Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Default OpenVPN encryption algorithms

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 1 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wedwards
      last edited by wedwards

      Different encryption settings are used when adding a new OpenVPN server without the wizard vs. adding a new OpenVPN server using the wizard. These seem to be the defaults when adding a server without the wizard:

      • Data Encryption Algorithms: AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305
      • Fallback Data Encryption Algorithm: AES-256-CBC (256 bit key, 128 bit block)

      These defaults seem to be fine, but I'm no cryptography expert. Does the pfSense project have any recommendations as to which should be used? I would use the defaults, but those defaults differ as I mentioned above...

      W 1 Reply Last reply Reply Quote 0
      • W
        wedwards @wedwards
        last edited by wedwards

        @wedwards Seems like pfSense honours the defaults from OpenVPN >= 2.6. From the documentation:

        In 2.6 and later the default is changed to AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 when Chacha20-Poly1305 is available.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.