• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN Server TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ?

Scheduled Pinned Locked Moved OpenVPN
2 Posts 1 Posters 645 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chulio
    last edited by Oct 11, 2019, 6:01 PM

    Dear pfSense friends,

    After reading some stuff on the web (and not being an expert...) and trying to make my openvpn connection safer and faster (home: pfsense 2.4.4 p3, i7-2600, 8GB - travel: openwrt 18.06.4 avm 4040 router) ...

    I could achieve TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 (with 4096 bit) via pfsense GUI.

    Before going into detail, is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 achievable via pfsense GUI ?

    Many thanks ! and

    cheers chulio

    1 Reply Last reply Reply Quote 0
    • C
      chulio
      last edited by Oct 12, 2019, 4:28 PM

      Dear pfSense friends,

      Unfortunately I found this
      https://github.com/davidemyers/algo-pfsense
      saying
      "pfSense does not officially support the ECDSA certs created by Algo, but they do work when you choose Mutual RSA when creating the Phase 1. You may not be able to install ECDSA certs on pfSense versions older than 2.4."
      which relates to IKEv2, but not to OpenVPN.

      I read controversial stuff ECDSA vs RSA about security and speed.
      Shall I stay with RSA ?
      If yes, why is ECDHE anyway used whatever I enter in the DH parameter ?

      Many thanks ! and

      cheers chulio.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received