This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM - OpenVPN Client - AES-GCM

So far, SSL VPN under the UTM has worked without any problems with the OpenVPN client.
In the meantime, OpenVPN 2.6RC1 has been released, which requires AES-GCM ciphers. Only with a change in the config file the OpenVPN client can still connect.
e.g.
---
data-ciphers AES-128-CBC
data-ciphers-fallback AES-128-CBC
---

It is a pity that the ciphers are not unlocked under SSL VPN.
Under IPSec they are available. So it is probably a purely strategic decision by Sophos not to enable them under SSL VPN.



This thread was automatically locked due to age.
Parents Reply Children
  • I think it is very poor that sophos does not present GCM on openvpn but on ipsec they do. GCM is used almost everywhere instead of cbc. We have vpn routers same age or even older as sophos utm wihich offer GCM and ctr. They are supposed to be faster and more safe as cbc. We think about changing our openssl system.