What is the default TLS version that uses OpenVPN on pfSense?

ramses.sevilla · Nov 16, 2021, 6:12 PM

Hi everybody.

I have a pfSense 2.5.2 with a OpenVPN Server running and a lot of OpenVPN Clients connecting to it.

Could you tell me what is the default TLS version that uses OpenVPN on pfSense?

Best regards

johnpoz · Nov 16, 2021, 6:37 PM

@ramses-sevilla I just connected from my iphone ios 15.1 using openvpn connect version 3.2.3 to my 21.05.2 version of pfsense and it used tls 1.3

I would assume 2.5.2 would be the same..

Keep in mind client going to have a say in this - if doesn't support 1.3 for example. You can prevent older clients from connecting using older versions of tls by setting min tls version in server settings.

ramses.sevilla · Nov 17, 2021, 6:06 PM

@johnpoz I have done two tests connecting with my Android phone with the OpenVPN Connect v3.2.5 to:

pfSense v2.4.5-p1 and It has connected with TLS v1.2
pfSense v2.5.2 and It has connected with TLS v1.3

I have tested too to connect from an UBUNTU with the OpenVPN Client but I can't see un the LOG of the client what TLS version is used.

Does anyone know if I can see that in the LOG's of the pfSense or somewhere else?

Best regards

johnpoz · Nov 17, 2021, 6:29 PM

@ramses-sevilla yeah would be in your pfsense log as well..

ramses.sevilla · Nov 17, 2021, 7:14 PM

@johnpoz in my OpenVPN Log of the pfSense not appear the second line that appear to you.

I don't know why...

Regards

johnpoz · Nov 17, 2021, 7:18 PM

@ramses-sevilla what log level do you have it set too?

You might want to bump it up

ramses.sevilla · Nov 17, 2021, 7:57 PM

@johnpoz the Log Level was set to Default.

I have changed it to 2 and now appear the TLS version.

Thankyou so much.