Hello,
first off: Thanks for putting up a free version of Pritunl and hosting this forum! This is really great!
I noticed, that in the Pritunl OpenVPN-Server the encryption algorithm is set to “AES 256bit GCM”, but in the .ovpn-configuration file for the clients the encryption cipher is set to “AES-256-CBC”.
Furthermore wie OpenVPN 2.6 there are warnings regarding the cipher-option itself. The OpenVPN-Clientlog states:
DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
The connection to the Pritunl VPN Server can be established and everything seems to be working fine. However the warnings from the OpenVPN Community Client are suggesting, that the currently generated .ovpn-config files won´t be working with future versions of OpenVPN Clients.
For an error free result in the connection log of the client i had to add the following line:
data-ciphers AES-256-CBC
The existing line “cipher AES-256-CBC” has to stay for older OpenVPN Client Versions (which don´t know the new configuration directive).
It is strange, that the ovpn configuration file has AES-256-CBC instead of the configured value on the Pritunl VPN server. In the server log of the Pritunl VPN server i can see, that the connection is correctly established with AES-256-GCM. So this should be fine.
It would be nice, if future versions of Pritunl could add the “data-ciphers”-Option to the .ovpn-config file.
Regards,
Matthias Wefer