I have been using OpenVPN GUI on Windows.
I have taken the above 64bit binaries, and replaced the ones that ship with OpenVPN GUI.
I have copied a config file, and added/changed the following:
cipher aes-256-cbc
auth sha256
ca ca_rsa4096.crt #got this file from the patch archive above
pia-signal-settings
link-mtu 1542
I can connect to the VPN fine (to remote aus.privateinternetaccess.com on port 1194), however I get the following warnings:
NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1472)
CRL: CRL crl.pem is from a different issuer than the issuer of certificate /C=US/ST=CA/L=LosAngeles/O=Private_Internet_Access/OU=Private_Internet_Access/CN=Private_Internet_Access/name=Private_Internet_Access/emailAddress=secure@privateinternetaccess.com
WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1472', remote='tun-mtu 1500'
WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Does the above log mean that SHA256/AES256 are not being used?
Does it use the server settings instead?
Should I be connecting on a different port number or change my config in some way?
I'm also wondering if there are any changes to my MTU I should make? I'm on ADSL2, and my MTU is 1492. If setting it to something more appropriate in the OpenVPN connection config file will result in less fragmentation I'm happy to take suggestions!