I am considering purchasing your MikroTik hAP ax³ router, but there is one limitation. I would like it to support OpenVPN AES-256-GCM. After reading your manual and forum, I am unsure if I can use OpenVPN unless I switch to AES-256-CBC, which has been discontinued and is not recommended. For me, the only option is AES-256-GCM due to external limitations (VPN provider).
Is this a hardware or softwareissue?
Your forum states that AES-256-GCM was recently added to ROS 7,AES-256-GCM
suggesting that it is only a software issue. However, there are several reports from users who have trouble connecting successfully and must use the old, abandoned CBC. As I said before, CBC is not a solution for me.
Can ROS V 7 resolve many of these issues through updates? there is a stable firmware update or ROS V7, update ? Please do not respond by suggesting that I should use WireGuard, as it is not the same and may be present similar issues…
I run an OVPN site-to-site tunnel here (RB5009 ←→ ltAP) and also a handful of mobile clients with AES-256-GCM (UDP) without any problems (everything on 7.20.7).
br, Richard
There are some limitations, you must use a username and password, you can't only use the certs....
Sadly I haven't get it to work only with the cert.
But now the trend is leaning towards to wireguard. so i use that instead.
I have written some cli commands to make a wireguard server maybe someone can use that.
It uses the free mikrotik cloud ddns.
And all traffic forces all traffic is forced through the tunnel, in this setup.
You can change what traffic goes through the tunnel with the allowed-address.
To be fair, openvpn was never fully adopted by Mikrotik, so your mileage may vary. They keep improving and tweaking it so that it meets expectations, however agree with patrikg, wireguard is easier and better.