PIA, OpenVPN and pfSense. Has anyone got AES256 to work yet?



  • Spent hours on google and this forum. A few have tried with the PIA patch that is out, but I can't find anyone who actually has it working.

    If anybody got the SHA256/AES256 settings working, please post here how you achieved it.

    Thanks.




  • Rebel Alliance Global Moderator

    while not using pia, I use openvpn into pfsense using aes 256 and sha256 without any problems
    Fri Jun 24 14:21:01 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Fri Jun 24 14:21:01 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Fri Jun 24 14:21:01 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Fri Jun 24 14:21:01 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Fri Jun 24 14:21:01 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA



  • @johnpoz:

    while not using pia, I use openvpn into pfsense using aes 256 and sha256 without any problems

    PIA was limited to BF-CBC, SHA1 for quite some time.



  • no problem with PIA here
    Jun 25 09:01:25 openvpn 39741 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jun 25 09:01:25 openvpn 39741 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Jun 25 09:01:25 openvpn 39741 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Jun 25 09:01:25 openvpn 39741 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
    Jun 25 09:01:25 openvpn 39741 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA



  • @BeerBelli:

    Spent hours on google and this forum. A few have tried with the PIA patch that is out, but I can't find anyone who actually has it working.

    If anybody got the SHA256/AES256 settings working, please post here how you achieved it.

    Thanks.

    here my settings
    https://forum.pfsense.org/index.php?topic=112877.msg633588#msg633588