Display negotiated cipher for NCP OpenVPN connections in Status->OpenVPN
NCP is great. Not knowing what cipher NCP negotiated is less great.
It would be excellent to add something on the OpenVPN status page that showed what cipher was negotiated, similar to what is displayed on the IPSec status page.
#1 Updated by Jim Pingle almost 3 years ago
- Status changed from New to Needs Patch
- Assignee deleted (
- Target version changed from 2.4.0 to Future
We have no way to detect that currently. OpenVPN does not report that in any of their status output. Open a feature request with OpenVPN and if they add it in, we'll display it.
#6 Updated by Jim Pingle almost 3 years ago
"verbosity 4"? As in the system logs? Sure, it's in the logs, sure, but scraping logs isn't proper status output. It should show up in the management status output. For example you connect to the management socket/port and ask for data, like "status 2" and it should output the info there.
That's where the rest of the status output is gleaned from:
: nc -U server2.sock >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info status 2 TITLE,OpenVPN 2.4.0 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 30 2016 TIME,Thu Jan 5 08:59:22 2017,1483624762 HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID CLIENT_LIST,clara.dw.example.com,198.51.100.6:42289,10.163.202.2,2001:470:c614:202::1000,82837,79207,Thu Jan 5 08:50:19 2017,1483624219,UNDEF,1,1 HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t) ROUTING_TABLE,2001:470:c614:202::1000,clara.dw.example.com,198.51.100.6:42289,Thu Jan 5 08:59:22 2017,1483624762 ROUTING_TABLE,10.163.202.2,clara.dw.example.com,198.51.100.6:42289,Thu Jan 5 08:50:19 2017,1483624219 GLOBAL_STATS,Max bcast/mcast queue length,0 END
If they would add a couple more columns to that for the cipher/compression/etc that would be ideal.
#7 Updated by Jeff Wischkaemper almost 3 years ago
The proposal to add the info to status 2 / 3 has been accepted, and may make it into OVPN 2.4.1. I'll update this when the commit happens.