Hello Adolf, > On 17 Feb 2023, at 11:46, Adolf Belka wrote: > > Hi All, > > > I got Erik's OpenVPN patchset from some time ago and have created an updated patchset based on the current state of IPFire. Okay. So I suppose it all applied well or you were able to fix any merge conflicts. > I applied those changes to ovpnmain.cgi and en.pl and installed them into a vm clone on my testbed. > > Here are some images of the changes. Basically the ciphers are moved from the main page to an additional ciphers page. Yes, this is something the user ideally does not need to change. I would actually not hesitate too much to just hardcode something as 99% of people will be on the same settings. However, I do not understand why there are different options for the control and data channel. I do not see any reason why I would want different settings because I either support a certain cipher or I don’t. If I consider my data channel “less important” or need more throughput and use AES-128 instead of AES-256, then what is the benefit of keeping the control channel on AES-256? Then there is labelling which isn’t clear to me. I suppose it works as follows: Data Channel is the new setting. It should in theory be possible to select multiple options. Data Channel fallback seems to be what used to be on the front page before and it should only allow to pick one option. If that is the case, then I believe that the UI suggests otherwise. This setting will then also go away with OpenVPN 2.6.0. Is that correct? On the control channel the options are mislabeled. I suppose TLSv3 should be TLSv1.3 and TLSv2 should be TLSv1.2 and possible less?! I don’t really like it that there are two boxes, but since TLSv1.3 does not support many of the cipher suites that TLSv1.2 supports, there might be no easy way around it. TLSv1.2 is on its way out, so we won’t need to support this for forever hopefully. Authentication: If there is only one option, the