openvpn加密設定
參考https://forum.linode.com/viewtopic.php?f=20&t=8099&start=15
Blowfish is the default cipher, unbreakable and chose by the OpenVPN team as a good balance of great strenght and low ressource usage. You have no reason to 'upgrade' it really.
Still, you change the cipher by having a matching cipher line in both client and server configuration file.
Find the list of available ciphers by running
openvpn --show-ciphers
Then just add a line
Code:
cipher AES-256-CBC
to both client and server conf.
If you're interested in tweaking all this (and there's really no need), you may want to also look at tls-cipher and auth.
As an example, because I'm also pretty eager to always use the bigger even if it's not really needed, I have:
Code:
tls-cipher DHE-RSA-AES256-SHA cipher AES-256-CBC auth ecdsa-with-SHA1
Find a list of what's available on your particular system with
Code:
openvpn --show-tls openvpn --show-ciphers openvpn --show-digests
You should make sure that what you decide to use is supported both by your server and your client.
Have fun,
zjl