Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I need BF-CBC

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 84 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      ipguy
      last edited by

      I understand the security implications.

      However, I am some old legacy devices that only support BF-CBC, they are in the process of being replaced but until this happens I need to get them to connect to the OpenVPN tunnel

      24.11-RELEASE (amd64)
      built on Fri Nov 22 15:34:00 AEDT 2024
      FreeBSD 15.0-CURRENT

      What's the best way to add support for BF-CBC for OpenVPN ?

      C 1 Reply Last reply Reply Quote 0
      • C Offline
        chrcoluk @ipguy
        last edited by chrcoluk

        @ipguy It is ancient at this point, you would probably need to run a very old build of pfSense.

        although the solution someone posted here might work, if support is compiled in.

        https://forums.openvpn.net/viewtopic.php?t=35809#p111709

        pfSense CE 2.8.0

        I 1 Reply Last reply Reply Quote 0
        • I Offline
          ipguy @chrcoluk
          last edited by

          @chrcoluk said in I need BF-CBC:

          @ipguy It is ancient at this point, you would probably need to run a very old build of pfSense.

          although the solution someone posted here might work, if support is compiled in.

          https://forums.openvpn.net/viewtopic.php?t=35809#p111709

          hey thanks, compiled in to what specifically ?

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @ipguy
            last edited by Gertjan

            @ipguy said in I need BF-CBC:

            https://forums.openvpn.net/viewtopic.php?t=35809#p111709

            These openvpn options :

            providers legacy default
            data-ciphers-fallback BF-CBC
            compat-mode 2.3.18
            

            check if they still exist in the version used by pfSense.
            First : check the Openvpn version used by pfSense. Then, with that version number, look them up in the openvpn user manual.
            If it's the case, then use them here :

            c6da93cf-9502-4171-b791-b119919f5e6f-image.png

            for example, I use the option

            status /var/log/openvpn.status;
            status-version 1;
            

            for my own needs.

            When yous aved tehse option, check how OpenVPN sarts up (the logs) and see if it doesn't scream with errors.
            Also check the openvpn config file (the one created with the GUI parameters) for consistency.
            You can find the file here :
            /var/etc/openvpn/server1/ and look for the file "config.ovpn". It's an ordinary text file.
            Don't (bother) edit(ing) this file as it is auto generated by the GUI.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.