search

pia-foss / manual-connections

Scripts for manual connections to Private Internet Access
MIT License
619 stars 169 forks source link

Request: Add support for RC4 cipher for OpenVPN #95

Open DanielSmedegaardBuus opened 3 years ago

DanielSmedegaardBuus commented 3 years ago

Hi :)

Absolutely awesome that you've made this option available for us Linux folk. I found an old Android TV stick in the drawer, threw Armbian on it, and off we go to the races! Well, the pony races :D Because this is a seriously underpowered device.

I can manage ~ 4MBps data transfer via OpenVPN and this script. However, doing a bit of openssl performance testing, it reveals that if only I could use the rc4 cipher rather than aes-128-cbc, I'd get about twice the performance.

Beggars can't be choosers, I get that, but here's one beggar begging for the ability (even unofficially, as I already tried this unofficially by editing the ovpn config file) to chose between more ciphers — at least this one, which AFAIR from my semi-sysadmin days, is a stellar performer always, even if not as secure as the rest of them.

Still, if not, thanks anyway for this piece of awesomeness :)

g00nix commented 3 years ago

I do not see rc4 as part of the official list of supported ciphers: https://openvpn.net/vpn-server-resources/change-encryption-cipher-in-access-server/

Am I missing something?

DanielSmedegaardBuus commented 3 years ago

Hmm... Good question. I kinda assumed that it would support anything that openssl supports, since it seems to be using its libraries for encryption. But it might not. none is in the list, though, that would be nice, too :D

g00nix commented 3 years ago

I think we should test OpenVPN 2.5 with --data-ciphers AES-128-GCM:AES-256-GCM:none to see if all 3 algorithms are possible. This has to be tested by changing the config both on the server side and on the client side.

I think it is worth it to try it out, but I can not promise a date at this point.

DanielSmedegaardBuus commented 3 years ago

I noticed that in the desktop client I could select none for encryption. So at least for feature parity's sake, it'd be nice if these scripts would support that, too :)

g00nix commented 3 years ago

Feature parity is also achieved by removing none from the apps. 😄

DanielSmedegaardBuus commented 3 years ago

Feature parity is also achieved by removing none from the apps. 😄

Ha ha :D Very true!