參考https://forum.linode.com/viewtopic.php?f=20&t=8099&start=15

Blowfish is the default cipher, unbreakable and chose by the OpenVPN team as a good balance of great strenght and low ressource usage. You have no reason to 'upgrade' it really.

Still, you change the cipher by having a matching cipher line in both client and server configuration file.

Find the list of available ciphers by running

Code:

openvpn --show-ciphers

Then just add a line
Code:

cipher AES-256-CBC

to both client and server conf.

If you're interested in tweaking all this (and there's really no need), you may want to also look at tls-cipher and auth.

As an example, because I'm also pretty eager to always use the bigger even if it's not really needed, I have:
Code:

tls-cipher DHE-RSA-AES256-SHA
cipher AES-256-CBC
auth ecdsa-with-SHA1

Find a list of what's available on your particular system with
Code:

openvpn --show-tls
openvpn --show-ciphers
openvpn --show-digests

You should make sure that what you decide to use is supported both by your server and your client.

Have fun,
zjl