OPNsense Forum
English Forums => General Discussion => Topic started by: 0xDEADC0DE on April 02, 2021, 09:37:03 pm
-
On the OpenVPN server settings, I can select ONE encryption algorithm.
Some years ago, I have select AES-256-CBC, but the current client logs a warning that this algorithm will be deprecated in the future.
Now I want to migrate slowly to a better algorithm AES-256-GCM as suggested by OpenVPN but I have a lot of users I cannot change immediately.
My idea is to select the new and the old algorithm so new and old configs can connect and in 6 months, I can turn off the old algorithm.
Since OpenVPN 2.4, this is possible, but I cannot do it in the GUI. Can you change that?
Is it possible to configure it on the command line?
-
On the OpenVPN server settings, I can select ONE encryption algorithm.
Some years ago, I have select AES-256-CBC, but the current client logs a warning that this algorithm will be deprecated in the future.
Now I want to migrate slowly to a better algorithm AES-256-GCM as suggested by OpenVPN but I have a lot of users I cannot change immediately.
My idea is to select the new and the old algorithm so new and old configs can connect and in 6 months, I can turn off the old algorithm.
Since OpenVPN 2.4, this is possible, but I cannot do it in the GUI. Can you change that?
Is it possible to configure it on the command line?
Why don't you create a new VPN Server for it ?
-
The answer is easy, our employees are out the whole week at customers sites and they only allow standard ports at the firewall or we had long discussions with them to allow our ip/port for OpenVPN.
We don't want to start over again.
-
Thanks for the fix.
For the next time I will post it on GitHub