It’s a minor thing, not really a bug, but with the original config-file downloaded from roadwarrior accounts, this messages appears in openvpn log:
WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
When I manually add cipher BF-CBC
to the config file, the message disappers. No warning anymore.
To harden openvpn and to avoid this warning, I think the cipher should be automatically added to the openvpn-config-file.
What do you think @giacomo ?
EDIT: Or should the cipher be changed to AES-256-CBC or change from 128bit to a higher value in case of BF-CBC to harden OPENVPN at all?