VXLAN has been around for a while, so how do router vendors support it? Well, let’s use a dead simple topology to test them out.
Our setup today:
- All routers connected to the same dumb switch using IP range 169.254.0.0/24
- Multicast signaling on address 188.8.131.52, No PIM
- VXLAN UDP port 4789
- Network 10.0.0.0/24 on VNI 5000 (layer 3 termination / inter-VXLAN routing)
RouterOS has nothing to do with security, so this article will focus on usability rather than security. All configurations related to security will be marked as optional.
First of all, let’s review all the limitations we have on the OpenVPN client on RouterOS 6.x:
- Supported protocol: TCP (TLS mode) only, no UDP, no static key
- Supported ciphers:
none BF-CBC AES-128-CBC AES-192-CBC AES-256-CBC
- Supported digest algorithms:
none MD5 SHA1
- Supported authentication methods: username, password and optional client certificate
- Does not support MPLS even if running in TAP mode