Please can IPSec VTI be considered for RouterOS v7?
The Linux kernel has had support since 2012:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1181412c1a671ed4e8fb1736f17e6ec617c68059
I know the same can be done manually with IPSec+GRE but it is a huge deal with larger installs and one is more prone to making mistakes.
Cheers
This has been requested countless times.
See http://forum.mikrotik.com/t/feature-request-ipsec-improvements/59748/1
Thanks, I must have a bad memory, I had even posted in that thread! 
I also would like to see this feature. Also it would be good to be able to create Virtual Interfaces in general (as you can in Linux) and not only for MetaRouters or KVM.
Ha ha.
Hopefully Mikrotik have not forgotten this request 
2019 AD, November 15, Strongswan have a stable implementation of VTI…
Request still pending.
Bump. We need VTI support!
Yes, VTI support please, policy tunneling is not very user friendly to setup, I rather use traditional routing.
Not to mention that this would allow interop with many other router vendors IPSEC VTI based tunneling solutions.
They are adding VTI is my understanding. I think the issue probably is if they add it now, while RouterOS v6 is still being updated, it is much more work for them to manage both code bases because the RouterOS v7 ipsec code will diverge from the RouterOS v6 ipsec code making it a lot harder to keep the code bases in sync with the same fixes. So they are likely waiting until RouterOS v7 stable comes out before they add this, as at that point, they will no longer need to make updates to RouterOS v6 as frequently.
Ehm, I could be wrong here but my understanding is that VTIs are purely a local thing, the tunnel or other end does not know about if VTI is used or not at the opposite end. VTI should allow you to add a virtual interface in a hw/L2 like manner but will still only pass L3 traffic. Just as the policies. Policies vs VTI/routing is just cosmetic, both will do the same but in different configuration ways.
yes and no. it has to support also multicast transport (for OSPF to work) which is not possible with policies.
also the encapsulation is different, consider the figure below.
I think ros7 must go to GA and everything on the current roadmap for it is stable, but I really hope Mikrotik will not forget about VTI in some point …
Earlier this year I sent an email to Mikrotik support asking if VTI was going to be included in ROS v7 as I had some customer projects coming up that needed VTI support. On Aug 30th, 2021, I received a reply stating “Unfortunately, currently there are no short term plans to implement this feature in RouterOS.”
Bummer
Well I hope then in 2031 we will see it in ros8 beta
add, please
Hi,
+1 as VTIs are great for usability and flexibility, and supported by most other vendors for a good reason!
Thanks!
Woland
Personally I would find mGRE & NHRP more useful.
We use IPIP or GRE instead of VTI, but I agree that when doing mesh’es it’s gets problematic, but thats just IPSec.
Indeed in a situation where you would “need” VTI, it would be possible to use IPIP or GRE with the same functionality, only unfortunately not compatible with others.
To setup a fully-meshed tunnel network, both have the same issues of scalability, solvable only with protocols like NHRP.
I fully expect the “VTI +1 whining” to shift to “NHRP PLEASE!” once it is implemented, maybe MikroTik understand that as well and put VTI low on the work list because of that.