In one of our OpenVPN server and client connections, we observed a strange behavior from one of the client. Even though the client had "cipher AES-256-CBC" set in his configuration file, but in the logs, we still see:
Mon Feb 13 07:58:33 2017 xxx.xx.xxx.xx:50112 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Mon Feb 13 07:58:33 2017 xxx.xx.xxx.xx:50112 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
OpenVPN is using 'AES-256-GCM' encryption algorithm even on both server/client configuration files we set it to "AES-256-CBC".
This is due to you have the "Enable NCP" option enabled, and in your list of allowed NCP encryption algorithms, "AES-256-GCM" is preferred over "AES-256-CBC". If you want to stop this override behavior (NCP), you can disable the NCP override, or you can update your encryption algorithm.
No comments:
Post a Comment