Encryption Algorithm: The encryption algorithm specifies the algorithm used for encrypting the data sent through the VPN tunnel. The following algorithms are supported, which are all in Cipher Block Chaining (CBC) mode:
DES-EDE3-CBC
AES-128-CBC (128 bit)
AES-192-CBC (192 bit)
AES-256-CBC (256 bit)
BF-CBC (Blowfish (128 bit))
Authentication Algorithm: The authentication algorithm specifies the algorithm used for checking the integrity of the data sent through the VPN tunnel. Supported algorithms are:
MD5 (128 bit)
SHA-1 (160 bit)
SHA2 256 (256 bit)
SHA2 384 (384 bit)
SHA2 512 (512 bit)
If not, do we know if it is likely to be in a future release.This is a user to user forum, so nobody here is going to know. You can create a feature request, that Sophos will see, at UTM (Formerly ASG) Feature Requests: Hot (1877 ideas)
Hi, Tom, and welcome to the User BB!
I haven't tried it in years, but I know some here have used the Shrew IPsec client successfully.
Let us know your solution.
Cheers - Bob
supported cipher suite has changed in 9.3 for ssl vpn connectionsSame choices as 9.2.
Hello did someone know why AES-<128-256>-GCM is not supported???
is it not save or what are the reasons??? hmmmm ;/
regards
Hello my friend ;-)
Thank you, I need it for OpenVPN Site2Site for testing
I use a VPN provider (Converted the provided *.ovpn) to UTM compatible.
Works all fine with MASQ over tun(commandline) and Policy based Routing for specified Sites.
But would get more performance , and because of that i would test GCM ;-)
Set it to GCM over Restapi is not possible and if set in the config-default in chroot-openvpn/etc/openvpn/client/ it cant connect because of OpenSSL errors.
Regards
Ah, I didn't read closely enough - SSL VPN, not IPsec!
I thought that Sophos modified the current code a couple years ago for the SSL VPN so that it would take advantage of AES-NI, but I just did a search in the and don't see that it was. I think you can't change the setting because it's an issue of the code for that has not been added.
Cheers - Bob