Reply To: Encryption on LAN-to-LAN VPNs

Home Page Forums Network Management ZeroShell Encryption on LAN-to-LAN VPNs Reply To: Encryption on LAN-to-LAN VPNs



I do not know what is the default encryption used by OpenVPN to encrypt the data. In any case you can see the supported cipher with the command:

openvpn –show-ciphers

The following ciphers and cipher modes are available
for use with OpenVPN. Each cipher shown below may be
used as a parameter to the –cipher option. The default
key size is shown as well as whether or not it can be
changed with the –keysize directive. Using a CBC mode
is recommended.

DES-CBC 64 bit default key (fixed)
IDEA-CBC 128 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-192-CBC 192 bit default key (fixed)
AES-256-CBC 256 bit default key (fixed)

After that, you could, for example, force the use of AES256 with the switch

–cipher AES-256-CBC

in the parameter field in both the VPN peers.