Changes between Version 4 and Version 5 of GettingStartedwithOVPN
- Timestamp:
- 08/29/16 12:54:25 (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
GettingStartedwithOVPN
v4 v5 142 142 This temporary encryption key (which you will not see for yourself; it will be in RAM only) is used for encrypting the data which will be passed over the VPN connection, also known as the data channel. So all your network traffic between your server and client goes in the data channel and will be encrypted by this temporary key. 143 143 144 The encryption algorithm which is used for the data channel can be modified as well. By default, OpenVPN will use the Blowfish algortihm.OpenVPN mostly provides the same algorithms as your SSL library supports. To see which algorithms are available, see the outpout of:144 The encryption algorithm which is used for the data channel can be modified as well. OpenVPN mostly provides the same algorithms as your SSL library supports. To see which algorithms are available, see the outpout of: 145 145 146 146 {{{ … … 150 150 Those ciphers which are listed with '(variable)' in the output can have a variable key length, controlled by the --keysize option. 151 151 152 If you are happy with the default Blowfish algorithm, you don't need to add anything. If you would prefer an AES algorithm with 256 bits encryption, add this line to both client and server configs: 152 '''WARNING:''' By default OpenVPN does currently use the Blowfish cipher, but that is now discouraged due to general issues with Blowfish, RC4, CAST5 and DES/3DES. If you need to use any of these weaker algorithms, do at least consider to add `--reneg-bytes 64000000` to your configuration. For more information see [wiki:SWEET32]. 153 154 To use the prefer an AES algorithm with 256 bits encryption, add this line to both client and server configs: 153 155 154 156 {{{