RMerlin
Asuswrt-Merlin dev
Did you read the second line of my answer? This is consistent on all servers that CyberGhost offers. I'm fairly sure it's consistent among most VPN providers. SHA256 is secure, which is why it is the standard choice. Hopefully soon there will be a firmware update to merlin.
My point was that you cannot just "delete the custom entries", as the remote server has to match your custom settings. If they don't, you won't even be able to connect.
There's nothing for me to update there at the firmware level, performance is whatever your hardware will be able to give you. My OpenVPN implementation is already more optimized than what comes from virtually every other router alternative out there, there's nothing more for me to squeeze out of it. I'm one of the few firmware developers who enables maximum compiler optimizations on OpenSSL and OpenVPN.
Not every VPN provider uses SHA256, because SHA1 is still perfectly fine for HMAC usage (due to how HMAC works, you can't exploit a collision the same way you could with a more static payload). SHA256 carries a pretty hefty performance penalty for no real security improvement. As for the cipher, the VPN provider I use for test purposes actually supports both AES-128-CBC and AES-256-CBC - the first one is sufficient for home users. It would take a nation state's resource to crack that cipher.