Hi,
I undestand that time for this topic is not the best but I would like to try.

I am sure that you know that Mikrotik devices are used not only by business customers but by personal customers too.
I do not know the share but yes, we exist. Usually we are giks and we would like to have something deeply configured with our hands that works better then devices of others. I think that ordinary person will not dive into it. And Mikrotik gives us such apportunity. Thank you for that.

Personal customers have a little bit different requests like kid control for example and we spending (your)Mikrotik time on things that will not give you a huge amount of money but I think that we are some kind of paths for you to the business customers and your attitude towards personal customers will be a kind of advertisement of your capabilities and desire to work with any kind of customers and communities and so I hope that we are important for you.

Some moths ago there was a topic which is closed/blocked now and which had many many pages. This topic was about implementation of OpenVPN. There were some unsupported features of OpenVPN protocol in RouterOS and a lot of people asked you to fix these. And you did. Thank you for that. But....

You ve added some upgrades to OpenVPN implementation in RouterOS (UDP protocol) which probably is very important for business customers to speed up the connection but for personal customers this is almost useless. Personal customers usually use OpenVPN to connect with VPN providers. And most of the VPN proiders use for authentication certificates without login and password.
One of the providers I tried to contact sympathized with me and said that I was not lucky with the choice of a router and will have a lot of troubles in searching VPN provider to use with this router.
That is a pitty becouse the router has many other good features and for example OpenVPN between 2 routers works fine. I set the connection between two flats and setup "maps" and "haps" over the flats but it is almost impossible to find a VPN provider to create secure connection to the internet. I know that some times ago Nork VPN agreed creating IKEv2 connections that works for Miktoik but it is almost the only one provider. Other small providers are not fast and have not may servers in different countries.

I understand that the main project for Mikrotik is v7 now and WireGuard is the next step after OpenVPN but only a couple of services want to work with it. So could you please finish with OpenVPN and not left it unfinished. I think that even one person will finish it in one or maybe couple of months or maybe even more but a lot of people will be glad and will use this protcol later.

I hope you will hear me, will not delete this message (at least same day), and make some part of your customers a little bit happier in this not very happy year.

Thank you in advance.

I would say the opposite - better focus on other, more imporant things and release a stable ROS7. OpenVPN should start to die. It's one of the slowest VPN protocols. Instead, pick L2TP/IPSEC, IPSEC/IKE2 or Wireguard as an alternative as these are industry standard VPN protocols.

OpenVPN has insanely large code base and I believe it's quite "hard" (time+money) to implement it fully on RouterOS when majority of users are still gonna pick IPSEC over OpenVPN.

I'm with the OP. OpenVPN is a very secure open source VPN protocol, and some VPN providers only accept it, like AirVPN.

It is missing in RouterOS the client authentication using certificates, that is the most secure way to do it.

Should we wait for that implementation in RouterOS, or forget about this?

Happy new year to all!

To my mind, convenience and ability of using the router not only in Mikrotik enviroment are very important too. Speed not always is the most important part of the protocol.

Features that work properly and fully implement specifications are finished features you can rely on. Half-implemented features after some time will not work at all and it is impossible to rely on them.

About features that majority of users do no used: latest stable release (6.48) has improvments of kid control feature - not the most usefull feature in RouterOS which does not bring the greatest profit, I believe, especialy if it is possible to use firewall rules with time conditions.

WireGuard was implemented in linux core at the begining of the year but there are almost no VPN providers that support it now because there are still a lot of gaps in the protocol.

And most of the VPN proiders use for authentication certificates without login and password.

Just this part alone may not be a problem. RouterOS supports client certificates for OpenVPN. It also requires you to enter some username, but when I tested it with server that uses official OpenVPN with certificates-only authentication, it connected just fine. I didn't examine if RouterOS client sends username and server ignores it, or if server sends some indication that client shouldn't send username.

Unfortunately there are still other popular options that are not supported (tls-auth, compression).

Yes, tls-auth and compression are very important features and tls-auth is very very needed to the personal customers because as far as I know is used by the majority of VPN providers.