Re: [Openvpn-users] OpenVPN cipher issue?

2018-10-10 Thread Alex K
Hi, On Tue, Oct 9, 2018 at 9:43 PM Gert Doering wrote: > Hi, > > (copying in openvpn-devel, as this is something Steffan will want to > see...) > > On Tue, Oct 09, 2018 at 06:41:30PM +0300, Alex K wrote: > > Adding some more lines (verbosity 3): > > > > Tue Oct 9 15:38:17 2018 UDP link remote:

Re: [Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Gert Doering
Hi, (copying in openvpn-devel, as this is something Steffan will want to see...) On Tue, Oct 09, 2018 at 06:41:30PM +0300, Alex K wrote: > Adding some more lines (verbosity 3): > > Tue Oct 9 15:38:17 2018 UDP link remote: [AF_INET]:1195 > Tue Oct 9 15:38:17 2018 TLS: Initial packet from [AF_IN

Re: [Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Alex K
Hi Girt, On Tue, Oct 9, 2018 at 6:23 PM Gert Doering wrote: > Hi, > > On Tue, Oct 09, 2018 at 05:46:23PM +0300, Alex K wrote: > > confirmed, while the Ubuntu one is having a hard time. When establishing > > VPN with the server the Ubuntu client gives the error: > > > > RTue Oct 9 14:26:23 2018

Re: [Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Gert Doering
Hi, On Tue, Oct 09, 2018 at 05:46:23PM +0300, Alex K wrote: > confirmed, while the Ubuntu one is having a hard time. When establishing > VPN with the server the Ubuntu client gives the error: > > RTue Oct 9 14:26:23 2018 us=825324 cipher_ctx_update_ad: > EVP_CipherUpdate() failed > Tue Oct 9 14

[Openvpn-users] OpenVPN cipher issue?

2018-10-09 Thread Alex K
Hi all, I have lately upgraded the OpenVPN server to Debian9 which is using openvpn 2.4.0-6. I have several openvpn clients terminating to this server which are running Debian7 and one of them Ubuntu 12.04. I know, these are old... The debian7 ones are able to terminate the server and connectivity

Re: [Openvpn-users] OpenVPN cipher

2018-06-21 Thread Steffan Karger
Hi, On 18-06-18 00:53, David Sommerseth wrote: > On 17/06/18 23:21, Alex K wrote: > [...snip...] >> >> Seems that I can use AES-256-GCM since it gives same encapsulation overhead >> with slight decease of bandwidth compared to  AES-128-CBC I was using and it >> will provide some extra security to

Re: [Openvpn-users] OpenVPN cipher

2018-06-17 Thread Alex K
Understood. This is my understanding also. Alex, Thanx On Mon, Jun 18, 2018, 01:53 David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > On 17/06/18 23:21, Alex K wrote: > [...snip...] > > > > Seems that I can use AES-256-GCM since it gives same encapsulation > overhead > > with slight

Re: [Openvpn-users] OpenVPN cipher

2018-06-17 Thread David Sommerseth
On 17/06/18 23:21, Alex K wrote: [...snip...] > > Seems that I can use AES-256-GCM since it gives same encapsulation overhead > with slight decease of bandwidth compared to  AES-128-CBC I was using and it > will provide some extra security to avoid any surprises from the quantum > computers :) Let

Re: [Openvpn-users] OpenVPN cipher

2018-06-17 Thread Alex K
Some tests performed on throughput and overhead gave the below results: AES-256-GCM: Overhead: 10 - 12% (relative to the total traffic on eth0) Iperf within tunnel: 265 Mbps AES-128-GCM: Overhead: 7 - 8 % Iperf: 283 Mbps AES-128-CBC: Overhead: 10 - 13 % Iperf: 281 Mbps The VPN tunnel used is a

Re: [Openvpn-users] OpenVPN cipher

2018-06-16 Thread Alex K
Thank you David for the thorough answer. I will try and perform some tests and will post results here when done. Thanx, Alex On Sun, Jun 17, 2018, 02:18 David Sommerseth < open...@sf.lists.topphemmelig.net> wrote: > On 17/06/18 00:07, Alex K wrote: > > > > > > On Sat, Jun 16, 2018 at 12:58 PM,

Re: [Openvpn-users] OpenVPN cipher

2018-06-16 Thread David Sommerseth
On 17/06/18 00:07, Alex K wrote: > > > On Sat, Jun 16, 2018 at 12:58 PM, Gert Doering > wrote: > > Hi, > > On Sat, Jun 16, 2018 at 12:29:27AM +0300, Alex K wrote: > > Hi all, > > > > I have a server/client setup where I have set the following di

Re: [Openvpn-users] OpenVPN cipher

2018-06-16 Thread Alex K
On Sat, Jun 16, 2018 at 12:58 PM, Gert Doering wrote: > Hi, > > On Sat, Jun 16, 2018 at 12:29:27AM +0300, Alex K wrote: > > Hi all, > > > > I have a server/client setup where I have set the following directive at > > server and client: > > > > cipher AES-128-CBC > > > > When establishing VPN at c

Re: [Openvpn-users] OpenVPN cipher

2018-06-16 Thread Gert Doering
Hi, On Sat, Jun 16, 2018 at 12:29:27AM +0300, Alex K wrote: > Hi all, > > I have a server/client setup where I have set the following directive at > server and client: > > cipher AES-128-CBC > > When establishing VPN at client logs I see: > > Fri Jun 15 17:25:22 2018 Data Channel Encrypt: *Cip

Re: [Openvpn-users] OpenVPN cipher

2018-06-16 Thread Alex K
I see. Thank you! Alex On Sat, Jun 16, 2018, 02:12 Simon Deziel wrote: > On 2018-06-15 05:29 PM, Alex K wrote: > > Hi all, > > > > I have a server/client setup where I have set the following directive at > > server and client: > > > > cipher AES-128-CBC > > > > When establishing VPN at client l

Re: [Openvpn-users] OpenVPN cipher

2018-06-15 Thread Simon Deziel
On 2018-06-15 05:29 PM, Alex K wrote: > Hi all, > > I have a server/client setup where I have set the following directive at > server and client: > > cipher AES-128-CBC > > When establishing VPN at client logs I see: > > Fri Jun 15 17:25:22 2018 Data Channel Encrypt: *Cipher 'AES-256-GCM' > *in

[Openvpn-users] OpenVPN cipher

2018-06-15 Thread Alex K
Hi all, I have a server/client setup where I have set the following directive at server and client: cipher AES-128-CBC When establishing VPN at client logs I see: Fri Jun 15 17:25:22 2018 Data Channel Encrypt: *Cipher 'AES-256-GCM' *initialized with 256 bit key Fri Jun 15 17:25:22 2018 Data Cha