This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM - OpenVPN Client - AES-GCM

So far, SSL VPN under the UTM has worked without any problems with the OpenVPN client.
In the meantime, OpenVPN 2.6RC1 has been released, which requires AES-GCM ciphers. Only with a change in the config file the OpenVPN client can still connect.
e.g.
---
data-ciphers AES-128-CBC
data-ciphers-fallback AES-128-CBC
---

It is a pity that the ciphers are not unlocked under SSL VPN.
Under IPSec they are available. So it is probably a purely strategic decision by Sophos not to enable them under SSL VPN.



This thread was automatically locked due to age.
Parents
  • Getting GCM to work in SSLVPN would mean to upgrade the openvpn version, which means to upgrade and test all sub components of this module. It is not a pure apt-get upgrade - it is more likely a huge effort to do this. 

    SFOS already supports this ciphers and other further upgrade. So maybe a upgrade to SFOS would resolve your need, especially if you are a home user. 

    __________________________________________________________________________________________________________________

  • I am not a home user.
    We have OpenVPN in use on many clients.
    Instead of migrating to SFOS, I'm more likely to switch to another enterprise product. 
    The excuse of a huge effort does not apply in security products.
    It has been known since at least 2019 that the CBC Ciphers is considered vulnerable.

Reply
  • I am not a home user.
    We have OpenVPN in use on many clients.
    Instead of migrating to SFOS, I'm more likely to switch to another enterprise product. 
    The excuse of a huge effort does not apply in security products.
    It has been known since at least 2019 that the CBC Ciphers is considered vulnerable.

Children