Pushing ciphers

Another new feature of OpenVPN 2.4+ is the ability to "push" a cipher or HMAC algorithm from the server to the client. This makes it much easier to switch encryption or HMAC authentication algorithms, provided that all clients are using OpenVPN 2.4. This recipe provides a setup for explicitly pushing a cipher, as well as an explanation of the new cipher negotiation protocol.

Getting ready

This recipe uses the PKI files created in the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.4.0. The client was running Fedora 22 Linux and OpenVPN 2.4.0. For the server, keep the server configuration file basic-udp-server.conf from the Server-side routing ...

Get OpenVPN Cookbook - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

OpenVPN Cookbook - Second Edition by Jan Just Keijser

Pushing ciphers

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly