AES-256-GCM with HMAC-SHA384 for authentication
-
When will this be officially supported in pfsense VPN settings?
-
Authentication of packets is included in GCM.
No need for a setting. -
OpenVPN 2.4, which is already on pfSense 2.4, supports that.
OpenVPN still uses the auth digest algorithm for the control channel, it uses AES-GCM for the data channel, and AES-GCM includes auth so the selected auth digest algo will be ignored there.
So if you choose AES-256-GCM and SHA384 or RSA-SHA384, it will use SHA384 to authenticate the control channel and AES-GCM for the data channel.
-
I was referring to that AES-256-GCM is not selectable in the Encryption algo rolldown window in pfsense.
Also, a connection to airvpn servrers cant be made if you select anythingelse then sha1 for Auth digest algo.
-
I was referring to that AES-256-GCM is not slectable in the Encryption algo rolldown window in pfsense.
It isn't supported until OpenVPN 2.4, which is only on pfSense 2.4. And it is in the list there.