This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM - OpenVPN Client - AES-GCM

So far, SSL VPN under the UTM has worked without any problems with the OpenVPN client.
In the meantime, OpenVPN 2.6RC1 has been released, which requires AES-GCM ciphers. Only with a change in the config file the OpenVPN client can still connect.
e.g.
---
data-ciphers AES-128-CBC
data-ciphers-fallback AES-128-CBC
---

It is a pity that the ciphers are not unlocked under SSL VPN.
Under IPSec they are available. So it is probably a purely strategic decision by Sophos not to enable them under SSL VPN.

This thread was automatically locked due to age.

Parents

0 BAlfson over 1 year ago

Hallo and welcome to the UTM Community!

The following results in a "cipher AES-128-CBC" line in the SSL VPN config:

Are you saying that "data-ciphers" is required in theSSL VPN client now instead of just "ciphers?"

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 1 year ago

Hallo and welcome to the UTM Community!

The following results in a "cipher AES-128-CBC" line in the SSL VPN config:

Are you saying that "data-ciphers" is required in theSSL VPN client now instead of just "ciphers?"

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Amodin over 1 year ago in reply to BAlfson

I think it was a roundabout way to poke the bear as to why there is no AES-GCM cipher in their software and when it was ever going to be implemented in UTM, lol.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel