Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cryptography- Can it be changed and how?

    Scheduled Pinned Locked Moved OpenVPN
    6 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mentalhemroids
      last edited by

      I've got OpenVPN working with BF-CBC, but I was thinking about trying something else and cannot get it to work after the change.  I'm currently able to connect from a client computer into pfSense, but as soon as I change the Cryptography for server the client no longer connects.  I'm not sure if there is something I need to do after changing the setting, like rebooting the pfSense box or if that should be a seamless process.  When I originally generated the keys and certs I did it using client PC under OpenVPN program.  I then pasted them into pfSense and wherever else I needed them.  I am guessing I need to have a client that supports the Cryptography type, but I don't know if that is the case.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        You have to specify the cipher in the client config if you change the server.

        1 Reply Last reply Reply Quote 0
        • M
          mentalhemroids
          last edited by

          Would that be the ca.crt file?  Because my client didn't have me specify BF-CBC anywhere in the configuration.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            because BF-CBC is the default, if you use something else you have to specify it. The actual client config not the certs, usually something.ovpn. Just use the same line as the server config has, which you can find by running from Diag>Command:
            grep cipher /var/etc/openvpn_server0.conf

            assuming it's your first OpenVPN server. If it's the second, change that to server1, etc.

            1 Reply Last reply Reply Quote 0
            • M
              mentalhemroids
              last edited by

              Looked through my config for the client and found the cipher setting but it was being ignored, so I am trying to force it to something else.  I'll post again if I have problems; thanks for your help CMB!

              1 Reply Last reply Reply Quote 0
              • M
                mentalhemroids
                last edited by

                Success!  Thanks CMB!  That makes sense; I guess I just happened to luck out that the client had the same default cipher as pfSense.  Now to work the magic with a DD-WRT router; I've heard they are a bear to get working.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.