![pia vpn client pia vpn client](https://everythingsmarthome.co.uk/content/images/2022/01/pia-pfsense-vpn-client-cryptographic-settings.png)
![pia vpn client pia vpn client](https://sc.filehippo.net/images/t_app-cover-m,f_auto/p/8e87d23a-a4e6-11e6-ae72-00163ed833e7/3457020838/private-internet-access-vpn-for-mac-screenshot.png)
This tells me OpenVPN 2.5 has separated what they believe is "secure" and "unsecure" connections based off their initial negotiated cipher and don't allow switching a tunnel from one to the other. I even tried using auth sha256 as well but same result. According to the logs when connecting to these servers OpenVPN 2.5 opens the tunnel with PIA server, but when switching between BF-CBC to AES-256-CBC or AES-128-CBC closes the tunnel (log says it needs to be reopened to use the different cipher) and the connection fails. All of these older strong and standard connection files connect to the same servers and the only difference is which cipher is being specified the connection should use. I had a chance to do some testing using data-cipher AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC on Standard Fourth Gen and Third Gen Strong config files. I'm a noob when it comes to linux and freebsd, maybe someone with more experience can figure it out. All the docs show it being used in the command line before specifying the config file but since were running OpenVPN as a service I know it will need to be done differently and I couldn't get it to work. I did read the OpenVPN 2.5 setup documents and did try to specify -data-cipher to specify "AES-256-GCM:AES-128-GCM:AES-256-CBC:BF-CBC " because the OpenVPN log entries showed it was initially trying to use BF-CBC ( is one of the ciphers removed from the default setup in 2.5) -> I couldn't get this to work. And now of course now I just create my own nf and paste in the contents of the Gen4 Strong connection file. I've always had to change dev tun to dev tun32 to connect to PIA. I used this procedure for the most part: Mine is a Transmission Jail with OpenVPN installed on it to VPN to PIA.