Can I use 256 bit AES encryption with pfsense instead of blowfish (using openvpn)?

[RL600]

Dear all,

I have installed pfsense on an ESXI server.
I purchased an private internet access VPN connection.

Now I want to connect my pfsense using openvpn with the private internet access.
When I try the encryptions only blowfish (BF-CBC 128 bit) works!
When I try the AES 128 bit encryption it does not connect to PIA.
After founding this out I got two questions:

1.) Is it true that PIA does not support AES 128 bit encryption when using openVPN?
2.) Blowfish is a lot older then AES, but is AES better then Blowfish or not?

Thanks in advanced!

 

[Dreamslacker]

Dear all,

I have installed pfsense on an ESXI server.
I purchased an private internet access VPN connection.

Now I want to connect my pfsense using openvpn with the private internet access.
When I try the encryptions only blowfish (BF-CBC 128 bit) works!
When I try the AES 128 bit encryption it does not connect to PIA.
After founding this out I got two questions:

1.) Is it true that PIA does not support AES 128 bit encryption when using openVPN?
2.) Blowfish is a lot older then AES, but is AES better then Blowfish or not?

Thanks in advanced!

1) It depends on your VPN service provider. You will need to ask them what encryption standards they support and adjust the setting in pfSense accordingly. VPN providers generally will support AES-256 (you can try this but should check with your provider just to be sure).

2) Neither is exactly better than the other as long as it's the same key size.
AES can be accelerated by AES-NI (not applicable for you since it's a ESXI environment) whilst BF requires less resources especially at the lower-end of the spectrum.