Data-Channel Encryption Cipher Negotiation on Access Server | OpenVPN
Understand the data-channel encryption cipher negotiation that encrypts communication between Access Server and VPN clients.
Introduction
The data-channel encryption cipher encrypts and decrypts the data packets transmitted through the OpenVPN tunnel. This documentation provides an overview of data-channel ciphers for OpenVPN Access Server and the differences between versions.
Access Server 2.9 and newer provides data-channel cipher configuration in the Admin Web UI and the command-line interface. For details, refer to this tutorial: Change the Data-Channel Encryption Cipher.
Default data-channel ciphers
Access Server and OpenVPN clients have default data-channel ciphers, but determining these depends on various factors. Use the following information to find the scenario that most closely matches your server-client setup. And, if you prefer, you can change the default values using the Admin Web UI or command-line interface, as detailed in this tutorial: Change the Data-Channel Encryption Cipher.
Over time, the cipher used for the data channel has changed. Far in the past, with the initial release of Access Server 1.0, the default was BF-CBC, but this has long since been deprecated. Since Access Server 2.5 and OpenVPN client 2.4, the default is now AES-256-GCM. So on Access Server 3.0, with OpenVPN clients, 2.4 or newer, you will almost certainly be using AES-256-GCM for the encryption cipher now. You can verify this in the logs using the instructions in this document.
If your client is older, it can't use AES-256-GCM, but AES-256-CBC would then be an acceptable alternative. CBC is slightly slower than GCM but equivalent in encryption strength. If your setup is still using BF-CBC, you should see the section in this document about migrating away from BF-CBC.
AES-256-GCM default for Access Server
AES-256-GCM is the default since Access Server 2.5, with AES-256-GCM preferred for newer OpenVPN clients (2.4 and above). For backward compatibility, older clients are using AES-256-CBC. They have the same level of security, but more recent OpenVPN versions use the faster GCM method to combine the encryption and authentication steps into one. In CBC mode, the packet authentication is done using SHA1 HMAC. In the specific use case of using it for HMAC, SHA1 is still considered secure. So in either case, with older and newer clients, you are secure.
Configurable data-channel cipher for Access Server
You can configure the data-cipher string in the Admin Web UI and the command-line interface. This allows setting a number of ciphers in order of priority. The first cipher the client can use will be the one used for the VPN connection, so the server is in control of deciding which cipher is preferred.
For details on configuring this, refer to Change the Data-channel Encryption Cipher.
BF-CBC default for old Access Server versions
If you used a version of Access Server before 2.5, the cipher is BF-CBC by default. And if you don't upgrade your Access Server, it will continue to use BF-CBC only. This is considered insecure today.
If you upgrade an old installation of Access Server to version 2.5 or newer, AES-256-GCM will be preferred for newer OpenVPN clients (2.4 and above), while older clients use BF-CBC to maintain backward compatibility. In this situation, verify if you still have older VPN clients that use BF-CBC, and if so, consult our BF-CBC cipher deprecation recommendations.
Verify what data-channel cipher is actually used in the log file
To see exactly what cipher is used with a VPN connection, you can check your log entries.
Log entry in openvpnas.log showing AES-256-GCM data-channel encryption:
2022-01-01 12:00:00 User/192.0.2.22:12345 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-01-01 12:00:00 User/192.0.2.22:12345 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key