On 05/11/18 05:19, Javier Santos wrote: [....] > The warning in the OpenVPN log is: > > WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', > remote='cipher AES-256-CBC' > > I was wondering if my VPN provider was using AES-256-CBC because of the line > "remote='cipher AES-256-CBC'". Well, now that you have clarified that they > are using AES-256-GCM.
If their server is based on OpenVPN 2.4, you will see later on that that the data-channel cipher is upgraded to AES-256-GCM. Or it can be downgraded to AES-256-CBC. If you run your client with --verb 4, you might see a PUSH_REPLY line in the log, which contains a 'cipher' argument. That is the cipher the server wants the client to use. And this only works well with OpenVPN 2.4 clients. But as Gert said ... local='auth [null-digest]' is fine with AES-256-GCM. -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
