--cipher alg : Encrypt packets with cipher algorithm alg
(default=BF-CBC).
Set alg=none to disable encryption.
and
openvpn --show-ciphers
tells me
AES-256-CBC (256 bit key, 128 bit block)
is one of the algorithms. But when I invoke
/usr/sbin/openvpn --cipher AES-256-CBC Ireland.ovpn
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: cipher (2.4.3)
Use --help for more information.
or
/usr/sbin/openvpn --cipher=AES-256-CBC Ireland.ovpnOptions error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: cipher=AES-256-CBC (2.4.3)
Use --help for more information.
…it errors out. What am I doing wrong? Thanks in advance.
Ireland.opvn is a config file but as the following shows it works without --config. But I will test using your suggestion.
linux-i1f2:/etc/openvpn # /usr/sbin/openvpn Ireland.ovpn
Sat Apr 27 21:58:18 2019 WARNING: file 'pass.txt' is group or others accessible
Sat Apr 27 21:58:18 2019 OpenVPN 2.4.3 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017
Sat Apr 27 21:58:18 2019 library versions: OpenSSL 1.1.0i-fips 14 Aug 2018, LZO 2.10
Sat Apr 27 21:58:18 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.92.127.2:1194
Sat Apr 27 21:58:18 2019 UDP link local: (not bound)
Sat Apr 27 21:58:18 2019 UDP link remote: [AF_INET]23.92.127.2:1194
Sat Apr 27 21:58:18 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Apr 27 21:58:19 2019 [180cbd4dde946350e690d0f40070d450] Peer Connection Initiated with [AF_INET]23.92.127.2:1194
Sat Apr 27 21:58:25 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sat Apr 27 21:58:25 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Sat Apr 27 21:58:25 2019 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Sat Apr 27 21:58:25 2019 TUN/TAP device tun0 opened
Sat Apr 27 21:58:25 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Apr 27 21:58:25 2019 /bin/ip link set dev tun0 up mtu 1500
Sat Apr 27 21:58:25 2019 /bin/ip addr add dev tun0 local 10.16.10.10 peer 10.16.10.9
Sat Apr 27 21:58:25 2019 Initialization Sequence Completed