Hi,
I can read on the wiki (http://wiki.mikrotik.com/wiki/OpenVPN), that OpenVPN is not supported in server mode (multi client to server).

I tried out and I'm able to connect more RB-client to one RB-server with OpenVPN.

Then, I'm asking: is the wiki incorrect ? or what?

Regards
Stefano

There is definitely a mistake. You can connect more than one client to OVPN server.

Ok, then there is a mistake in the MUM presentation:

VPN technology: IPsec, OpenVPN, PPTP - which is better? by Pawel Cieplinski
(AkademiaWIFI.pl, Poland)
http://mum.mikrotik.com/presentations/P ... ademia.pdf


regards
Stefano

That presentation is about OpenVPN in general. In RouterOS it does support this mode.

Now I'm really confused!

Is supported or not?
and what is not supported?

Stefano

There is definitely a mistake. You can connect more than one client to OVPN server.

The presentation is saying that OpenVPN on MT dosen't support server mode, exactly like writted in the wiki.

But forunately is a mistake!!

Stefano

apparently this person took the information from wiki, we will notify him of his mistake, thanks for pointing it out.

Hello

In this case it is a mistake then. I have to confess that my experience in OpenVPN in RouterOS is poor, but in general I implemented few times OpenVPN on Debian / OpenWRT. My Goal was to talk about VPN in general. I took information from WIKI as granted without verification. Thank you for your comment.


Pawel Cieplinski

Are you sure about this?
I have one rb running ovpn-server, and 2, sometimes 3-4 ovpn client rbs connecting to it at the same time.

Are you sure about this?
I have one rb running ovpn-server, and 2, sometimes 3-4 ovpn client rbs connecting to it at the same time.

did you read the rest of the discussion, particularly the post above yours?

Right now there are 84 ovpn connections to my RB1000.


Yes, it works.

ok,
many tnks
Stefano

Roadracer,

would you care to share your config ? We currently have 50 tunnels (OpenVPN) to a RB1000, but the RB1000 does not manage to stay alive for longer then a day or 2 and then it crashes. This has been turned into a support call for Mikrotik who seem to think there is a memory leak. I wonder what your uptime is ?

I had the same problem and had a support ticket open with MT support. I think I figured it out, though. try changing the profile to "only-one=no"

I think the server was colliding with itself when assigning IPs to clients if they disconnected and reconnected before openvpn realized they were gone. Since I changed this, I havent had a lockup. I was having it happen at LEAST weekly, normally ever 2-3 days, and sometimes twice/day. Right now, I am at 10 days since the last restart and that restart was an accident (didnt pay attention to what router I was in). So it has been 14ish days since I have seen it happen.

I use 2048bit certs for every client, require client cert, clients are a /32 point to point link, server address for every client is the same. AES-128 w/ SHA.

Here is the profile I use for 82 of the 86 connections:

/ppp profile
add change-tcp-mss=no comment="" local-address=10.16.128.1 name=Customer \
only-one=no use-compression=no use-encryption=required \
use-vj-compression=no

/interface ovpn-server server
/interface ovpn-server server
set auth=sha1 certificate=fw-1 cipher=aes128,aes192,aes256 default-profile=\
Customer enabled=yes keepalive-timeout=60 mac-address=FE:1D:10:11:78:AB \
max-mtu=1500 mode=ip netmask=32 port=1194 require-client-certificate=yes

clients are authenticated via RADIUS to a FreeRADIUS server w/ MySQL backend behind the RB1000.

Like I said, Im at almost 10 days of uptime right now and ~100gb of traffic has traversed the firewall. RouterOS v4.5