Hi there,
I’m trying to use 128bit rather than 256bit VPN but my VPN provider haven’t been to helpful.
Can I customise the cipher on OpenWRT or by amending the profiles I have or does it have to be done by the provider?
Hi there,
I’m trying to use 128bit rather than 256bit VPN but my VPN provider haven’t been to helpful.
Can I customise the cipher on OpenWRT or by amending the profiles I have or does it have to be done by the provider?
You cannot amend the cipher in the User Interface because it ithe VPN part is “closed-shop”. In my opinion, it would be better if the firmware were written so that this modification (and any other VPN mod) could be made in Luci.
One way of doing it is to edit your ovpn file before uploading (assuming your provider supports it). It can also probably be done by editing the config file directly using something like WinSCP.
Glitch
Yes, Luci modification would be good.
Thanks for the help @Glitch. I’m familiar with WinSCP, do you know what modification I would make to the file to make it 128-bit cipher?
I’ve pasted contents from my Ovpn file below.
client
dev tun
proto udp
remote uk1.safervpn.com 1194 # - Your server IP and OpenVPN Port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
Normally there is something like this in it:
cipher AES-256-CBC
However, in your case looks like your provider only offers one encryption standard, 256 bit
It is possible to request a cipher but the server must be configured to allow this and the server can override your choice (which would show in the status message)
–cipher alg
Encrypt data channel packets with cipher algorithm alg. When cipher negotiation (NCP) is allowed, OpenVPN 2.4 and newer on both client and server side will automatically upgrade to AES-256-GCM
The following data is always pushed to the server:
IV_NCP=2 – negotiable ciphers, client supports --cipher pushed by the server
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
In order to change the cipher in OpenVPN Access Server you will need to add the following line to both the client and server config directives via the Advanced VPN page:
cipher ciphername
How to correctly secure your OpenVPN connection
https://gist.github.com/pwnsdx/8fc14ee1e9f561a0a5b8
@wifird It needs both of client and server config the same chiper. How To Change. One line like cipher AES-256-CBC.