Feature request: IPSec Support of DH group 31 (EC25519)

Hi,

Could DH Group 31 be supported in IPsec please?

Diffie-Hellman group 31 is EC25519 (Elliptic Curve 25519)

It’s today the only undisputed secure Elliptic Curve algorithm.
And several competitive product already supports it (pfSense, OPNsense, Fortigate …)
It’s absent from Mikrotik supported protocols: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Diffie-Hellman_Groups and the Wiki is up-to-date.

Is there a procedure to formally request this support?

Reference RFC: https://tools.ietf.org/html/rfc8031

Thanks

Frankly I was expecting a bit more of response to this thread.

Have I inadvertently bumped into an over-debated and touchy subject like having OpenVPN to support UDP?
I searched the forums and googled around without results.

I would very much like to have EC25519 implemented into the Mikrotik CCR family, is there any recommendation some oldtimers can share?

Thanks

I don’t think this is a sensitive/touchy topic.

Official way to ask for features is going to your distributor and asking them. They will ask mikrotik (because your distributor is mikrotik’s customer) and based on some magical formula, mikrotik may decide to implement it.
Asking on forum is possible but not guaranteed that staff will notice it.

Thanks for the tip … and the answer, much appreciated

The forum might be my only option: my distributor was a small cornershop and is no longer in business after COVID.

Is there a way I can get a “read receipt” from Mikrotik staff? And ideally a rough estimate whether this stands a chance to be live or not.

Feels a bit like a message in a bottle here.

Unlike requests for completely new things, I think this is guaranteed to be added, it’s “just” improvement for IPSec they already have and it will be needed in future for compatibility. I’m sure they are aware that it exists, it’s just the matter of getting to it, other priorities, etc.

Thank you Sob, your message brings some level of comfort of seeing a positive outcome to this.