Feature request: OpenVPN compression LZO and UDP

ediaz · Wed Oct 16, 2013 2:48 pm

Hi,

I rely in this two options of OpenVPN for old setups, and changing all the remote hosts to not use lzo and udp is a real pain. Can you implemnt this two features in the openvpn server/client?

Regards

jandafields · Thu Oct 17, 2013 6:32 am

Hi,

I rely in this two options of OpenVPN for old setups, and changing all the remote hosts to not use lzo and udp is a real pain. Can you implemnt this two features in the openvpn server/client?

Regards

This has been requested here to death... Mikrotik has never shown any indication that this is ever going to happen.

gregorg · Wed Nov 06, 2013 12:38 pm

Still, people need it. +1 for the request

cREoz · Tue Nov 12, 2013 8:06 pm

workino · Wed Nov 13, 2013 11:12 am

+1 also here

eflanery · Wed Nov 13, 2013 6:50 pm

+1

But, at this point I think we are really beating a dead horse.

--Eric

patrickmkt · Wed Nov 13, 2013 9:06 pm

miszak · Thu Nov 14, 2013 10:09 pm

+1 too

CTrain · Fri Nov 15, 2013 3:56 am

The post below has how to utilize OpenVPN on the Meta Router to provide UDP and LZO compression, and all other openVPN Linux features.

http://forum.mikrotik.com/viewtopic.php?f=2&t=78793

friction · Fri Nov 15, 2013 10:28 am

so... If Metarouter can run some virtual router with OSPF we should ditch the OSPF feature in Mikrotik as well?
Metarouter is not the solution.

+1 for LZO and UDP in ROS.

StuartUSA · Wed Jan 15, 2014 5:10 pm

+1 for me too.

doridian · Mon Jan 20, 2014 3:10 pm

I don't care too much about LZO. But I need UDP tunnels (TCP is unusable for many situations as a tunneling protocol as outlined by others previously).
Again, MetaROUTER is not the solution here, especially by causing a major CPU load just to run on my RB...

dynek · Wed Jan 22, 2014 11:16 pm

comp-lzo support
auth-user-pass not required
tls-auth key support
udp support

SynVisions · Fri Feb 07, 2014 7:04 am

Why is this still not available?

vovannovig · Tue Feb 11, 2014 11:06 pm

When you see the compression???
You can argue a lot but the compression is not just the need for asymmetric channels, can save money and have a lot of good!
So why still not implemented ...?
Are not you ashamed that dosihpor not added and ignore pozhalaniya users???
------------------------------------------
Когда появится сжатие???

Можно много спорить но функция сжатия просто не обходима на асимметрических каналах, способна экономить деньги и еще много хорошего!
Так почему до сих пор не реализована...?

monkez · Thu Feb 13, 2014 1:41 pm

I also request UDP.
OpenVPN is common feature of Linux and probably the best way to estabilish VPN but MikroTik killed it.
I don't want to use PPTP and IPSec has troubles with firewalls.

poizzon · Thu Feb 13, 2014 1:47 pm

http://forum.mikrotik.com/search.php?ke ... mit=Search

Posted: Thu Feb 21, 2013 4:01 pm
no plans for that

Posted: Tue Jan 17, 2012 8:52 am
The answer was clear - We will not make new OpenVPN features.

Posted: Tue Oct 25, 2011 2:14 pm
ssh is our own implementation

tunnels Posted: Thu Sep 08, 2011 11:32 am
Thank for bringing up a thread more than a year old.
The answer was clear - We will not make new OpenVPN features.

Posted: Wed Feb 02, 2011 3:08 pm
eghtedari2000, OPENWRT is a different operating system, please ask in their forum about how to configure it:
https://forum.openwrt.org/

Posted: Tue Feb 01, 2011 12:12 pm
No, it's certainly not the reason. I have previously already explained that there were many unfixed problems in the OpenVPN itself, so we have stopped development, and concentrated on more reliable projects like SSTP. We don't plan to make UDP support in OpenVPN in near future.

Posted: Tue Oct 26, 2010 12:47 pm
We will not drop it, we will fix what we can, and leave it as is. What I'm saying is, that we will probably not make UDP support.

Posted: Wed Jun 09, 2010 7:33 am
Another problem with it, client and server end must match configuration 100%. if you have different clients connecting, this will be a huge pain to get done. OpenVPN is hard to configure. Maybe not for you, but in comparison to our other options.

Posted: Wed Jun 09, 2010 7:24 am
OpenVPN is very very buggy and hard to implement. Our developers almost all committed suicide trying to make it work. It's a big mess, so we can't continue to implement it 100%

Posted: Tue Jun 08, 2010 7:42 am
Practically (i am on a SSTP tunnel all the time now, for testing), I couldn't say there is a performance difference with or without the tunnel. Local network file transfers are just as fast

tunnels Posted: Mon Jun 07, 2010 8:58 am
We also have SSTP now, which works great and has the same benefits as OpenVPN. It's currently not popular yet, and (except RouterOS) it's supported only in Windows, but technically it's very interesting

dynek · Thu Feb 13, 2014 2:03 pm

Source: https://www.bestvpn.com/blog/4147/pptp- ... n-vs-sstp/

- OpenVPN is easily best all round VPN solution despite needing third party software on all platforms. It is reliable, fast, and (most importantly) secure (even against the NSA), although it usually needs a bit more setting up than the other protocols

- SSTP offers most of the advantages of OpenVPN but only in a Windows environment. This does mean that it is better integrated into the OS, but it is poorly supported by VPN providers thanks to this limitation. In addition to this, its proprietary nature and the fact that is was created by Microsoft mean that we for one don’t trust it

That says it all.

vovannovig · Thu Feb 13, 2014 3:13 pm

http://wikipedia.org/wiki/TUN/TAP

We used exactly the TAP and how it can be replaced?
L2 is used to implement the channels for QinQ, ...

Not one of all the other options did not give proper result in performance or have any great delay and packet loss. (Considering options SSTP + EoIP, PPTP + Eoip - little protection, a lot of problems, a large load on the processor!)

Definitely need to continue support and development of OpenVPN!!!

DogHead · Fri Feb 14, 2014 5:44 am

+1+1+1+1+1+1+1
Very important

vovannovig · Sun Feb 16, 2014 8:59 am

Please give an official response - will support this functionality in the future, and when to wait for implementation?
Vidut work or planning?

jandafields · Thu Feb 20, 2014 5:12 am

EdgeMax supports OpenVPN, and specifically UDP in OpenVPN. I think they support ALL of the OpenVPN options.

- SSTP ... its proprietary nature and the fact that is was created by Microsoft mean that we for one don’t trust it

PPTP was also developed in part by Microsoft, and is still one of the most popular tunnels today (despite it's obsoletefullness)

bSir · Thu Feb 20, 2014 8:48 am

Tried someone use OpenVPN from OpenWRT in metarouter?

Sorry, OT, I know...

Noc · Thu Feb 20, 2014 2:19 pm

+100

We use openvpn for video and VoIP and still don't understand why Mikrotik won't implement full OpenVPN (with udp etc) if other distributions can? RouterOS is great, but we don't buy it right now!!!

So for our salesteam it is in short: no full openvpn, no mikrotik!!!

Let the user make the decision if he wants to use udp / or tcp, don't make the decision for us!!!

daintree · Fri Feb 21, 2014 2:12 pm

We currently use TP-Link 1043s to run OpenWRT as OpenVPN clients. We run VOIP on top of this.

I just brought a RB750GL and was hoping to switch to Microtik for the above, but without OpenVPN UDP support that's not going to happen.

Wish I'd have spotted it wasn't possible before buying the router

AlexS · Sun Feb 23, 2014 12:09 pm

++100000

headshoter · Wed Mar 19, 2014 8:54 pm

+1
what the developer/support team does is not about anything but not caring/listening to user voices

marrold · Wed Mar 19, 2014 10:02 pm

DanielJB · Thu Mar 20, 2014 4:46 am

+1

I suspect that OpenVPN LZO compression isn't offered the due to the compression time for the MIPS processors in the most of the MikroTik routers.

I'd expect ~50Mbits/s max, as we see around 200Mbit/s on an ARM Cortex-A9:
http://git.kernel.org/cgit/linux/kernel ... ff0a99cf50

That said, MikroTik could use the optimised LZO kernel implementation (it's portable and standalone). Enabling OpenVPN LZO it is just an option when building it, so it's a no-brainer with the caveat that throughput may be worse. This is a crucial feature though.

c0d3rSh3ll · Thu Mar 20, 2014 6:05 am

+1 for udp protocol. I need to run a pfsense machine for openvpn over udp connected to my mikrotik core router

sent from my mobile phone with tapatalk

sergeysi · Thu Mar 20, 2014 1:56 pm

+100500 for UDP.
It is impossible to use TCP for VoIP (many IP-phones have built-in OpenVPN client) or on slow/unreliable connections.
I was very confused when found that Mikrotik does not support OpenVPN over UDP.

By the way, there is a mistake in OpenVPN wiki page, you can find proto udp in example configs.

drank · Thu Mar 20, 2014 6:01 pm

+1 for UDP and route pushing

vovannovig · Fri Mar 21, 2014 11:58 am

Comrades, I have the same problem as you - I Use mikrotik OpenVPN but it podderdivaet the old is not going smoothly and obnovlyat.V therefore taken the decision to replace the entire equipment with its troubled 6th version.

We are a manufacturer can not hear, alas.

dynek · Fri Mar 21, 2014 12:06 pm

Single and only solution is to use MetaRouter and install OpenWRT/OpenVPN for such functionalities.

Mikrotik said it few times: they will never increase number of functionalities or concentrate any effort on OpenVPN implementation.

Time to initiate the grieving process and forget about it.

vovannovig · Fri Mar 21, 2014 8:00 pm

I CCR and there no MetaRouter!

Alternatives OpenVPN no, sorry that mikrotik your opinion puts up user opinions!
Alas, but apparently mikrotik extinguished.

vovannovig · Fri Apr 11, 2014 12:26 pm

The manufacturer is not pralniruet prislushatsyak our opinion, and you want us to add features? I really need it!
Please reply to the official the last time that the representative would just finish this conversation.

Camis · Sat Apr 12, 2014 12:46 am

+1

UDP !

sbrassard1 · Thu May 22, 2014 9:13 pm

+1 for OpenVPN UDP

Test471 · Fri May 23, 2014 2:47 pm

+1

UDP!

midenok · Sat May 31, 2014 5:12 am

+1 udp!!!!!!!!!!!!!

manbot · Sun Jun 01, 2014 11:07 pm

If it possible - will be great!

Отправлено с моего iPad используя Tapatalk

xootraoox · Thu Jun 05, 2014 8:38 am

Pleaseeeee.............
++++++++++++++++++++++++++
100000000000000000000000000000

onnoossendrijver · Thu Jun 05, 2014 10:41 am

Come on guys... You know UDP support will not be available.
Also: No other high-end router manufacturer even supports OpenVPN. Not Cisco, not Juniper, not Alcatel...
I think IPsec is the way to go if you need a secure connection.

And if you really need OpenVPN, just pick a cheap x86 (atom) machine with linux. It will be faster and more up-to-date than most hardware routers.

dynek · Thu Jun 05, 2014 10:46 am

And if you really need OpenVPN, just pick a cheap x86 (atom) machine with linux. It will be faster and more up-to-date than most hardware routers.

Or MetaRouter, works like a charm for me!
Even a cheap and tiny Raspberry PI will do.

iossol · Thu Jun 05, 2014 1:15 pm

+1 Would like to see these Features too

We use more OpenVPN-Tunnels than IPSec, since it is more robust und has no problems behind other Nat-Router

xootraoox · Thu Jun 05, 2014 8:59 pm

It's really necessary to communicate with others.

UDP ++++++++++++ 1000000
LZO ++++++++++++ 1000000
TLS upgrade ++++++ 1000000

tierpath · Sat Jun 28, 2014 10:31 am

Mikrotik will not implement this. I asked 5 years ago.
They give a reason of openvpn being hard to develop, bad coding ang so forth, yet UBIQ has implemented it and PfSense has as well.
Mikrotik has nice features and neat stuff.
Except for UDP Openvpn with compression.

They give and excuse that it's too hard, yet it's not to hard because UBIQ, Vyatta, DDWRT, PfSense and so on have done it. So If they can why can't mikrotik?
Simple, Mikrotik frankly doesn't care to do the work their competitors have because they sell a lot of wireless and don't need to.

If thats not the reason, then they need better developers.

I can compile openvpn on many linux distros, freebsd, openbsd in a matter of minutes and yet MikroTik can't figure this out.

I wonder if mikrotik has Asked the developers of OpenVPN for help?

shiny · Tue Jul 01, 2014 12:49 pm

Mikrotik will not implement this. I asked 5 years ago.
They give a reason of openvpn being hard to develop, bad coding ang so forth, yet UBIQ has implemented it and PfSense has as well.
Mikrotik has nice features and neat stuff.
Except for UDP Openvpn with compression.

They give and excuse that it's too hard, yet it's not to hard because UBIQ, Vyatta, DDWRT, PfSense and so on have done it. So If they can why can't mikrotik?
Simple, Mikrotik frankly doesn't care to do the work their competitors have because they sell a lot of wireless and don't need to.

If thats not the reason, then they need better developers.

I can compile openvpn on many linux distros, freebsd, openbsd in a matter of minutes and yet MikroTik can't figure this out.

I wonder if mikrotik has Asked the developers of OpenVPN for help?

AFAIK, mikrotik doesn't use the default openvpn server/client software. All of those you mentioned, use the original openvpn software, thus having UDP is only natural, but for MT to implement it, they would have to re-code from scratch. If for them is more pain than gain, i can see why this decision has been made, but i think they just don't realise the benefits that they will get. Not sure also what is stoping them from using native openvpn server/client. Maybe a better explanation from MT would clear things up ?

Tigerauge · Sat Jul 05, 2014 3:28 pm

Hello,

UDP with OPENVPN would be nice. More important would be TLS authentication and the ability with a certificate / private key login (without username / password)

The VPN Provider "AirVPN" only supports this type of authentication, other providers will follow suit due to the current policy.

Greeting, Tigerauge

januszm · Sun Jul 06, 2014 1:02 am

+1 for auth-user-pass not required

I can't really see other explanation for Mikrotik NOT using native OpenVPN software, than licensing issues. Probably they'd need to pay or open their code? Not sure, BUT, THERE'S no other option for Mikrotik, they need to support full openvpn options. It's ridiculous that they don't and they need to code their own openvpn implementation.

Guys, seriously? OpenVPN is now the best, cross platform solution. Also, WITHOUT a need to use auth-user-pass it's damn easy to configure on the client side.

tierpath · Tue Jul 08, 2014 11:37 am

Mikrotik will not implement this. I asked 5 years ago.
They give a reason of openvpn being hard to develop, bad coding ang so forth, yet UBIQ has implemented it and PfSense has as well.
Mikrotik has nice features and neat stuff.
Except for UDP Openvpn with compression.

They give and excuse that it's too hard, yet it's not to hard because UBIQ, Vyatta, DDWRT, PfSense and so on have done it. So If they can why can't mikrotik?
Simple, Mikrotik frankly doesn't care to do the work their competitors have because they sell a lot of wireless and don't need to.

If thats not the reason, then they need better developers.

I can compile openvpn on many linux distros, freebsd, openbsd in a matter of minutes and yet MikroTik can't figure this out.

I wonder if mikrotik has Asked the developers of OpenVPN for help?
AFAIK, mikrotik doesn't use the default openvpn server/client software. All of those you mentioned, use the original openvpn software, thus having UDP is only natural, but for MT to implement it, they would have to re-code from scratch. If for them is more pain than gain, i can see why this decision has been made, but i think they just don't realise the benefits that they will get. Not sure also what is stoping them from using native openvpn server/client. Maybe a better explanation from MT would clear things up ?

Why would they code it themselves when they use GPL Software, they can simply work with OpenVPN to integrate it, or do it all by themselves, Either way, that makes no sense, why reinvent the wheel when your wheel is worse than the original in performance and functionality.

Epic Fail. Bonehead Maneuver. Exercise in Futility.

Hey MikroTik. If there is a complete logical explanation as to why you chose to create your own instead of work with OpenVPN to use what they have already create and have working well, please point me and everyone else to it, or post it.

Tue Jul 08, 2014 12:16 pm

The problem is integrating it with the rest of RouterOS, which caused us major problems. We are working on them, and will try to make UDP support in future.

dynek · Tue Jul 08, 2014 12:19 pm

weeehhh that's great news - as I thought it would never happen.

xootraoox · Tue Jul 08, 2014 1:33 pm

Future?...
what's future?...
weeks?...
months?...
years?...

xootraoox · Tue Jul 08, 2014 1:41 pm

Is a joke, someday there will be news... claps,claps, claps mikrotik.

tierpath · Tue Jul 08, 2014 9:45 pm

Like I said, there are problems. It is impossible to predict how long it will take to solve them

Given how compact ROS is, a static binary is probably the best bet.

I hate that it has taken MT this long to acknowledge that it is needed, but I am happy that you guys are working on it. I just bought 6 of the 1MW GB AP's for a customer to replace Netopia 3347's with to do the VPN. UDP would be great as I am routing CCTV video accross these links and file syncs. Looking forward to it.

If you need a beta tester for InterOP with PfSense and other OpenVPN installs let me know.

dynek · Tue Jul 08, 2014 10:39 pm

I just bought 6 of the 1MW GB AP's for a customer to replace Netopia 3347's[..]

May I ask which hardware/model exactly ?

tierpath · Tue Jul 08, 2014 11:23 pm

I just bought 6 of the 1MW GB AP's for a customer to replace Netopia 3347's[..]
May I ask which hardware/model exactly ?

RB951G-2HND

dynek · Wed Jul 09, 2014 9:25 am

Too bad there's no way to communicate outside the forum. Sorry for polluting.

Thank you for your answer - I'm looking for dual band hardware with case etc. There's none beside building one myself, right ?

tierpath · Mon Dec 29, 2014 2:24 pm

Mikrotik Dev's & Normis.

We have all been requesting UDP & LZO for OpenVPN.

I am now changing my request to something that would offer more functionality.

I request that you implement SoftEtherVPN which has OpenVPN Built-in.

https://www.softether.org/

It also offers other VPN options.

It seems it would be a better use of resources since it's OpenVPN Implementation is much faster that OpenVPN's itself.

Sob · Mon Dec 29, 2014 4:24 pm

So MikroTik developers were able to add partial OpenVPN support and for some reason aren't able/willing/whatever to add the rest. And your proposed solution is to take some kind of multiprotocol server, which looks like it does everything that their PPP package does and twice more and just stick it in there. Basically throw out everything they have, do whole integration from scratch, etc. How is that supposed to be easier than adding only the missing OpenVPN parts?

Mon Dec 29, 2014 4:33 pm

@tierpath

From what I can see in the comparison table, both the OpenVPN and SoftEther VPN projects use GPL, meaning that any projects that use them must also be open sourced.

Since RouterOS is not an open source piece of software, I doubt MikroTik will ever integrate SoftEther VPN, just as they haven't integrated OpenVPN, but have instead made their own implementation of the OpenVPN protocol.

@Sob
If MikroTik could integrate an external package that has all of these features, then it means the same thing as every other dependency they have: They have less things to worry about afterwards, just like how they integrate OpenSSL, and thus only have to worry about keeping it updated.

Integration should be relatively easy from a technical standpoint (easier than implementing new features from scratch), but like I said, from a legal standpoint... No.

Mon Dec 29, 2014 7:35 pm

As I remember softether was already rejected by mikrotik here on the forum.

tierpath · Fri Feb 06, 2015 10:56 pm

So MikroTik developers were able to add partial OpenVPN support and for some reason aren't able/willing/whatever to add the rest. And your proposed solution is to take some kind of multiprotocol server, which looks like it does everything that their PPP package does and twice more and just stick it in there. Basically throw out everything they have, do whole integration from scratch, etc. How is that supposed to be easier than adding only the missing OpenVPN parts?

They said they will Implement. it's 2015, almost 10 years since I started using MTik for solutions along with PFSense to give me the flexibilty I need in many situations.
Weather they use SoftEther or OpenVPN itself or their own homegrown version, they do need Compression and UDP.

Right now I have had to use MTIK boxes to create TCP OpenVPN Tunnels to a PFSense box at the HQ for a network because I could not find a suitable router that would run PFSense in a small package for the price point MTik offers.

ayufan · Sat Feb 07, 2015 7:36 pm

Right now I have had to use MTIK boxes to create TCP OpenVPN Tunnels to a PFSense box at the HQ for a network because I could not find a suitable router that would run PFSense in a small package for the price point MTik offers.

You can always try OpenWrt. It works great.

tierpath · Tue Feb 10, 2015 3:43 pm

Right now I have had to use MTIK boxes to create TCP OpenVPN Tunnels to a PFSense box at the HQ for a network because I could not find a suitable router that would run PFSense in a small package for the price point MTik offers.
You can always try OpenWrt. It works great.

Can I buy a router with it preloaded on Amazon?

realdreams · Sun Mar 22, 2015 5:17 pm

+1 to implement the 4 unsupported features of OpenVPN... I never thought a working VPN server could do without those features

esma · Mon Apr 06, 2015 3:27 pm

+1 need LZO and UDP

ejosterberg · Wed Apr 15, 2015 5:10 am

+3 for me too.
I run an ITSP (Internet Telephony Service Provider) or as the FCC calls us Interconnected Voice over Internet Protocol Service Provider. I have about 50 remote customer sites that are strictly VPN connected to our SIP network. We currently run Tomato VPN on Netgear routers. After the heartbleed bugs and replacing (updating) those 50 sites twice now I've had it and started looking for something better. I'm also looking to add OSPF as we have a couple of OpenVPN concentrators and I'd like to move clients without the static routing table changes and I'd like to have a few sites maintain multiple connections to different concentrators. (We are located in 3 colocation centers and can link clients to the nearest site.)

Anyhow, I thought I fell in love and ordered 3 of the RP750's for testing. Before I got these up and running, I ordered 2 of the CCR-1036 thinking I could replace our aging Cisco 7206VXR/G2 which handles BGP with 2 peers. I'm thrilled that Amazon was so easy to cancel!

Sadly, not supporting OpenVPN with UDP and LZO is a deal killer. VoIP doesn't work too well wrapping our tiny UDP packets into a TCP connection. Too much overhead and a dropped packet is very noticeable. The last thing I want is to replay or fix a late UDP packet. Drop and move on please. UDP does that!

I truly fell in love with the idea of supported OS's on supportable hardware with inexpensive rack mount options.
I might still try the BGP on a pair of CCR-1036's. Anyone have advice on that? Can I take full default-less routing tables in 16GB on these? I take nearly full routes on 4GB on the Cisco. (we filter longer prefixes to save memory)

I'd also be interested in knowing what other products will meet my needs. Sounds like I'll check out Ubiquiti routers for the OpenVPN over UDP with OSPF. Seems the EdgeMax is where I should spend my money? I'm tired of the roll your own or non remotely updatable platforms.

Please MikroTik, tell me you want me to test your beta release supporting UDP for OpenVPN! Or like others have said, tell me it's coming in 9 months or whatever.

Thanks,

morph · Tue May 19, 2015 1:18 pm

I was configuring a mikrotik as an openvpn client for the first time today and while troubleshooting I found that I have to disable compression and that it only works using TCP.
I came here for a solution and got a really bad surprise. Mikrotik does not support UDP and compression!
Everyone keeps saying how good and multifuntional Mikrotiks are but this is really something that should have been implemented long ago.

Tue May 19, 2015 4:41 pm

That's it. I fully agree.

marlab · Sun May 24, 2015 6:54 pm

After years of being Mikrotik user I would need to abandon this platform due to lack of UDP for OpenVPN

My entire company switched to excellent pfSense routers, they are based on open source and all use OpenVPN over UDP... Mikrotik, it's time to wake up

onnoossendrijver · Mon May 25, 2015 6:57 pm

I don't understand why you would desperately need OpenVPN/UDP support. I can't think of any professional router manufacturer that has OpenVPN support.
Besides that there are many good (better?) alternatives to OpenVPN.

dynek · Mon May 25, 2015 8:23 pm

From a straight forward and quick way to implement, please name them.

onnoossendrijver · Wed May 27, 2015 10:25 am

I agree OpenVPN is very easy and straightforward to install. PPTP is about as easy but requires GRE to pass through and is not as secure.
IPsec is also okay, but requires a bit more configuration and doesn't like NAT very much.

Still, I think this kind of functionality does not belong on a router. If you need a VPN concentrator I would install plain linux on a machine and install OpenVPN. You'll have much better performance, scripting is possible (i.e. custom firewall rules per connecting client) etcetera.

dynek · Wed May 27, 2015 10:43 am

Still, I think this kind of functionality does not belong on a router. If you need a VPN concentrator I would install plain linux on a machine and install OpenVPN. You'll have much better performance, scripting is possible (i.e. custom firewall rules per connecting client) etcetera.

I do agree on this one.
MetaROUTER with OpenWRT and OpenVPN daemon are doing a great job for this purpose!

Cheers

RyperX · Wed May 27, 2015 12:47 pm

Arg... switched last week from my home consumer router to the great mikrotik devices.
After setting up the easier things the last day i wanted to setup openvpn.
Now i found out its not supporting udp

Its really sad because many public wifi networks only allow the udp port for the openvpn connection, so i cant use it the most times. Would also really appreciate the udp support!

dynek · Wed May 27, 2015 5:18 pm

What Routerboard model do you have ?

RyperX · Wed May 27, 2015 11:23 pm

Hi!

I have the 2011UiAS-2HnD

dynek · Wed May 27, 2015 11:58 pm

Well as far as I know you can run MetaROUTER on this device.

So creating a simple one with OpenVPN inside is pretty easy and it will fit your needs.

RyperX · Thu May 28, 2015 8:43 am

This feature tells me nothing but big thanks will check it out. So much tu learn

dynek · Thu May 28, 2015 9:40 am

http://wiki.mikrotik.com/wiki/Manual:Metarouter

It requires some linux knowledge to setup but not so complicated.

drdotti · Tue Jul 14, 2015 11:55 pm

drdotti · Tue Jul 14, 2015 11:57 pm

Is there a redy to use MetaRouter Image?

dynek · Wed Jul 15, 2015 12:05 am

Almost. You just have to install the OpenVPN package and configure it.

urknall · Tue Aug 11, 2015 3:49 pm

Any news on this, i need to push routes to clients from the server, never tried metarouter. BUT i like to have this out of the box with mikrotik. If you need to have full openvpn support, the solution cannot be to have a metarouter running for that...

Cha0s · Tue Aug 11, 2015 4:02 pm

Out of curiosity how much traffic can an openwrt metarouter image handle?

MIPSBE is slow on its own, I can't imagine running openvpn with encryption over metarouter being able to push any significant amount of data without maxing out the CPU.

urknall · Tue Aug 11, 2015 5:57 pm

Just tested a metarouter openwrt image on my system. Eating way too much cpu, maybe that is possible on a ccr or so, but no go on smaler mikrotik devices...

Cha0s · Tue Aug 11, 2015 6:35 pm

Just tested a metarouter openwrt image on my system. Eating way too much cpu, maybe that is possible on a ccr or so, but no go on smaler mikrotik devices...

CCRs (Tilera) and PPC boards do no support metarouter.

vortex · Tue Aug 11, 2015 6:58 pm

+1

You don't get to choose the VPN as an extranet client.

esma · Wed Aug 12, 2015 1:08 pm

metarouter not good for OpenVPN and for CCR.

kartwall · Thu Aug 13, 2015 8:58 am

+1+1+1
udp+lzo ovpn server really matters for me. I don't think this is a technical problem which prevents this feature since this has been requested from several years ago, the real thing should be some non-technical issues.

marlab · Fri Aug 14, 2015 9:55 pm

Openvpn UDP is becoming real business standard these days. I would buy more Mikrotik routers if it was supported, sadly I need to go competitors. Metarouter as workaround is not stable - I tried it.

Sysline · Tue Aug 18, 2015 10:49 pm

Yes! I NEED UDP and compression. Please, make it possible!

Thanks so much!

lotnybartek · Tue Aug 25, 2015 8:07 pm

+1 for UDP support.

kamillo · Wed Aug 26, 2015 10:49 am

I would like to see UDP and compression support as well

zpn · Wed Aug 26, 2015 3:25 pm

+1 for LZO
Also obfuscate for openvpn connections to against the GFW will be nice...

roswitina · Fri Sep 11, 2015 10:00 am

+1 for UDP and compression LZO

Rosi

BMan · Fri Sep 18, 2015 9:32 pm

+1 for UDP and compression LZO

Sysline · Sun Sep 27, 2015 9:50 pm

+1 UPD & LZO need 100%

RyperX · Mon Sep 28, 2015 10:22 pm

Also still waiting for this 2 features

esorin0 · Mon Oct 12, 2015 11:50 pm

+1 UPD & LZO
+++++

cedon · Tue Oct 13, 2015 10:34 am

+1 from me for UDP and LZO... AND tls-auth (ta.key)

hrehm · Sun Oct 25, 2015 4:44 pm

+1 for openVPN UDP !!!

Siona · Sun Oct 25, 2015 7:42 pm

+1 udp zip

th0massin0 · Tue Oct 27, 2015 1:31 pm

+1 for UDP + LZO and tls-auth

BulliteShot · Tue Oct 27, 2015 8:03 pm

I have 20 Mikrotik routers... so...
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1
+1

Cmon guys

gangs · Wed Oct 28, 2015 3:13 pm

+1 !!!

elgrandiegote · Thu Oct 29, 2015 1:26 am

+1 for UDP + LZO and tls-auth

+10000000

Scormave · Tue Nov 03, 2015 3:02 pm

+1 UDP + LZO

ckleea · Wed Nov 04, 2015 12:39 am

Supported

SaeedYa · Sat Nov 07, 2015 12:53 pm

Come on Guys !!

+1

Siona · Sat Nov 07, 2015 3:37 pm

It is one of most missing future for soho routers from mikrotik.

fikt · Sat Nov 07, 2015 5:23 pm

Mikrotik,

there has been no other feature requested as mush as this OpenVPN compression LZO and UDP.

Any explanation why it is not implemented?

patrickmkt · Sun Nov 08, 2015 7:47 pm

Already voted on that years ago. And I'm still asking for it

GAS · Fri Nov 13, 2015 3:24 pm

+100500 for UDP and compression LZO

marcodefreitas · Sun Nov 15, 2015 3:31 am

@tierpath

From what I can see in the comparison table, both the OpenVPN and SoftEther VPN projects use GPL, meaning that any projects that use them must also be open sourced.

Since RouterOS is not an open source piece of software, I doubt MikroTik will ever integrate SoftEther VPN, just as they haven't integrated OpenVPN, but have instead made their own implementation of the OpenVPN protocol.

@Sob
If MikroTik could integrate an external package that has all of these features, then it means the same thing as every other dependency they have: They have less things to worry about afterwards, just like how they integrate OpenSSL, and thus only have to worry about keeping it updated.

Integration should be relatively easy from a technical standpoint (easier than implementing new features from scratch), but like I said, from a legal standpoint... No.

No. The only code that must be open-sourced is the code modified as is stated by GPL. MikroTik uses the GPL'ed code of Linus' kernel…

MikroTik@Linux.png

Sun Nov 15, 2015 4:24 am

No. The only code that must be open-sourced is the code modified as is stated by GPL. MikroTik uses the GPL'ed code of Linus' kernel…

You're right. In my defense, at the time of that post, I did not know those details, and in fact, until this more recent thread I just found out MikroTik includes GPL software.

kamaxeon · Thu Nov 19, 2015 2:16 am

+1 for udp and lzo

MikroTikFan · Mon Nov 23, 2015 11:34 pm

+1 for UDP

Why Mikrotik stuff is not taking into consideration customers votes ???
This times this is unique business strategy ...

rheo · Tue Nov 24, 2015 12:46 am

+1 would also like to see this

shodan · Tue Nov 24, 2015 8:24 pm

Yes! i want LZO and UDP too!
If you doing this, you soft be very cool!

MikroTikFan · Wed Nov 25, 2015 9:00 pm

+1 -- UDP
+1 -- LZO

Why Mikrotik stuff is not going to answer or make this happened since so many years ???

Customers votes are not important ???????????????????????????????????????

norlin · Mon Nov 30, 2015 10:07 am

+100500 for both options.

p.s. is this forum – the official way to make feature-requests??

norlin · Mon Nov 30, 2015 10:25 am

Mikrotik support answer (just now):

Thank you for the suggestion. We are already working on UDP OpenVPN in RouterOS v7

Nseven · Mon Nov 30, 2015 2:01 pm

This stops me from buying a MicroTik router. I hope these features will be available soon.

dynek · Mon Nov 30, 2015 9:12 pm

huuuuh if that's for sure this time I may want to finally buy a RB1100ahx2

No more need for MetaRouter.

Sob · Mon Nov 30, 2015 10:35 pm

I just hope they don't stop with UDP and add everything that standard OpenVPN can do. For example, pushing routes to clients is very nice feature too.

cpliu903 · Wed Dec 02, 2015 6:22 am

+1

UDP very very very important.

MasterXP · Wed Dec 02, 2015 7:15 am

+1 for UDP
+1 for Compression
+1 for Pushing Routes

blacksd · Wed Dec 02, 2015 10:27 am

Subscribed to this forum to add my +1.

I'd be more than happy to ditch Cisco for Mikrotik, but - even after the base course and certification - I'm not convinced. OpenVPN is *way* too important to be simply overlooked "by more interesting VPN solutions" (their words). I'm not a bunker, but this smells a lot of "hey we made a deal with Microsoft to let out OpenVPN from our platform".

Siona · Wed Dec 02, 2015 5:21 pm

O yes!
Pushing routes! I'd really like to see it in ROS!

wasbak · Thu Dec 03, 2015 3:53 pm

+1 udp + routes + lzo

websun · Thu Dec 10, 2015 10:29 pm

+1

Cmon guys these are basic 15 year old router functions.

onlineuser · Fri Dec 11, 2015 6:29 pm

+1

Yes, come on, please add UDP and compression!

MikroTikFan · Sun Dec 13, 2015 1:32 pm

Mikrotik support answer (just now):
Thank you for the suggestion. We are already working on UDP OpenVPN in RouterOS v7

May I ask Mikrotik Support when this will be launched to production and announced to all Mikrotik community?

DJGlooM · Fri Dec 18, 2015 5:24 pm

Need
Openvpn UDP
NOW!

Stop feeding promises, leave everything else and just do it!

How the hell should we make stable and secure long-distance tonnels with TCP? Meltdown ruins it all.
GRE is inconvinient and not supported with mobile clients, PPTP is unsecure, L2TP+IpSec is old and again, not well-supported for mobile clients.

MikroTikFan · Tue Dec 22, 2015 9:27 pm

Mikrotik Support - can you share witch this community date when Mikrotik Team is going to launch RouterOS v7 ?

gidden · Tue Dec 29, 2015 3:32 pm

tls-auth + LZO
+1
+1
+1
(I have 3 Mikrotik routers)

msatter · Sun Jan 10, 2016 1:59 am

+1 for OpenVPN with UDP

aigarslv · Mon Jan 11, 2016 3:15 pm

Please don't forget OpenVPN TLS authentication. As OpenVPN is becoming one of major players.

tapsa · Mon Jan 18, 2016 4:40 pm

+1 for udp tunnel with static key
This is really show stopper that you need another device to make openvpn p to p tunnels. Currently if you need real l2 tunnel without any ip there is no good way to do it.

th0massin0 · Sun Jan 24, 2016 1:48 pm

Dear Mikrotik Support and Developers Staff
In context of governmental changes in Poland and dramatic changes in Act of Police (known as “Invigilation Act”) I will ask one more time, please give us OpenVPN in UDP with compression and TLS. We have many RouterBoards already and if you will make OpenVPN works in proper way, we will definitely buy more.

andryan · Mon Jan 25, 2016 9:30 am

+1 for LZO compression, UDP support, no user-pass authentication option

kamaxeon · Wed Jan 27, 2016 4:50 pm

I can't wait more time, bye bye Mikrotik ....

haloman · Sun Feb 14, 2016 6:19 pm

+1000 for LZO & UDP

Janhouse · Wed Feb 17, 2016 12:37 am

+1 UDP

Chega · Tue Feb 23, 2016 12:11 am

+1 UDP and LZO

RyperX · Tue Feb 23, 2016 7:57 pm

+1 LZO & UDP

iGz · Wed Feb 24, 2016 3:58 pm

+1 for tls-auth
+1 LZO & UDP

dynek · Wed Feb 24, 2016 10:49 pm

Seriously guys, don't you want to stop +1 ?

It has no effect, Mikrotik devs aren't counting how many people are incrementing an unexisting counter...

Thu Feb 25, 2016 12:27 am

Even the counter doesn't exist at all, it can be always easily risen by one in metavirtualized space. Isn't it wonderful?

cpliu903 · Thu Feb 25, 2016 10:37 am

which version will be include this new feature ??

spippan · Thu Feb 25, 2016 2:05 pm

please ... pleeease

for performance' sake ... implement UDP and compression in rOS OpenVPN

Chega · Wed Mar 02, 2016 10:04 pm

+1 for tls-auth
+1 LZO & UDP
Please.

WitekB · Thu Mar 03, 2016 11:22 pm

+10 for UDP

+0.5 for LZO/LZ4/Snappy which are supported by OpenVPN

eternal0 · Tue Mar 08, 2016 7:37 am

+1 for UDP.
TCP is much slower than UDP at high latency or high packet loss environment.

MTusewk · Tue Mar 08, 2016 8:33 am

+10 for UDP & LZO. It is a much needed feature.

berrigorri · Thu Mar 10, 2016 10:22 pm

+10

i need ten of my fifteen mikrotik routers connected to main site !! pleaseeee !!

darkprocess · Fri Mar 11, 2016 12:08 am

+1 please

UsernameMT · Fri Mar 11, 2016 3:46 pm

Please
+1 LZO and UDP

Zorro · Mon Mar 14, 2016 8:29 pm

resource consumption -wize - LZO isn't so great thing. not only in OpenVPN package.
but UDP is quite common feature and "expected" thing, yep. its only of things that actually make OpenVPN handy(compared to say SSTP or L2TP).

Sob · Mon Mar 14, 2016 11:04 pm

It depends on what you need. Enabling LZO on some weaker RB and expecting to push through many Mbits would not work well. But instead, you may need to access server using some very slow connection and then every saved byte is good. And don't forget client scenario, where you must accomodate to server config that you can't change.

The point is, RouterOS OpenVPN needs to support everything that official OpenVPN supports. If it doesn't, there will always be dissapointed users. Because if OpenVPN support is advertised, people usually don't expect it to be just part of it.

Fri Mar 18, 2016 2:44 am

THere will be UDP support in ROS v7.

UsernameMT · Fri Mar 18, 2016 3:42 pm

THere will be UDP support in ROS v7.

Hi.
In what month in 2016 year is planned to release ROS v7?

Swordforthelord · Fri Mar 18, 2016 6:26 pm

THere will be UDP support in ROS v7.

Thank you!

buzzdee · Sat Mar 19, 2016 12:48 pm

THere will be UDP support in ROS v7.

Finally. Thanks a lot!

mbecroft · Sat Mar 26, 2016 12:56 pm

For me this is a make or break feature. I cannot believe that for 10 years Mikrotik has not been able to do this. How many hundreds of users do you have that all have been asking for this, plus the thousands more who need it but haven't posted in any of the numerous forum threads on the topic.

GPL licensing should not be an issue since they are not linking with it. So they can use it as a process running within their proprietary environment, their only obligation under GPL being to make the source code of OpenVPN itself available, which simply means having a statement in the manual: Mikrotik software uses GPL source code, you can download it here -> point to OpenVPN official git repos.

Absolutely essential features for me and I think most users are:

UDP
LZO
TLS

OpenVPN has become the de-facto standard VPN for numerous environments for many reasons, because basically it has more features, wider support and is easier to configure than any of the proprietary VPN protocols, and does things IPsec just can't easily do, and does so with a fraction of the configuration difficulty.

How can even Ubiquiti of all vendors have this and yet Mikrotik cannot do it. Sorry to be blunt but this is insanity and total burying of head in the sand from Mikrotik. *Please* pull yourselves together and come up with a viable roadmap here. I really want to use your products but you are making it so hard...

P.S. the news that UDP support is coming in v7 is welcome, but what about LZO and preferably TLS> Without those it's still useless for many people. Remember if the server is configured to use LZO, you *have to use LZO*. And nobody is going to turn off LZO on their server just so I can connect my Mikrotik to it.

poizzon · Tue Mar 29, 2016 3:19 am

THere will be UDP support in ROS v7.
Hi.
In what month in 2016 year is planned to release ROS v7?

up to Christmas will be done !

the only question is to what year, of Christmas !

basic833 · Tue Apr 05, 2016 11:53 pm

Udp only ,what about lzo?And when?

basic833 · Wed Apr 06, 2016 12:03 am

Please add to openvpn this one!!!!->
UDP mode
LZO compression
TLS authentication
authentication without username/password

itmethod · Wed Apr 06, 2016 4:43 am

I Would like this as well. Most of the providers use lzo and udp.

7cigun · Tue May 24, 2016 11:26 am

+1, finger up
Mikrotik is good. But with OpenVPN+UDP it will be almost perfect.
Please.

Tue May 24, 2016 1:22 pm

Hi.
In what month in 2016 year is planned to release ROS v7?

When it's ready ?

Hopefully soon!

pkrexer · Mon May 30, 2016 5:36 am

I was sadden today when I went to setup an openvpn connection and couldn't figure out why things weren't working. Come to find out, lzo isn't supported! Seriously? Pretty much any vpn provider offering openvpn requires lzo compression.

So I can flash some crappy linksys or netgear router with dd-wrt / openwrt and have all the openvpn features, yet i can't with my mikrotik.... nice

I would like to keep my hopes up that proper support is coming...but judging by this thread, it doesn't seem promising.

oscar120584 · Mon May 30, 2016 12:00 pm

Please add to openvpn this one!!!!->
UDP mode
LZO compression
TLS authentication
authentication without username/password

+100500
Please add...

retali8 · Fri Jun 03, 2016 8:57 am

morze · Wed Jun 15, 2016 10:02 am

+1 LZO and UDP (I just bought the P10-Perpetual CHR key

, pleeeeeese

)

Paternot · Sun Jun 19, 2016 2:20 am

+1 for OpenVpn
UDP mode
LZO compression
TLS authentication
authentication without username/password
And pushing routes to clients

temesi · Tue Jun 21, 2016 12:49 am

+1 for udp + lzo + TLS

UsernameMT · Fri Jul 08, 2016 12:20 pm

THere will be UDP support in ROS v7.

You wrote - Fri Mar 18, 2016 3:44 am
.............................................
4 months later ....
When fantasy_ROSv7 appear (with UDP mode, LZO compression, TLS authentication, authentication without username/password) ?

I'll die of old age, and not waiting ROSv7?

Can i continue to buy Mikrotik RouterBOARD, in the hope that will fantasy_ROSv7?

Best regard for MikrotikTeam!

oscar120584 · Tue Jul 12, 2016 6:45 pm

THere will be UDP support in ROS v7.
You wrote - Fri Mar 18, 2016 3:44 am
.............................................
4 months later ....
When fantasy_ROSv7 appear (with UDP mode, LZO compression, TLS authentication, authentication without username/password) ?
I'll die of old age, and not waiting ROSv7?
Can i continue to buy Mikrotik RouterBOARD, in the hope that will fantasy_ROSv7?

Best regard for MikrotikTeam!

3 years already...
I'm sorry, but it looks like they do not care about the opinion of its customers. I do not buy more Mikrotik. I use OpenWRT for OVPN of customers.

Tue Jul 12, 2016 6:52 pm

Then why we decided to add UDP support?

dynek · Tue Jul 12, 2016 7:09 pm

I honestly do wonder what's so complicated about it... I mean implementation wise.

oscar120584 · Tue Jul 12, 2016 7:37 pm

Then why we decided to add UDP support?

When???????

spippan · Wed Jul 13, 2016 4:36 pm

Then why we decided to add UDP support?

is there any rOS7 RC or beta version available? i'd like to test OVPN with a RB2011 over LTE and another over a FTTH connection....

Paternot · Wed Jul 13, 2016 5:08 pm

is there any rOS7 RC or beta version available? i'd like to test OVPN with a RB2011 over LTE and another over a FTTH connection....

AFAIK it is in alfa stage - not even beta. So, no public access.

spippan · Fri Jul 15, 2016 6:48 pm

is there any rOS7 RC or beta version available? i'd like to test OVPN with a RB2011 over LTE and another over a FTTH connection....
AFAIK it is in alfa stage - not even beta. So, no public access.

too bad ... i'm doing a lot on ovpn testing and site-to-site infrastructures....

ChangzhouC · Sat Jul 16, 2016 6:32 pm

+1 for OpenVPN compression LZO and UDP

usmanov · Mon Aug 01, 2016 2:13 pm

+1 for OpenVPN udp + lzo + TLS

spyderspartan · Mon Aug 01, 2016 11:04 pm

Looking for udp + lzo + TLS support as well.

aquarat · Tue Aug 02, 2016 4:00 pm

I'm amazed ROS doesn't have udp + lzo support for OpenVPN client interfaces...

pe1chl · Tue Aug 02, 2016 4:13 pm

I don't think there is much point in adding +1 and "me too" messages to this thread.
The situation is clear: there is no LZO and UDP support, and it is not going to happen in v6.
It is promised to be solved in v7 but it is totally unclear when there will be a v7.
Could be next week, next month, next year, or 2020.
For now, no LZO and UDP for OpenVPN (and many other features promised for v7)

UsernameMT · Wed Aug 03, 2016 8:55 am

Could be next week, next month, next year, or 2020.

"next week" + 1

killersoft · Tue Aug 09, 2016 1:27 pm

+1 PLEASE MIKROTIK...

marosi · Wed Aug 10, 2016 12:00 pm

V7 will not be for free!

Unconfirmed informants told that RouterOS V7 will cost about 199$ for upgrade and 299$ for new installations in an anual subscription.

It will only work with SSL/TLS certificates generated by MT cloud services wich is another $49 per year.

Each VPN client need its own certificate to work properly. So 10 VPN users will be $490 per year and so on.

....just joking

UsernameMT · Wed Aug 10, 2016 12:37 pm

...

it possible or something similar, this explains the introduction of functions only in V7

I go buy a mini-ITX and install Ubuntu Server

pe1chl · Wed Aug 10, 2016 2:17 pm

I go buy a mini-ITX and install Ubuntu Server

That is certainly the quickest and probably the best way to get fully functional OpenVPN service.
In our network we use a Debian Linux server as a complicated VPN concentrator (many different protocols including OpenVPN)
and use MikroTik routers everywhere else. Although MikroTik is Linux-based it certainly cannot offer the
full flexibility of a manually configured Linux system. Of course, when you need only what it offers, it is
much easier to configure. And there is nice and cheap hardware.

marosi · Wed Aug 10, 2016 2:31 pm

Yes. I use the ipfire appliance for openvpn or ipsec setups. (IKEv2)
Tired waiting for mandatory features. Same with the CRS devices...

Garincho · Tue Aug 30, 2016 1:57 pm

+1 LZO & UDP