I recently purchased a subscription to PIA VPN and enabled it on my AC68U using this guide for Merlin firmware. I could not get it to connect, authorization kept failing. The instructions in part are:
I changed negotiable ciphers to AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC, and legacy/fallback cipher from default to AES-128-CBC and everything works as expected. I *assume* that this means means my data is indeed falling back to AES-128-CBC. My question is; Is this an acceptable level of encryption? Is there something else I should change to authenticate at a higher standard?
- Cipher Negotiation: Enable (with fallback)
- Negotiable ciphers: AES-256-GCM, AES-128-GCM
- Legacy/fallback cipher: Default
- TLS control channel security (tls-auth/tls-crypt); Disabled
- Auth Digest: Default
I changed negotiable ciphers to AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC, and legacy/fallback cipher from default to AES-128-CBC and everything works as expected. I *assume* that this means means my data is indeed falling back to AES-128-CBC. My question is; Is this an acceptable level of encryption? Is there something else I should change to authenticate at a higher standard?