Hello all,
I know some of the good folks here use Private Internet Access as a VPN provider and have some experience with setting up OpenVPN alongside good UFW rules. Until recently, you could only use weaker forms of available encryption (e.g., Blowfish) when using OpenVPN to connect to PIA servers.
However, last month PIA announced that their servers can now accept strong encryption settings with “stock OpenVPN” over port 1197. I have fiddled with the config files (released by PIA as .ovpn files for each gateway) and adjusted my UFW rules and indeed managed to connect.
My only question now is: how can I verify that I am connecting to PIA servers using the strong encryption options rsa4096, aes-256-cbc, and sha256 when I connect?
As an example of what I imagine I'm after, a comment on PIA forums lists some log messages that seem to confirm what settings are applied in the connection:
Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
When i look through /var/log/syslog
I don't see anything like the 'encrypt/decrypt/control channel' messages above. Maybe these specific terms aren't used with OpenVPN, but are there some other messages I should see to confirm I’m connecting with my chosen settings?