• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Default OpenVPN encryption algorithms

Scheduled Pinned Locked Moved OpenVPN
2 Posts 1 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wedwards
    last edited by wedwards Nov 21, 2021, 12:33 PM Nov 21, 2021, 12:30 PM

    Different encryption settings are used when adding a new OpenVPN server without the wizard vs. adding a new OpenVPN server using the wizard. These seem to be the defaults when adding a server without the wizard:

    • Data Encryption Algorithms: AES-256-GCM, AES-128-GCM, CHACHA20-POLY1305
    • Fallback Data Encryption Algorithm: AES-256-CBC (256 bit key, 128 bit block)

    These defaults seem to be fine, but I'm no cryptography expert. Does the pfSense project have any recommendations as to which should be used? I would use the defaults, but those defaults differ as I mentioned above...

    W 1 Reply Last reply Dec 29, 2021, 4:01 PM Reply Quote 0
    • W
      wedwards @wedwards
      last edited by wedwards Dec 29, 2021, 4:02 PM Dec 29, 2021, 4:01 PM

      @wedwards Seems like pfSense honours the defaults from OpenVPN >= 2.6. From the documentation:

      In 2.6 and later the default is changed to AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 when Chacha20-Poly1305 is available.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received