On Tue, 22 Feb 2022 00:32:46 +0100, Bo Berglund <bo.bergl...@gmail.com> wrote:
>On Mon, 21 Feb 2022 13:05:17 +0000, André via Openvpn-users ><openvpn-users@lists.sourceforge.net> wrote: > >>Hi, >> >>According to >>"RMerlin Asuswrt-Merlin dev" the Asus RT-AC-86U can "hit 200 Mbps of OpenVPN >>throughput". >> >>"LouisvilleUK" states "I'm getting full 200 down throughput with >>PrivateTunnel VPN using AES-128-GCM on the RT-AC86U". >> >> >>https://www.snbforums.com/threads/openvpn-performance-of-the-rt-ac86u.41217/page-2 >> >I am running OpenVPN 2.4.7 on the server, what ASUS RT-AC68U or RT-AC86U are >running I don't know... > >So can I set the following in the server side ccd config for the ASUSrouter >client and then the router's OpenVPN client will adhere to the setting? > >#Set different cipher for the ASUS router client >cipher AES-128-GCM >push "cipher AES-128-GCM" > >The full ccd file looks like this in that case: > >iroute 192.168.117.0 255.255.255.0 >#Disable compression and push it to the client >comp-lzo no >push "comp-lzo no" >#Set different cipher for the ASUS router client >cipher AES-128-GCM >push "cipher AES-128-GCM" > >Will this also work on the older RT-AC68U router? >I.e. should I wait until I have replaced the router on the remote LAN? > >Right now the cipher line in the main server.conf and client ovpn files looks >like this: >cipher AES-256-CBC > >Is this the culprit, being 256 rather than 128??? > >I do not know what is the difference between GCM and CBC... Forgot to ask: Can I in some way from the OpenVPN server command a reconnect from the client so it starts using the new cipher? If I restart the openvpn service dealing with the client will that force a renewed connection from the client (I have several services running concurrently)? -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users