Community Support Forum
 
  OpenVPN.net  •  Forum Index  •  FAQ  

It is currently Thu Apr 24, 2014 7:04 pm


Forum rules


If you would like help, here is a few things you will want to do in order to help us help you.

**Post your configs from client and server, without comments. you can strip comments in linux/bsd with something like this:
grep -vE '^#|^;|^$' server.conf
**Tell us your goal.
**If you are having problems connecting, post your logfiles from server and client after using verb 4 in both configs


Also, there are 2 things you should be aware of:

**Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. Why TCP Over TCP Is A Bad Idea: http://sites.inka.de/~bigred/devel/tcp-tcp.html
**You ONLY want to use dev tap if you are tunneling layer2 traffic, if you are using IP traffic you want tun. If you are using tap only for windows file sharing, look into running a WINS server instead.



Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
 encryption 
Author Message
 Post subject: encryption
PostPosted: Wed Mar 16, 2011 3:47 pm 
OpenVPN User

Joined: Wed Mar 16, 2011 3:35 pm
Posts: 11
I want to ask,
whether the number of bits of encryption can be changed?
eg 32, 64, 128, 256, 512?

# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
;cipher BF-CBC # Blowfish (default)
;cipher AES-128-CBC # AES
;cipher DES-EDE3-CBC # Triple-DES


Offline
 Profile  
 
 Post subject: Re: encryption
PostPosted: Thu Mar 17, 2011 8:59 am 
Forum Team
User avatar

Joined: Fri Aug 20, 2010 2:57 pm
Posts: 2702
Location: Amsterdam
try running
Code:
openvpn --show-ciphers
The following ciphers and cipher modes are available
for use with OpenVPN.  Each cipher shown below may be
used as a parameter to the --cipher option.  The default
key size is shown as well as whether or not it can be
changed with the --keysize directive.  Using a CBC mode
is recommended.

DES-CFB 64 bit default key (fixed)
DES-CBC 64 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
RC2-CFB 128 bit default key (variable)
RC2-OFB 128 bit default key (variable)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DES-OFB 64 bit default key (fixed)
DES-EDE-CFB 128 bit default key (fixed)
DES-EDE3-CFB 192 bit default key (fixed)
DES-EDE-OFB 128 bit default key (fixed)
DES-EDE3-OFB 192 bit default key (fixed)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
BF-CFB 128 bit default key (variable)
BF-OFB 128 bit default key (variable)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
CAST5-CFB 128 bit default key (variable)
CAST5-OFB 128 bit default key (variable)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-128-OFB 128 bit default key (fixed)
AES-128-CFB 128 bit default key (fixed)
AES-192-CBC 192 bit default key (fixed)
AES-192-OFB 192 bit default key (fixed)
AES-192-CFB 192 bit default key (fixed)
AES-256-CBC 256 bit default key (fixed)
AES-256-OFB 256 bit default key (fixed)
AES-256-CFB 256 bit default key (fixed)
AES-128-CFB1 128 bit default key (fixed)
AES-192-CFB1 192 bit default key (fixed)
AES-256-CFB1 256 bit default key (fixed)
AES-128-CFB8 128 bit default key (fixed)
AES-192-CFB8 192 bit default key (fixed)
AES-256-CFB8 256 bit default key (fixed)
DES-CFB1 64 bit default key (fixed)
DES-CFB8 64 bit default key (fixed)


as stated, a CBC cipher is recommended; if you use AES as the encryption routines you can choose AES-128-CBC, AES-192-CBC or AES-256-CBC - that should be sufficient for most purposes

_________________
JJK / Jan Just Keijser
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/index.html
http://www.nikhef.nl/~janjust/vpn/OpenVPN2-Cookbook/errata.html


Offline
 Profile  
 
 Post subject: Re: encryption
PostPosted: Thu Mar 24, 2011 4:20 am 
OpenVPN User

Joined: Wed Mar 16, 2011 3:35 pm
Posts: 11
thank you for this information, i will try it


Offline
 Profile  
 
 Post subject: Re: encryption
PostPosted: Thu Mar 24, 2011 8:35 am 
Forum Team
User avatar

Joined: Wed Jan 12, 2011 9:23 am
Posts: 2800
Location: Athens,Greece
SOLVED


--closed--

_________________
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Mitsubishi Evo IX Rules! (HKS EVC-S ,HKS TBE,HKS suction kit ,HKS Type R IC,Walbro 255 ,HKS 272/278, Motec m800OEM)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)


Offline
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 


 Who is online 

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


phpBB SEO
[ Time : 0.201s | 14 Queries | GZIP : On ]

 
Index  |  FAQ


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group