AES-256-CBC Encryption on OpenVPN for FeeNAS - Need a PORT NUMBER!
Hey All,
I'm setting up a VPN connection with PIA for a FreeNAS jail (Transmission) and I'm stuck on the AES-256 Encryption. I was able to get the AES-128-CBC cypher to work properly but it required changing the port number from 1194 tp 1196. I assume the AES-256-CBC cypher will require a different port number as well.
I contacted PIA directly about this and they flat out refused to provide me with the information, saying that AES-256 was only available with the PIA client. This is a complete BS response, not only is it false but impossible.
Has anyone managed to set up AES-256-CBC on OpenVPN? If so what port did you use?
Any help with this will be greatly appreciated.
Comments
PIA don't care. They have a huge client base and are doing just fine apparently.
if I put myself in their shoes I understand it's easier for them to provide support if everybody's using the PIA app.
if you do find a port that works let us know!
So far I have heard nothing that would help you. Sorry.
For what its worth, I wouldn't trust an AES implementation that isn't open source. Even if the algorithm is well known, so much can go wrong when implementing crypto. I don't believe for a moment that PIA has added their own AES implementation to OpenVPN. I suspect they don't actually configure their servers to allow any of their high security settings, I just haven't felt the need to actually verify that.
@mjk79: For now, you will have to live with AES128 or Blowfish.
I know I remember back years ago before OpenVPN had AES, PIA added it to their own client. I am thinking it would have been around .26 or .28 or so of the client.
But I will shut up about how I remember it and see if I can find it. For the record, I do agree that it is pretty shitty to have no support nor even an explanation for why it will not work without the PIA client.
If I fail to find it, I will resort to the lame tactic of namedropping everyone I know of that works for PIA to see if they get the notifications and may be able to help.
*Edit* That was quick... https://web.archive.org/web/*/https://www.privateinternetaccess.com/forum/
Nothing...
@support
@kyjelly
@tardisonline
I could probably think of several more. But if any one of you can help find either a solution or at least an explanation I would be grateful.
Anyone know what happened to the old client thread or the old changelog thread?
this blog post from September 2013 mentions the PIA app supporting new encryption soon.
however, the idea that openvpn didn't support AES-256-CBC yet is completely absurd. openvpn has nothing to do with what ciphers are available as it uses openssl for that.
Indeed, a look at the openvpn change log https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 shows nothing to do with cipher squites
However, an openssl change log shows that AES-256-CBC was available at least as early as 2010. https://www.openssl.org/news/changelog.html
https://www.google.com/search?q=privateinternetaccess+aes+256&source=lnt&tbs=cdr:1,cd_min:2009,cd_max:2009&tbm=
Sadly, when I asked PIA about updated configuration files they said they would only be updating the PIA client. Perhaps if more users asked by email we might see something.