Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Is there any way at all to get Private Internet Access with AES 256?

    OpenVPN
    3
    7
    1495
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lar last edited by

      I have been at this a week now and the moment I change from BF128CBC to AES256CBC if completely refuses to connect.
      Is there and way in Heaven or on Earth to get this to work with AES 256 bit?
      Thank you

      1 Reply Last reply Reply Quote 0
      • L
        lar last edited by

        I don't see why it does openVPN but not pfSense.

        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          If the server is set to only allow BF128 then that's what you have to use unless you get them to change it.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            get what to work???

            Tue Nov 03 12:16:25 2015 OpenVPN 2.3.8 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Aug  4 2015
            <snipped>Tue Nov 03 12:16:26 2015 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
            Tue Nov 03 12:16:26 2015 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
            <snipped>Tue Nov 03 12:16:34 2015 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
            Tue Nov 03 12:16:34 2015 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
            Tue Nov 03 12:16:34 2015 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
            Tue Nov 03 12:16:34 2015 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
            <snipped>Tue Nov 03 12:16:44 2015 Initialization Sequence Completed
            Tue Nov 03 12:16:44 2015 MANAGEMENT: >STATE:1446574604,CONNECTED,SUCCESS,10.0.8.6,snipped

            Works fine here..

            I changed the cipher to AES-256-CBC which what your asking for, even changed the auth to sha256 vs sha1

            I then edited client config

            cipher AES-256-CBC
            auth SHA256

            And as you can see bing bang zoom connected using that cipher and auth..

            edit:  You can not just change the client side.. Client has to match server - are you using openvpn-as, can show you how to change the default cipher if that is what your asking??


            </snipped></snipped></snipped>

            1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate last edited by

              I think he's referring to connecting to the PIA service.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                Well yeah if some service you have to match what they are using, or get them to change it on the instance your connecting too..

                1 Reply Last reply Reply Quote 0
                • L
                  lar last edited by

                  how do I do the edited client config

                  cipher AES-256-CBC
                  auth SHA256
                  thing?
                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy