Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is GCM unavailable when using a shared key?

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 3 Posters 476 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coreybrett
      last edited by

      Why is GCM unavailable when using a shared key?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @coreybrett
        last edited by

        @coreybrett

        read this thread
        https://forum.netgate.com/topic/151314/using-aes-gcm-encryption-algorithm-for-openvpn-site-to-site-shared-key

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          That is more of a question for OpenVPN than pfSense. If OpenVPN supported it, pfSense could use it.

          IIRC it had something to do with the HMAC being a part of the shared key in that mode, and AEAD ciphers like AES-GCM and CHACHA20-POLY1305 want to do hashing themselves. I could be misremembering that, though.

          I'm not sure what will change here but something is going to have to change in OpenVPN since 3.0 hardcodes the ciphers and only uses AES-GCM and CHACHA20-POLY1305. Maybe they find a way to make it work, or maybe they drop shared key mode.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.