Encryption options using OpenVPN client

gastonsalggastonsalg
edited August 2014 in VPN Setup Support
Hi,
I'm trying the OpenVPN client, which I find lighter and faster compared to the PIA client.
Of course, the downside is that the configuration is not as straight forward.
I'm trying to change the encryption from Blowfish to AES-128 or even AES-256, without success.
As found in OpenVPN documentation, I added this one line to my ovpn file:
cipher AES-128-CBC
When doing so, I get these two warnings on the OpenVPN log:

WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher BF-CBC'

Once the connection is set, I cannot access Internet and this line starts repeating:

Authenticate/Decrypt packet error: cipher final failed

I couldn't find any related help. Would you please provide further information on how to set up Data Encryption, or even Access Encryption with the OpenVPN client, if possible?

Thanks in advance.

Comments

  • UserKKUserKK
    Try changing the port from 1194 to 1196 in the line with the server address.   That used to work.
     But i don't use openvpn client so i can't test..



    .


  • gastonsalggastonsalg
    Thanks for your answer, UserKK. Port 1196 seems to be configured to use cipher AES-128-CBC. It worked right away.

    Do you have any idea on where the list of available ports could be? PIA support guys don't seem to be too active here in the forum...
  • UserKKUserKK
    No i don't.  The only reason i know that one is i beta tested the PIA servers a long time ago before they implemented the multiple encryption options in the client.  And that was the way they had me set up my OpenVPN to try it.

    Glad it worked for you


  • ticksg21ticksg21
    Thanks to you as well UserKK. I just wanted try it and using port 1194 obviously did not work. 1196 does and trying to get a handle on whether it is better. I have an Intel 930 (2.80 Ghz) overclocked to 3.80 Ghz but this processor, which came out in 2010, is roughly a year before Intel chips were equipped with AES-NI.
  • BeefJerkyBeefJerky
    UserKK: Any idea on what specific port they may be using dedicated to AES-256? Thanks!
  • 1053810538

    https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-
Sign In or Register to comment.