I have been using openvpn witht CBC for years and was curious to test out GCM since the AES-NI is available. I havent touched my config in years but just updated the cipher to AES-128-GCM and added ncp-disable but I cant get it to connect.
I am running the following
CHAOS CALMER (15.05, r46767)
openvpn-openssl 2.3.6-5
and I added kmod-crypto-gcm in case it was needed.
When I updated /etc/config/openvpn and restarted LUCI was not happy...
/usr/lib/lua/luci/dispatcher.lua:433: Failed to execute cbi dispatcher target for entry '/admin/services/openvpn'.
The called action terminated with an exception:
/usr/lib/lua/luci/cbi.lua:311: Unable to read UCI data: openvpn
stack traceback:
[C]: in function 'assert'
/usr/lib/lua/luci/dispatcher.lua:433: in function 'dispatch'
/usr/lib/lua/luci/dispatcher.lua:168: in function </usr/lib/lua/luci/dispatcher.lua:167>
When I run the following I do not see and option for GCM
openvpn --show-ciphers
DES-CFB 64 bit default key (fixed) (TLS client/server mode)
DES-CBC 64 bit default key (fixed)
RC2-CBC 128 bit default key (variable)
RC2-CFB 128 bit default key (variable) (TLS client/server mode)
RC2-OFB 128 bit default key (variable) (TLS client/server mode)
DES-EDE-CBC 128 bit default key (fixed)
DES-EDE3-CBC 192 bit default key (fixed)
DES-OFB 64 bit default key (fixed) (TLS client/server mode)
DES-EDE-CFB 128 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB 192 bit default key (fixed) (TLS client/server mode)
DES-EDE-OFB 128 bit default key (fixed) (TLS client/server mode)
DES-EDE3-OFB 192 bit default key (fixed) (TLS client/server mode)
DESX-CBC 192 bit default key (fixed)
BF-CBC 128 bit default key (variable)
BF-CFB 128 bit default key (variable) (TLS client/server mode)
BF-OFB 128 bit default key (variable) (TLS client/server mode)
RC2-40-CBC 40 bit default key (variable)
CAST5-CBC 128 bit default key (variable)
CAST5-CFB 128 bit default key (variable) (TLS client/server mode)
CAST5-OFB 128 bit default key (variable) (TLS client/server mode)
RC2-64-CBC 64 bit default key (variable)
AES-128-CBC 128 bit default key (fixed)
AES-128-OFB 128 bit default key (fixed) (TLS client/server mode)
AES-128-CFB 128 bit default key (fixed) (TLS client/server mode)
AES-192-CBC 192 bit default key (fixed)
AES-192-OFB 192 bit default key (fixed) (TLS client/server mode)
AES-192-CFB 192 bit default key (fixed) (TLS client/server mode)
AES-256-CBC 256 bit default key (fixed)
AES-256-OFB 256 bit default key (fixed) (TLS client/server mode)
AES-256-CFB 256 bit default key (fixed) (TLS client/server mode)
AES-128-CFB1 128 bit default key (fixed) (TLS client/server mode)
AES-192-CFB1 192 bit default key (fixed) (TLS client/server mode)
AES-256-CFB1 256 bit default key (fixed) (TLS client/server mode)
AES-128-CFB8 128 bit default key (fixed) (TLS client/server mode)
AES-192-CFB8 192 bit default key (fixed) (TLS client/server mode)
AES-256-CFB8 256 bit default key (fixed) (TLS client/server mode)
DES-CFB1 64 bit default key (fixed) (TLS client/server mode)
DES-CFB8 64 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB1 192 bit default key (fixed) (TLS client/server mode)
DES-EDE3-CFB8 192 bit default key (fixed) (TLS client/server mode)
SEED-CBC 128 bit default key (fixed)
SEED-OFB 128 bit default key (fixed) (TLS client/server mode)
SEED-CFB 128 bit default key (fixed) (TLS client/server mode)
Any idea what I am missing?