Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    AES-256-GCM with HMAC-SHA384 for authentication

    Scheduled Pinned Locked Moved OpenVPN
    5 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Mithrondil
      last edited by

      When will this be officially supported in pfsense VPN settings?

      1 Reply Last reply Reply Quote 0
      • PippinP Offline
        Pippin
        last edited by

        Authentication of packets is included in GCM.
        No need for a setting.

        I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
        Halton Arp

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          OpenVPN 2.4, which is already on pfSense 2.4, supports that.

          OpenVPN still uses the auth digest algorithm for the control channel, it uses AES-GCM for the data channel, and AES-GCM includes auth so the selected auth digest algo will be ignored there.

          So if you choose AES-256-GCM and SHA384 or RSA-SHA384, it will use SHA384 to authenticate the control channel and AES-GCM for the data channel.

          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • M Offline
            Mithrondil
            last edited by

            I was referring to that AES-256-GCM is not selectable in the Encryption algo rolldown window in pfsense.

            Also, a connection to airvpn servrers cant be made if you select anythingelse then sha1 for Auth digest algo.

            1 Reply Last reply Reply Quote 0
            • jimpJ Offline
              jimp Rebel Alliance Developer Netgate
              last edited by

              @Mithrondil:

              I was referring to that AES-256-GCM is not slectable in the Encryption algo rolldown window in pfsense.

              It isn't supported until OpenVPN 2.4, which is only on pfSense 2.4. And it is in the list there.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.