.reddit.com/r/Windscribe/com ... ard_setup/

how about SHA512 auth,
I can not use my windscribe account
 
Paco
just joined
Posts: 6
Joined: Mon Dec 22, 2014 10:50 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Wed Oct 10, 2018 9:59 pm

+1 for UDP support for OVPN on MikroTik
 
schadom
Frequent Visitor
Frequent Visitor
Posts: 93
Joined: Sun Jun 25, 2017 2:47 am
Location: Austria

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 11, 2018 3:31 am

from here :
https://www.reddit.com/r/Windscribe/com ... ard_setup/

how about SHA512 auth,
I can not use my windscribe account

+1 for sha256/sha512 in openvpn
seems it got implemented for ipsec recently
 
nin
just joined
Posts: 22
Joined: Sat Feb 20, 2010 9:02 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 11, 2018 11:05 pm

The long waiting time makes me so sad! Products and software - this is not a good match. One is good the other is a joke!
 
pe1chl
Forum Guru
Forum Guru
Posts: 4814
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 11, 2018 11:18 pm

The long waiting time makes me so sad! Products and software - this is not a good match. One is good the other is a joke!
Please enumerate your list of commercial routers (not alternative firmware) that actually have OpenVPN support that conforms to your wishes.
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 178
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 12, 2018 9:49 am

Another solution would be to support and maintain Metarouter.... even on the RB1100AHx2, but that's another story.
 
pe1chl
Forum Guru
Forum Guru
Posts: 4814
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 12, 2018 11:21 am

Another solution would be to support and maintain Metarouter.... even on the RB1100AHx2, but that's another story.
Yes, it would be very good to have metarouter back in service, or some other way of running user programs in some sandbox that only gives them some memory, a disk directory, and one or more network interfaces towards the physical router (tun/tap or similar).
That would allow all kinds of solutions to issues being posted all the time here and in the feature suggestion topic.
(OpenVPN, Wireguard, full-function DNS server, DHCP server for exotic requirements, etc etc)
 
pianisteg
just joined
Posts: 2
Joined: Sat Oct 13, 2018 12:10 am

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Oct 13, 2018 1:34 am

LZO is deprecated, so you should be asking for LZ4 instead
What about TLS auth and no username/password auth (only by keys)?
 
User avatar
dynek
Member Candidate
Member Candidate
Posts: 178
Joined: Tue Jan 21, 2014 10:03 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Sat Oct 13, 2018 8:22 am

Aaahhh Wireguard 😍
 
User avatar
spippan
Frequent Visitor
Frequent Visitor
Posts: 98
Joined: Wed Nov 12, 2014 1:00 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 18, 2018 4:21 pm

LZO is deprecated, so you should be asking for LZ4 instead
well ...

Image
---
networking technician in a data center in austria
RB922UAGS-5HPacD > SXT LTE > Hutchinson 3G Austria/LTE
hAP ac lite > Hutchinson 3G Austria/LTE (brg)
RB951Ui-2HnD > A1 Telekom ADSL(brg)
RB951Ui-2HnD > A1 VDSL(brg)
 
xt22
newbie
Posts: 33
Joined: Tue Jul 14, 2015 1:16 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 18, 2018 4:58 pm

+1 for UDP.

Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP..
 
pe1chl
Forum Guru
Forum Guru
Posts: 4814
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Thu Oct 18, 2018 5:08 pm

+1 for UDP.

Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP..
Instead, pay them to implement the suggestion in message viewtopic.php?p=692031#p692031
That will serve a lot of other purposes on CCR.
 
xt22
newbie
Posts: 33
Joined: Tue Jul 14, 2015 1:16 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 19, 2018 12:36 pm

Instead, pay them to implement the suggestion in message viewtopic.php?p=692031#p692031
That will serve a lot of other purposes on CCR.
Although I agree, I believe that would take some serious time. I don't get the point of not implementing already finished UDP support and waiting years for v7.. this reminds me the play "Waiting for Godot" :-/ TCP ovpn between europe and usa is damn slow, I had to go back to the good old l2tp+ipsec
 
pe1chl
Forum Guru
Forum Guru
Posts: 4814
Joined: Mon Jun 08, 2015 12:09 pm

Re: Feature Request: OpenVPN [ovpn] udp tunnels

Fri Oct 19, 2018 6:22 pm

It is likely quite easy to implement a user process but it could take some iterations to make it completely secure.
I would envision it like: you make a folder on the flash disk and put the executable there and add a config item which specifies the folder and the network devices you desire.
(like 1..4 tun/tap devices)
RouterOS creates/opens/initializes the tun/tap devices and chroots to the folder and starts the program. The program can read/write files (only) from "the root directory" which is the folder, and it can access the pre-opened network devices. The other end of those devices is visible in RouterOS where you can put them in a bridge, or set an IP address on them and route to them.
The program runs as a nonprivileged user which is disallowed to make critical system calls.
The user cross-compiles his software for the processor architecture (using gcc) and links it as a standalone executable. Maybe a libc shared library could be made available.

Once this is realized you can port a current version of standard OpenVPN or other software which includes all features you like, which is of course much easier to do than to add features to the rewrite that MikroTik is using in RouterOS.
I am running an old TCP/IP program (KA9Q NET) under Linux using this method in a Raspberry Pi, and it works perfectly.

Who is online

Users browsing this forum: DimaFIX and 4 guests