Hello!
Is there any news regarding:
I could not find any relevant information, so I would be very grateful for any kind of information.
Thanks,
Marius
Sorry, man, this is a super mega ultra complicated task and developers do not know how to solve it. Or do not want to … 
Thanks for the info;)
Which one is the complicated one? I am more interested in the SHA256 OpenVPN item
Any detail on OVPN SHA256 support?
mariusp,
Some information about this long awaited requests cab be found in the following forum topic: Feature Request: OpenVPN [ovpn] udp tunnels
Would like to bump the feature request for SHA256 authentication. SHA1 is broken - https://shattered.io/
No need for other complicated features such as udp or lzo, as long as the current implementation is secure enough.
Thanks
+1
Just setup Ovpn for the first time on mikrotik and surprised no SHA256. Anything else is not as secure.
+1 for SHA256 
And UDP also, tcp openvpn from california to rb in europe is slow and laggy, good old l2tp/ipsec on the same machines is more than 10x faster
//edit - After the new openvpn TLSv1.2 update - what TLS does mikrotik openvpn server use? Is it possible to force usage of TLSv1.2 only? (–tls-cipher)
+1 for both
+1, again, again, again it sucks
+1 for SHA256
(and I don’t understand that default settings on VPNs for hash functions ans symetric cryptography are still old ones that are reported to be broken/not secure anymore)
After hours of search and comparison, I will use openVPN as sites to central site VPN (simple to configure - thanks for keys genereation on mikrotik ! - , nat traversal, ~5% overhead, …).
It not serious to use unsecure auth method for professional cases.
Please Mikrotik dev team, consider priority for this devlopment…
bump
I’d consider switching to L2TP+ipsec or EoIP+ipsec(for mikrotik on both sides), both use UDP and encryption and should perform the same or better in performance.
OpenVPN on UDP has been requested years ago and won’t come too soon on Mikrotik, probably never.
SHA256 is supported on the mentioned protocols, not sure why openvpn would be more compelling, maybe only to opensource lovers.
Many VPN providers, including the largest, only support OpenVPN. Some support weaker protocols such as PPTP, but these are either discouraged or being discontinued. Some support stronger protocols such as Wireguard, even before their code or standards are finalized.
But the one thing common to all modern retail VPN providers is OpenVPN. Since OpenVPN without UDP is less like having one hand tied behind your back and more like having both legs cut off in terms of throughput and latency, this is why threads like this exist.
Of course, those considering site-to-site VPNs have many more options for protocols, and are in a position to follow the advice you suggested.
As for SHA256 that’s only for HMAC auth and SHA1 is widely still used. There is no rush there because the key lifetimes are so short, on average just an hour. Also, they can only be used to fake a packet not break the entire channels security. Such concerns, even for those worried about state actors, is so ridiculously unlikely (breaking a SHA-1 key in an hour AND using it), it is not worth considering from the client side. It is just a security integrity issue for the VPN provider to keep up with the latest tech, i.e. SHA-2.
come on, Mikrotik, even Asus can do sha256…
Накладные расходы на ширину канала из за отсутствия поддержки openvpn udp и сжатия ставят вопрос целесообразности использования микротика как шлюза.
Не очень понимаю политику компании, запросу более 10ти лет. Всяких свистелок перделок уже вагон, а нужной функции нету.
+1 for both
IMO, if RouterOS7 is vapor ware, OpenVPN UDP needs to be addressed.
+1 UDP
Dear mikrotik!
You really done a good job in bringing enterprise-grade routing solution down to soho-level pricing.
Now you’re competing in both - SOHO and enterprise segment.
SOHO routers can do OpenVPN. Yep, we’re talking about 10-50Mbps in best case scenario, but it is still sufficient for most SOHO use cases.
Regarding enterprise market - It is not 2010 anymore, there are solutions that can do 100 to 1000 Mbps OpenVPN tunnel on a budget. There are enterprise customers that prefer OpenVPN to IPSec/L2TP (I hope PPTP is dead by itself) for its configuration simplicity and UDP-based protocol that is easier for NAT traversal without significant performance degradation
I’m really sad for your loosing this market (including myself and company I work for) of affordable but reliable and flexible routing that was, basically, created by your company.