PIA released updated ca's but I don't know how to make them work please help me.
Supposed to do AES256 SHA256 and RSA4069
I copied and pasted the one for 4069 into my certificate area and set AES to 256 CBC and SHA to 256 but when I do I get my own ip when I visit https://ipleak.net
Is there a way I can have pfSense disconnect entirely if it can't establish a connection or if connection is dropped?
How do I get all this stuff to work?
You haven't told us what is in the openvpn logs.
a bunch of this:
Oct 23 19:10:47 openvpn: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]220.127.116.11:1194
Oct 23 19:10:49 openvpn: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]18.104.22.168:1194
Oct 23 19:10:53 openvpn: TLS Error: cannot locate HMAC in incoming packet from [AF_INET]22.214.171.124:1194
I tried no tls auth and it wont work either
I need to find a key that works
I also have recently setup pfSense with PIA and been wanting to use stronger encryption.
I found a note about changing the port to 1196 to get AES-128-CBC to work (SHA only, not SHA256). Which is the most I've been able to get beyond the weak defaults. I tried other ports to try to get AES-256-CBC, but no luck.
Unfortunately after much digging I found a few obscure forum posts that indicated that to get SHA256, or a cert higher than 2048, you need to use PIA's patched client. (Anyone that has more or different info, would be appreciated.)
This should just be a matter of changing standard client settings, and should not need a special patched client. So I'm a bit disappointed with PIA and their default to weak encryption and the need for a patched client to get what should be common high encryption standards to work with common OpenVPN clients.