MikroTik

It's a long standing request, and shouldn't be a lot of work.

This is a 12 year old request. What is going on?? Had to switch all of my VPN clients to other routers simply because of this. Mikrotik OpenVPN was 600+ms ping time and LOTS of packet loss. PPTP or IPsec was 90ms. But, OpenVPN is the only tech that the NSA can't break and that is truly secure. Also, it is the only one besides PPTP that AT&T's routers will allow to have servers.

don't agree. routeros openvpn implementation sure is not complete neither perfect, but I have no problems on many ovpn over tcp tunnels I have. I don't have the big latency even if I ping traversing 2 tunnels.

Argh....stumbled across this limitation here. Needing UDP wOVPN here as well. The UDP seems to operate faster, and we use lots of VoIP here that cannot tolerate retries. Is this a CPU horsepower issue?

No, the problem is that RouterOS does not use the opensource OpenVPN program but they have re-implemented it.
So the advances in OpenVPN with release of each new version do not carry over into the RouterOS version.
Apparently nobody at MikroTik dares to take on the task of updating their implementation or axing it entirely and using the open source version instead.
It has been promised that this would happen in RouterOS v7 but it looks like v7 has been indefinitely postponed.
(in another topic the remark has been made that "most features of v7 have been backported into v6 so why would we still want v7?")

I bought one due to it costs $20, looks very good all around and SUPPORT OpenVPN... It's really sad, it seemed the happiness is here!!

+1 for UDP tunnels

I very disappointed to read this topic after i brought MikroTik hAP ac².

Still no news in June 2018 after two year.

viewtopic.php?f=1&t=77898&start=150#p527829

I very disappointed to read this topic after i brought MikroTik hAP ac².

Did you really buy an access point to establish OpenVPN connection(s) ?!

I very disappointed to read this topic after i brought MikroTik hAP ac².

Did you really buy an access point to establish OpenVPN connection(s) ?!

I prepare to install OpenVPN server in hAP ac2.

I prepare to install OpenVPN server in hAP ac2.

It is possible but it will just be a server with very limited options.
After all this I start to think it would be better when MikroTik simply relabled the OpenVPN feature: name it something like MikroTikVPN and don't suggest any compatability to OpenVPN.
Then prospective buyers will no longer be deceived into thinking that they can use this OpenVPN feature to interconnect with some other OpenVPN service or client.
It would make it just an incompatible variant of SSTP and it could just as well be dropped entirely, but keeping it so existing users do not have to rework their setup would be nice.

As an OpenVPN server or client, well, it is just worthless.

I prepare to install OpenVPN server in hAP ac2.

After all this I start to think it would be better when MikroTik simply relabled the OpenVPN feature: name it something like MikroTikVPN and don't suggest any compatability to OpenVPN.

Really agree your comment.

Nah, give it a little time ^(*1), it will happen. Check it yourself, how the attitude changes from "no way" to "we already have it" ^(*2):

search.php?keywords=openvpn&author=normis

It's getting more optimistic over the time.

-
(*1) two or five years, ten maximum
(*2) at least a part of it

Nah, give it a little time ^(*1), it will happen. Check it yourself, how the attitude changes from "no way" to "we already have it" ^(*2):

search.php?keywords=openvpn&author=normis

It's getting more optimistic over the time.

-
(*1) two or five years, ten maximum
(*2) at least a part of it

At least, they give the user a answer. Yes or no. It is very easy to answer. I don't know why they always silence.

What silence are you talking about? The answer was already given: "v6 - no UDP, v7 - UDP is ready, just wait for v7 itself".

But there has also been the "well... maybe there will not be a v7... we already implemented most of the promised features in v6!".
Of course this does not include the promised features w.r.t. OpenVPN. (and others, e.g. BGP)

Yep, we could use some update, at least about status of the thing, if not for OpenVPN itself. Because while some features might be impossible to add to v6, OpenVPN shouldn't be one of them.

Huh huh what about Metarouter on RB1100AHx2

What silence are you talking about? The answer was already given: "v6 - no UDP, v7 - UDP is ready, just wait for v7 itself".

Link, please.

v7 should be developed over FOUR Years. When we can get the v7 ?

Link, please.

search.php?keywords=openvpn&author=normis

v7 should be developed over FOUR Years.

Even more.

When we can get the v7 ?

When it's ready.

Link, please.

search.php?keywords=openvpn&author=normis

v7 should be developed over FOUR Years.

Even more.

When we can get the v7 ?

When it's ready.

I just wait until they ready. I hope my router is worked when they ready.

We're all waiting for it

we're still waiting +1

we're still waiting +1

Please post this only once a couple of month/years, not every week

up )
+1 UDP

Waiting...

+1 UDP suport OpenVPN ovpn
+1 RouterOS v7

Hmm, alpha... it looks like we may get something ready for this thread's 10th anniversary. I just hope that other nice OpenVPN features will also make it to the party.

LZO compression and SHA2 (SHA512) authentication come to mind...

wondering why one would go with ShA512 ... what is the big benefit (security/performance balance in mind) going with that?
sha256 brings no real security benefit over sha192 (hash length extension vuln. and so forth....)

LZO on the other hand would be a BIG improvement and UDP anyway! mikrotik is driving its users insane with still not implementing such "feature" (it is a basic openvpn mechanism AFAIK)....

come on guys ... this is not funny anymore and it's not getting better....

LZO is deprecated, so you should be asking for LZ4 instead

You better have LZ4 up your sleeve already, otherwise it's a cruel joke!

from here :
https://www.reddit.com/r/Windscribe/com ... ard_setup/

how about SHA512 auth,
I can not use my windscribe account

+1 for UDP support for OVPN on MikroTik

from here :
https://www.reddit.com/r/Windscribe/com ... ard_setup/

how about SHA512 auth,
I can not use my windscribe account

+1 for sha256/sha512 in openvpn
seems it got implemented for ipsec recently

The long waiting time makes me so sad! Products and software - this is not a good match. One is good the other is a joke!

The long waiting time makes me so sad! Products and software - this is not a good match. One is good the other is a joke!

Please enumerate your list of commercial routers (not alternative firmware) that actually have OpenVPN support that conforms to your wishes.

Another solution would be to support and maintain Metarouter.... even on the RB1100AHx2, but that's another story.

Another solution would be to support and maintain Metarouter.... even on the RB1100AHx2, but that's another story.

Yes, it would be very good to have metarouter back in service, or some other way of running user programs in some sandbox that only gives them some memory, a disk directory, and one or more network interfaces towards the physical router (tun/tap or similar).
That would allow all kinds of solutions to issues being posted all the time here and in the feature suggestion topic.
(OpenVPN, Wireguard, full-function DNS server, DHCP server for exotic requirements, etc etc)

LZO is deprecated, so you should be asking for LZ4 instead

What about TLS auth and no username/password auth (only by keys)?

Aaahhh Wireguard

LZO is deprecated, so you should be asking for LZ4 instead

well ...

+1 for UDP.

Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP..

+1 for UDP.

Damn, take 10% of my payments to you for routers and hire a programmer for 6 months to do this (he'll implement it in a few weeks and work for you for the remaining 5 months) :-/ It is so annoying to have CCRs with speed of RB750 running openvpn via TCP..

Instead, pay them to implement the suggestion in message viewtopic.php?p=692031#p692031
That will serve a lot of other purposes on CCR.

Instead, pay them to implement the suggestion in message viewtopic.php?p=692031#p692031
That will serve a lot of other purposes on CCR.

Although I agree, I believe that would take some serious time. I don't get the point of not implementing already finished UDP support and waiting years for v7.. this reminds me the play "Waiting for Godot" :-/ TCP ovpn between europe and usa is damn slow, I had to go back to the good old l2tp+ipsec

It is likely quite easy to implement a user process but it could take some iterations to make it completely secure.
I would envision it like: you make a folder on the flash disk and put the executable there and add a config item which specifies the folder and the network devices you desire.
(like 1..4 tun/tap devices)
RouterOS creates/opens/initializes the tun/tap devices and chroots to the folder and starts the program. The program can read/write files (only) from "the root directory" which is the folder, and it can access the pre-opened network devices. The other end of those devices is visible in RouterOS where you can put them in a bridge, or set an IP address on them and route to them.
The program runs as a nonprivileged user which is disallowed to make critical system calls.
The user cross-compiles his software for the processor architecture (using gcc) and links it as a standalone executable. Maybe a libc shared library could be made available.

Once this is realized you can port a current version of standard OpenVPN or other software which includes all features you like, which is of course much easier to do than to add features to the rewrite that MikroTik is using in RouterOS.
I am running an old TCP/IP program (KA9Q NET) under Linux using this method in a Raspberry Pi, and it works perfectly.

Count me as +10 for OpenVPN over UDP. If you do not know why this is important, see http://sites.inka.de/bigred/devel/tcp-tcp.html

I have iOS programs that simply do not work because of the transmission problems caused by trying to run their TCP connections over TCP-based OpenVPN. They just get into some kind of meltdown and give up.

I bought the hEX for only 2 reasons: to provide a IPv6 firewall and to provide remote access. I bought a hAP for only one reason: to enable remote access. Since I eventually decided that IPv6 was too much of a privacy risk and disabled it, it turns out that I pretty much wasted my money on the hardware and wasted a considerable amount of time (~200 hours) figuring all this out.

+100 for standard openvpn realization.
It`s awful that 10 years old, very important issue is still open. OpenVPN nowadays is used by different kind of customers and there is no way to use mikrotik routers without openvpn with certs and udp protocol.
And another even bigger problem is that support team does not want (can`t) to tell when normal openvpn will be supported by router OS (if it will), so I have to guess what to do, whether to change the equipment or wait (it is not clear how long) that a miracle will happen and normal protocol support will finally appear.

Such a lack of information and lack of dates and workflows about this topic is very strange for a rather famous company.

I have to guess what to do, whether to change the equipment or wait

I wonder what router equipment you are going to change to (with software supported by the router manufacturer) that will do what you need...
Of course a plain Linux system can do it, and some open router firmware replacement can do it, but what manufacturer-supported router is your alternative?

This is not the same level but anyway for example ASUS right out of the box from 2017 for customers with 10-20 light users.
RT-AC66U

And as you mentioned - any router with replaced firmware "from Padavan", DD-WRT, Open-WRT, Tomato and so on.

Metarouter is not the same. OpenVPN in metarouter is very peculiar thing.

Of course you can install such alternative firmware on some of the MikroTik routers as well.
And mentions on spec sheets of other routers is not the full story!
Before my MikroTik router I had a Draytek router which claimed OpenVPN support on the spec leaflet, but by the time I had bought it and updated the firmware, the whole OpenVPN feature had been silently removed.
There probably are software licensing issues around it, which also could explain why MikroTik do not simply add the latest OpenVPN program in RouterOS but instead did their own rewrite of a subset of the functions.

I wonder what router equipment you are going to change to (with software supported by the router manufacturer) that will do what you need...

I understand the OpenVPN license is problematic.

It would be fine with me if Mikrotik would only support OpenVPN udp and drop support for tcp. It would also be fine if they created a way for us to install an OpenVPN package from somewhere else.

+1
We are installing Mikrotik Routers in renewable power plants for remote monitoring+control. Connection to our own VPN-Server is no Problem, but the connection to all the energyexchage traders must be done via ovpn udp. At the moment we are installing 2 Routers in each Plant, one Mikrotik for routing, firewall, NAT, VPN and WAN-connection and one Ubiquiti just for one ovpn-udp connection.

You could consider using a single router or server at central location to do the OpenVPN and route everything first to central (using whatever VPN you like) and then further route it over OpenVPN there.
Or ask the traders to support really standard protocols in addition to OpenVPN. In a similar situation (which involved only us and 1 other party) I was successful in convincing them that only offering OpenVPN and not IPsec, L2TP/IPsec or similar was not very flexible.

Just came here to update this 10 years old thread and to ask for a serious support of 17 years old widely used vpn...

We are almost in 2019 and still no UDP support.
Shame on you

Would be great if we could get it and also not only sha1 and md5 for auth


Keep looking forward to this!

In a similar situation (which involved only us and 1 other party) I was successful in convincing them that only offering OpenVPN and not IPsec, L2TP/IPsec or similar was not very flexible.

What options does Mikrotik have for a UDP (or at least not TCP) based secure connection that I could use to tunnel an EoIP connection?

L2TP/IPsec, GRE/IPsec, IPIP/IPsec, plain IPsec transport.

NordVPN says no. RouterOS is getting outdated.

NordVPN says no. RouterOS is getting outdated.

Implementing such services on a router is silly. You should implement it on your end device so the entire path is protected.

Furthermore, when today's protocol enforced by something like NordVPN would be implemented by MikroTik, tomorrow they
will switch to another protocol that appears to be better at that time. Look, people are already requesting Wireguard
and unimplemented IKEv2 options. It is just not possible to satisfy everyone in a commercial closed-source router.
Either get some open box that you can tinker yourself, or do it on the endpoint (PC, phone, etc).

MikroTik could include an extension possibility in the form of a "MetaROUTER light" that allows the user to run processes that
implement network functions like exotic VPNs, special DNS servers, etc.
I have suggested it before but there is total lack of response, so apparently total lack of interest.

hi, I wanted to know if mikrotik intends to implement the protocol udp and security sha 256 on its openvpn.
Thank you

hi, I wanted to know if mikrotik intends to implement the protocol udp

It's implemented already, just wait for the release
viewtopic.php?f=1&t=26499&p=617477#p617477

perfetc

just to know, do you know an approximate release date? I would not wait all 2019 ...

just to know, do you know an approximate release date? I would not wait all 2019 ...

in a far future

just to know, do you know an approximate release date? I would not wait all 2019 ...

Maybe @normis can say a date, will it be before 2020?

let's not joke guys, we hope in a very short time that solve this gap

I bet 2022 by then everything will be obsolete.

+1 for udp support for ovpn

Thank for bringing up a thread more than a year old.

The answer was clear - We will not make new OpenVPN features.

Noooooooooo.....

If you really need those features at the moment. Run openwrt image in metarouter and run ovpn from there with full feature set.

A-HA!

Introducing AWS Client VPN to Securely Access AWS and On-Premises Resources

AWS Client VPN is a new managed service that provides you with the ability to securely access your AWS and on-premises networks from anywhere, using OpenVPN-based clients.

Does it require UDP? Can't find anything about that.

https://youtu.be/qmKkbuS9gRs

TCP or UDP is being mentioned in the second part of the video

edit:
oh and: https://docs.aws.amazon.com/vpn/latest/ ... oints.html

(Optional) By default, the Client VPN server uses the UDP transport protocol. To use the TCP transport protocol instead, for Transport Protocol, select TCP.
Note: UDP typically offers better performance than TCP.

Chupaka,

Yes, it should work with TCP too.

From he other side it works with:
- Active Directory authentication
- Certificate authentication

AWS VPN client was mentioned mostly to mention that this technology is used and maybe MIkrotik team will be able to pay attention to it.

In response to the openvpn teaser......

Its a promise for your grand children. 6.43.13, 6.43.14, 6.43.15.................................... 6.43.aa, 6.43.ab, 6.43.ac...........................................
6.44.1, ........6.44.aa
6.45.1,...........6.45.aa

zzzzzzzzz 15 minutes......... more like 15 years LOL.

I've been patiently waiting for 2 years. I might have better luck trying to convince my VPN provider to make a less secure connection just for mikrotik routers

Does anyone here used successfull the OpenVPN with www.privatetunnel.com/
I´m struggling to make it work, but it doenst work...

+1 for the UDP

And the silly duplicate package error is terribly annoying don't know why it isn't addressed.

Hi:
I just wont wait for Mikrotik no more.
Bought a ASUS RT-AX88U 186€ 200Mbits openvpn no cpu usage
chears

Why is everyone upset? It's all fixed in v7

You should not continue waiting for something that may very well never happen.
As a general principle, when you buy some piece of equipment, from a core router down to your connected light bulb, buy it for what it's embedded software can *currently* do, not for feature XYZ that the seller tells you will be implemented in a future version. If you do the latter, you take the risk that XYZ will not be available over the whole replacement cycle of your hardware...
If that feature is vital for you, then either defer your procurement, get a contractual commitment that you will get it at a planned date, look for an alternative, or - if you have access to the necessary skills - find something that is open enough that you can go the open source route.

I maintain or have installed a couple of OpenVPN setups, and I have stopped years ago trying to terminate the VPNs on the router. I use mikrotik hardware for what they are great : simple, efficient routing, lots of interfaces, and a low price. RouterOS implementation of OpenVPN is deficient at best, so just stay away from it. My usual setup is a Pcengines' APU, attached to one or more of the interfaces of the router and running the open source version of OpenVPN on a current linux distribution. It comes with the latest features, like UDP (just joking...), offers all the configuration options that ROS lacks, and is easy to keep current. Besides, I can script the way I authenticate users, based on any kind of directory, which is much more flexible than ROS' users management.

aszody, it is ok if you have $100-toy used as vpn gate but that means additionl power consumption, additional loss of speed, additional problems with routing especially when you have another l2tp/ipsec vpn tunels to other offices and l2tp should not be inside openvpn.
If product has openvpn protocol in its spec than there should be working implementation of this protocol.
Or there should not be any mention of openvpn in specs because its not openvpn, its some strange "mikrotik vpn" but not openvpn.

By the way, are there any news about openvpn standard implementation? NordVPN does not support mikrotik routers nowadays (as almost all other vpn providers), and openvpn became the standard for vpn protocols.

It is very sad that there is no news at all about this problem. Maybe the current OS can not get the implementation of openvpn because of some economical issues or pricing? Tell us please what is the problem? I do not beleave that you could not create normal openvpn implementation because 10 years is, to my mind, enought to create anything and even a space rocket or Tesla.

They are strategically waiting until OpenVPN becomes obsolete, to avoid implementing it in full. It will happen eventually, something better will come up, e.g. there currently seems to be big hype behind WireGuard and some see it as future OpenVPN killer. RouterOS has currently zero support for that, but it can change if it catches up, especially if it's easier to implement than OpenVPN. And I remember that OpenVPN being too complicated was a reason given it the past, why they stopped with tcp and don't want to touch it anymore. Supposedly, they already implemented udp support since then, but there must still be some problem, otherwise they would have released it already.

WG is making it soon into the kernel:
https://www.phoronix.com/scan.php?page= ... ot-In-4.20

Mtik first have to update the kernel though or run a version that supports WG module.
Just forget about OpenVPN and go straight to WG guys!

And I remember that OpenVPN being too complicated was a reason given it the past, why they stopped with tcp and don't want to touch it anymore.

The issue is that they re-wrote an OpenVPN implementation instead of just taking the OpenVPN code that everyone uses, and now the original code is being extended all the time and it would be complicated to follow that.
RouterOS contains a lot of code that was directly copied from an opensource product and then modified, but OpenVPN seems to be a different case.
There likely are licensing issues with just taking openvpn and put it in your own router product, I have seen other cases where OpenVPN was first supported and then suddenly gone in a firmware update.

New kernel will be in version 7. We all know how that goes.

So, In that case we have to wait until v7 es stable.

Can I know if route-push feature will be implementrd in OVPN in v7?

I am from the future (2040) - UDP is still not implemented.

You must be from alternate future.

You must be from alternate future.

Go ahead and prove him wrong please.

This is getting to a point of being just plain pathetic...

Just forget about UDP and/or LZO...

Just make a decision, and if possible, fast!

#1 Adopt OVPN from source (not this crippled implementation)
#2 Adopt WireGuard (it's more than a "standard" now)

Oh, and provide timelines for this please.

Go ahead and prove him wrong please.

No problem, just wait for 2040

Been wait OpenVPN + UDP + LZO for at least 4 years. A lot of VPN service provider just stop providing other connection type except OpenVPN.

This is getting to a point that I have to move away from Mikrotik router because this is becoming a deal breaker.


I mean...just look at this

https://nordvpn.com/tutorials/

every major router support OpenVPN + UDP + LZO except....routerOS

@sdugoten: If it goes well, soon you may have some luck with NordVPN and IKEv2 (see here). Not that it would be an argument against full OpenVPN support.

@sdugoten: If it goes well, soon you may have some luck with NordVPN and IKEv2 (see here). Not that it would be an argument against full OpenVPN support.

To be honest, IKEv2 is not as popular as OpenVPN. It's a bit too late.

RouterOS in general is late.

Having said that, I started to move my stuff to pfsense. pfsense just provide more functionalities that is commonly used in the public. And it's stable because it's build on top of FreeBSD. It also comes with Web interface that do most complex home networking stuff like policy base routing over VPN via their GUI. OpenVPN UDP is supported for MANY years already with AES-NI acceleration support, and Wireguard VPN is already coming on the way to pfsense. I mean..OpenVPN UDP takes Mikrotik 11+ years to analyze and have yet implement, which this function is so COMMONLY use out there, let's imagine how long you will see Wireguard VPN. I won't even think about AES acceleration support for those cpu that support it....because I don't see Mikrotik would even have time for that. This thread start in year 2008 and it is such a popular feature since 2012, this is no excuse.

I just stop waiting and move on.

I'm going to stick around for more 9 years at least. 11 years is not enough time to age properly a piece of software.

To me, software has to be distilled for a minimum of 20 years!

No one better than Mikrotik knows how to do this properly!!

/S

To be honest, IKEv2 is not as popular as OpenVPN. It's a bit too late.

RouterOS in general is late.

Please give a list of commercial router manufacturers that do support OpenVPN in their products and which have a level of support that is adequate.
(not opensource projects like OpenWRT or Pihole, actual manufacturers like MikroTik, Cisco, Juniper, Netgear, ZyXel, Draytek etc)

To be honest, IKEv2 is not as popular as OpenVPN. It's a bit too late.

RouterOS in general is late.

Please give a list of commercial router manufacturers that do support OpenVPN in their products and which have a level of support that is adequate.
(not opensource projects like OpenWRT or Pihole, actual manufacturers like MikroTik, Cisco, Juniper, Netgear, ZyXel, Draytek etc)

It's easy ... For example ZyXEL Keenetic: https://help.keenetic.com/hc/en-us/arti ... VPN-client
TpLink: https://www.tp-link.com/en/support/faq/1544/

request to Google "<vendor> openvpn" gives a lot of articles. Only if <vendor> != mikrotik...

I think you'll have to agree that the majority of routers do not support OpenVPN, you may be able to find the odd product that does, but not like client and server across the entire product line of the manufacture, which MikroTik does offer.
The problem with OpenVPN on RouterOS is that it is a re-created implementation that was not further developed once it was "working", and the real OpenVPN product was.
So the MikroTik version became more and more incomplete.

But it is not like OpenVPN is the lingua franca of VPN that everyone supports except MikroTik, and MikroTik is behind for not having it.
You will find many many more routers that do IPsec than OpenVPN.

And there likely is a reason for not using the opensource version. Some time ago I bought a Draytek router and its specs leaflet included OpenVPN.
"nice", I thought, I may be able to use that.
But first thing I did was to bring the firmware to the updated version, and OpenVPN was gone! Not to be found anymore! later it was deleted from the specs leaflet too.
Why? We can only guess...

I think you'll have to agree that the majority of routers do not support OpenVPN, you may be able to find the odd product that does, but not like client and server across the entire product line of the manufacture, which MikroTik does offer.
The problem with OpenVPN on RouterOS is that it is a re-created implementation that was not further developed once it was "working", and the real OpenVPN product was.
So the MikroTik version became more and more incomplete.

But it is not like OpenVPN is the lingua franca of VPN that everyone supports except MikroTik, and MikroTik is behind for not having it.
You will find many many more routers that do IPsec than OpenVPN.

And there likely is a reason for not using the opensource version. Some time ago I bought a Draytek router and its specs leaflet included OpenVPN.
"nice", I thought, I may be able to use that.
But first thing I did was to bring the firmware to the updated version, and OpenVPN was gone! Not to be found anymore! later it was deleted from the specs leaflet too.
Why? We can only guess...

I think you should look into the router brand that is for home networking, like Asus, DLink, Netgear, TP-Link...etc . Just so let you know, one way or the other, either stock firmware or DDWRT already support numerous VPN connection method including but not limited to OpenVPN UDP Lzo. On top of that, most home network function including stuff like DDNS on numerous platform, policy base routing, VPN client and VPN server , fiilter rules, NAT rules, switched port are all included. What else function you need besides these for home networking?

You want something more powerful? Edgerouter and Netgate router all comes with all the listed feature + all the stuff from RouterOS. Performance wise, whatever router that you buy after 2017 should reach NAT 1000Mbps no problem. These kind of performance is more than most people needed.

I mean...you really need to take a look what other brand is offering in 2019. You just need to take a look Netgate router with pfsense and see what function they offer.

I think you should look into the router brand that is for home networking

Well, I not really am into home networking...
When I use VPN, I use it in the traditional way. To connect two networks over a tunnel across internet.
IPsec is normally fine for that.

And again, undoubtedly many open source projects use and support OpenVPN, I have an OpenVPN server running on a Linux box.
However, that is not what I consider "supported by a router manufacturer".
I don't see OpenVPN support in native firmware for brandname network routers like Cisco, Juniper, etc, and for "home routers" it also
appears to be more an exception than the rule.

Look at it from historical perspective. Static VPNs between two networks didn't have problems, simple IPSec could do the job. But the real fun was road-warrior VPN, i.e. connecting from all kinds of unpredictable networks. PPTP wasn't great with NAT, IPSec neither and L2TP was paired with IPSec, so same thing. Then there were other problems like routes, if you wanted to tunnel only some subnets (and no, road-warriors and BGP don't go well together ). Then came OpenVPN and it was like miracle, it needed only a single port to work, didn't care how much NATs are in the way, pushing routes from server was possible, ... everything a road-warrior VPN user could wish for. Maybe the big ones like Cisco weren't excited, because their target group was elsewhere, but the small users were and OpenVPN became standard for them.

I think you should look into the router brand that is for home networking

Well, I not really am into home networking...
When I use VPN, I use it in the traditional way. To connect two networks over a tunnel across internet.
IPsec is normally fine for that.

And again, undoubtedly many open source projects use and support OpenVPN, I have an OpenVPN server running on a Linux box.
However, that is not what I consider "supported by a router manufacturer".
I don't see OpenVPN support in native firmware for brandname network routers like Cisco, Juniper, etc, and for "home routers" it also
appears to be more an exception than the rule.

you can check out all ASUS routers. They obviously not an "odd product" . Asus is one of the top brand for router in 2019 if you google it. Their stock firmware by default comes with all those features (policy base routing, opevpn/pptp/l2tp server and client) + mesh network as standard feature for router newer than 2017. If you look other home networking router forum, ASUS is pretty much the "standard" for home user. The other one is Edgerouter. Stock firmware comes with those feature already as well. Edgerouter is also one of the main competitor for Mikrotik in home networking and small office networking area. https://www.snbforums.com/threads/edger ... 011.54442/

If you look at viewforum.php?f=13 , just by looking at their question and the scale they describe, you should realize that a lot of users use routeros for home networking. Unlike Cisco or juniper, their target is 100% on business. Home networking users contribute a pretty big user base. Mikrotik ignoring a big percentage of their user base seems a bit weird to me. For other major router discussion forum like this one, https://www.snbforums.com/forums/routers.7/ , Asus, Edgerouter, Mikrotik are the main one used by home networking users.

About 10 years ago, Mikrotik was the king for home networking. It had features that none of the home router brand had back then. That's why I bought my first Mikrotik router, Routerboard 800, which was a home networking grade router back then. However, other brand started to catch up in recent years as I mentioned in my last post. Some of those brands even have more features than Mikrotik, including both home networking and business networking area due to a much larger user base and support from the community.

I

This is going far from the topic.
RouterOS v7 internal beta has OpenVPN UDP mode. Please wait until we release a public version and you will have it.