Can I update the VPN software to support newer versions of OpenVPN? ACS-128-CBC vs GCM
Hello! I have the Orbi WiFi 6 Router AX4200 (RBR750). The router itself is working great, and I'm very happy with it.
What isn't so great is that as far as I can tell the VPN Server that is available on the device is perhaps a bit older, and doesn't seem to support the more modern ACS-128-GCM or ACS-256-GCM standards.
I am not sure if there is some way I can update the VPN Server software on the device specifically, or some other way I can get deeper into the configuration to (for example) allow for different VPN configuration options, etc.
Unfortunately the device I'm trying to connect to the VPN server does not allow ACS-128-CBC (which is what the Orbi server uses), and I've struck out thus far figuring out how to allow the router to use this (I believe it's using OpenVPN >= 2.5 or that's what my past googling seems to indicate).
Thanks for any ideas or solutions!
p.s. I don't mind installing alternate firmware, etc, if that's a thing.
Unfortunately the device I'm trying to connect to the VPN server does not allow ACS-128-CBC (which is what the Orbi server uses), and I've struck out thus far figuring out how to allow the router to use this (I believe it's using OpenVPN >= 2.5 or that's what my past googling seems to indicate).
Would you mind sharing which device this is? I did not realize that OpenVPN client versions are not "backward compatible".
As far as I know, Orbi firmware is a "closed box". The user has no mechanism to alter the firmware or change any parameters that are not exposed to the web interface. In other words, no way, no how.
Re: Can I update the VPN software to support newer versions of OpenVPN? ACS-128-CBC vs GCM
The current RBR750 contains OpenVPN 2.4.7. That is also true for current versions of the 800 Series and 900 Series firmware. Best source for information on Cipher Negotiation information I have found is https://community.openvpn.net/openvpn/wiki/CipherNegotiation
Hello! I have the Orbi WiFi 6 Router AX4200 (RBR750). The router itself is working great, and I'm very happy with it.
What isn't so great is that as far as I can tell the VPN Server that is available on the device is perhaps a bit older, and doesn't seem to support the more modern ACS-128-GCM or ACS-256-GCM standards.
I am not sure if there is some way I can update the VPN Server software on the device specifically, or some other way I can get deeper into the configuration to (for example) allow for different VPN configuration options, etc.
Unfortunately the device I'm trying to connect to the VPN server does not allow ACS-128-CBC (which is what the Orbi server uses), and I've struck out thus far figuring out how to allow the router to use this (I believe it's using OpenVPN >= 2.5 or that's what my past googling seems to indicate).
Thanks for any ideas or solutions!
p.s. I don't mind installing alternate firmware, etc, if that's a thing.
The current RBR750 contains OpenVPN 2.4.7. That is also true for current versions of the 800 Series and 900 Series firmware. Best source for information on Cipher Negotiation information I have found is https://community.openvpn.net/openvpn/wiki/CipherNegotiation
Would have to know the client version of OpenVPN to figure out which part of this page applies, correct? It is an interesting question how the owner of a residential WiFi router would be prohibited from installing whatever version of OpenVPN they wanted. One suspects (a) the goal is to connect to home from a work computer or network that is highly restricted, or (b) the Orbi is not in a residential location -- (nah).
I recently ran across a variation of this issue in the opposite direction. The FileZilla FTP folks released a new version and they decided to reject connections from clients that cannot do the latest encryption. My security cameras FTP file motion captures and they (obviously) did not write their own FTP module. Whatever they included in the camera firmware does not support the latest encryption, so FileZilla rejects attempts to connect.
The bottom line remains: the user has no ability to modify the OpenVPN firmware or parameters passed to it when started.
