Is there any way at all to get Private Internet Access with AES 256?
-
I have been at this a week now and the moment I change from BF128CBC to AES256CBC if completely refuses to connect.
Is there and way in Heaven or on Earth to get this to work with AES 256 bit?
Thank you -
I don't see why it does openVPN but not pfSense.
-
If the server is set to only allow BF128 then that's what you have to use unless you get them to change it.
-
get what to work???
Tue Nov 03 12:16:25 2015 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug 4 2015
<snipped>Tue Nov 03 12:16:26 2015 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 03 12:16:26 2015 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
<snipped>Tue Nov 03 12:16:34 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Nov 03 12:16:34 2015 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Nov 03 12:16:34 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Nov 03 12:16:34 2015 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
<snipped>Tue Nov 03 12:16:44 2015 Initialization Sequence Completed
Tue Nov 03 12:16:44 2015 MANAGEMENT: >STATE:1446574604,CONNECTED,SUCCESS,10.0.8.6,snippedWorks fine here..
I changed the cipher to AES-256-CBC which what your asking for, even changed the auth to sha256 vs sha1
I then edited client config
cipher AES-256-CBC
auth SHA256And as you can see bing bang zoom connected using that cipher and auth..
edit: You can not just change the client side.. Client has to match server - are you using openvpn-as, can show you how to change the default cipher if that is what your asking??
</snipped></snipped></snipped> -
I think he's referring to connecting to the PIA service.
-
Well yeah if some service you have to match what they are using, or get them to change it on the instance your connecting too..
-
how do I do the edited client config
cipher AES-256-CBC
auth SHA256
thing?
Thanks