Hi Steffan Thanks for taking the time to explain to me the salient features of a good encryption/decryption VPN.
> > tls-client > > This means you're using TLS for forward secrecy, and are refreshing you > data channel keys (at least) hourly. That's good. Is "forward secrecy" the same as "Perfect Forward Secrecy"? I have come across the latter on some websites. How can you tell the data channel keys are refreshed at regular intervals? > You're using TLS-auth to protect against mitm attacks on your TLS > connection, which is very good. key-directing 1 means you are using > different keys for client-server and server-client traffic, which is > good too. Should I be worried if some VPN providers do NOT use "tls-auth" or "key-directing 1"? The reason for asking is I have been using commercial VPN providers for many years and some of them do NOT provide "tls-auth" or "key-directing 1". > > Wed Dec 7 08:27:57 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 > > ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA > You said that my VPN provider is using 4096 bit RSA based on the above statement. What about "ECDHE-RSA-AES256-GCM-SHA384"? > > So, all in all, very decent setup. Once you move to OpenVPN 2.4 (which > is nearing release), you switch from --tls-auth to --tls-crypt for some > "poor-man's" post-quantum security, and use AES-256-GCM for more > efficiency on the data channel. Could you explain in greater detail your statement "use AES-256-GCM for more efficiency on the data channel"? My VPN provider is already using AES-256-GCM but its technical staff had told me that I needed to use their version of OpenVPN software because the community-version 2.3.14 does not offer AES-256-GCM. To be safe, I declined their offer. Regards. Sebastian ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
