Jump to content
TorGuard
  • 0
rush1967

Open VPN client keeps connecting at 128 GCM

Rate this question

Question

I am using the config generator to create a config to ultimately use with my Vilfo VPN router.  I have tried so many variations to try to connect at 256 GCM but the logs show that the TG servers report back 256 CBC and then the client and server settle on 128 GCM.  Has anyone got a config working for this sort of scenario?  I have tested with the generic OPEN VPN client as well and always get the same result.

 

Share this post


Link to post
Share on other sites

4 answers to this question

Recommended Posts

  • 0
On 12/1/2018 at 8:23 PM, rush1967 said:

I am using the config generator to create a config to ultimately use with my Vilfo VPN router.  I have tried so many variations to try to connect at 256 GCM but the logs show that the TG servers report back 256 CBC and then the client and server settle on 128 GCM.  Has anyone got a config working for this sort of scenario?  I have tested with the generic OPEN VPN client as well and always get the same result.

 

 

Hi Rush

You need to add the following config line to your OpenVPN config to prevent cipher negotiation:

 

ncp-disable

It should then use the cipher you specify

Regards

 

 

Share this post


Link to post
Share on other sites
  • 0
7 minutes ago, Support said:

 

Hi Rush

You need to add the following config line to your OpenVPN config to prevent cipher negotiation:

 

ncp-disable

It should then use the cipher you specify

Regards

 

That is already in my config.  The server is trying to push 256-CBC to me but since I have "cipher AES-256-GCM" in my config then the server negotiates down to 125-GCM.  Below is my config with the TLS and CA key sections removed.

 

client

dev tun

proto udp

remote ny.east.usa.torguardvpnaccess.com 1195

remote-cert-tls server

auth SHA256

key-direction 1

setenv CLIENT_CERT 0

 

ncp-disable

resolv-retry infinite

nobind

tls-version-min 1.2

cipher AES-256-GCM

auth-user-pass

tun-mtu-extra 32

Share this post


Link to post
Share on other sites
  • 0
1 hour ago, rush1967 said:

 

That is already in my config.  The server is trying to push 256-CBC to me but since I have "cipher AES-256-GCM" in my config then the server negotiates down to 125-GCM.  Below is my config with the TLS and CA key sections removed.

 

client

dev tun

proto udp

remote ny.east.usa.torguardvpnaccess.com 1195

remote-cert-tls server

auth SHA256

key-direction 1

setenv CLIENT_CERT 0

 

ncp-disable

resolv-retry infinite

nobind

tls-version-min 1.2

cipher AES-256-GCM

auth-user-pass

tun-mtu-extra 32

 

What version of OpenVPN are you running there?

Share this post


Link to post
Share on other sites
  • 0
4 minutes ago, Support said:

 

What version of OpenVPN are you running there?

 

I am either using the Open VPN 2.4 client or my Vilfo router with is also version 2.4.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×