New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[OPENVPN] Cipher 'AES-256-GCM' mode not supported #1959
Comments
If your system supports AES-NI, don't select a crypto engine in OpenSSL and it should work. |
Hi, thank's for the reply. I have test without Hardware Crypto in OpenVPN config and with Cryptographic Hardware Acceleration set to "AES-NI CPU Based Acceleration (aesni)" in System: Settings: Miscellaneous, same problem : "Cipher 'AES-256-GCM' mode not supported". Vice et versa : with Hardware Crypto to "Intel RDRAND engine - RAND" in OpenVPN config and without Cryptographic Hardware Acceleration in System: Settings: Miscellaneous, same problem : "Cipher 'AES-256-GCM' mode not supported". Without hardware crypto in both openvpn config, and system settings, same problem. But in shell, the following command work's : System runing up-to-date : Thank's a lot. |
I could reproduce. Which server mode did you configure? |
I use the "Peer to Peer ( shared key )" server mode. |
Yes, this does not work. The cipher is TLS-only, you can even see that from the drop down selection. :) |
Oh I never see this mention in the drop down selection ! Thank's. So it will work if I switch to peer to peer SSL/TLS ? Thank's a lot, and sorry for this mistake ! |
From a quick test, all other modes seemed to work ok. No worries. :) |
Perfect, it work's ! Thank's |
👍 |
Hello,
I have a problem on two OPNsense system.
I try to improve speed of existing openvpn connexion between these two OPNsense.
The VPN was using "AES-128-CBC" cipher, I want to use the "AES-256-GCM" cipher.
The first system is based on an Asrack C2550d4i.
The second is based on a KVM virtual machine, host has also an Atom C2550 processor, and the AES-NI is passed to the guest.
On the two system, I enable the AES-NI :
Without AES-NI, I can't use the AES-GCM cipher :
But with, It work, like expected :
So in the Openvpn config, I enable the "Hardware Crypto" to "Intel RDRAND engine - RAND", but OPENVPN said the cipher is not supported :
The Openvpn config file :
Sorry for my English and thank's for the help
The text was updated successfully, but these errors were encountered: