This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM - OpenVPN Client - AES-GCM

So far, SSL VPN under the UTM has worked without any problems with the OpenVPN client.
In the meantime, OpenVPN 2.6RC1 has been released, which requires AES-GCM ciphers. Only with a change in the config file the OpenVPN client can still connect.
e.g.
---
data-ciphers AES-128-CBC
data-ciphers-fallback AES-128-CBC
---

It is a pity that the ciphers are not unlocked under SSL VPN.
Under IPSec they are available. So it is probably a purely strategic decision by Sophos not to enable them under SSL VPN.



This thread was automatically locked due to age.
Parents
  • Hallo and welcome to the UTM Community!

    The following results in a "cipher AES-128-CBC" line in the SSL VPN config:

         

    Are you saying that "data-ciphers" is required in theSSL VPN client now instead of just "ciphers?"

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo and welcome to the UTM Community!

    The following results in a "cipher AES-128-CBC" line in the SSL VPN config:

         

    Are you saying that "data-ciphers" is required in theSSL VPN client now instead of just "ciphers?"

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • I think it was a roundabout way to poke the bear as to why there is no AES-GCM cipher in their software and when it was ever going to be implemented in UTM, lol.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)