By default OpenVPN Access Server uses the cipher BF-CBC. This stands for Blow-Fish Cipher-Block Chaining and is a very secure method of continuously encrypting data in the OpenVPN tunnel. Sometimes for performance reasons or other considerations people want to change the encryption cipher. In order to change the cipher in OpenVPN Access Server you will need to add the following line to both the client and server config directives via the Advanced VPN page:
cipher ciphername (in the Server and Client Config Directives textboxes)
If we wanted to enable the AES-256 cipher we would add the following line:
Then click Save Settings, and Update Running Server. Access Server will now use the updated cipher.
Although this is not recommended, certain special configurations might not require encryption when using OpenVPN Access Server. To completely disable encryption you can add the following lines on the AWS, under Advanced VPN, Client and Server Config Directives:
Note: "auth none" disables packet authentication and "cipher none" disables encryption.