manual-connections
manual-connections copied to clipboard
pia-foss
Request: Add support for RC4 cipher for OpenVPN
Hi :)
Absolutely awesome that you've made this option available for us Linux folk. I found an old Android TV stick in the drawer, threw Armbian on it, and off we go to the races! Well, the pony races :D Because this is a seriously underpowered device.
I can manage ~ 4MBps data transfer via OpenVPN and this script. However, doing a bit of openssl performance testing, it reveals that if only I could use the rc4 cipher rather than aes-128-cbc, I'd get about twice the performance.
Beggars can't be choosers, I get that, but here's one beggar begging for the ability (even unofficially, as I already tried this unofficially by editing the ovpn config file) to chose between more ciphers — at least this one, which AFAIR from my semi-sysadmin days, is a stellar performer always, even if not as secure as the rest of them.
Still, if not, thanks anyway for this piece of awesomeness :)
I do not see rc4 as part of the official list of supported ciphers: https://openvpn.net/vpn-server-resources/change-encryption-cipher-in-access-server/
Am I missing something?
Hmm... Good question. I kinda assumed that it would support anything that openssl supports, since it seems to be using its libraries for encryption. But it might not. none is in the list, though, that would be nice, too :D
I think we should test OpenVPN 2.5 with --data-ciphers AES-128-GCM:AES-256-GCM:none to see if all 3 algorithms are possible. This has to be tested by changing the config both on the server side and on the client side.
I think it is worth it to try it out, but I can not promise a date at this point.
I noticed that in the desktop client I could select none for encryption. So at least for feature parity's sake, it'd be nice if these scripts would support that, too :)
Feature parity is also achieved by removing
nonefrom the apps. 😄
Ha ha :D Very true!