RouterOS 7.13.3 and 7.13.4 (updated today) always show null-digest as auth. algorithm for connected users no matter the selected auth option(s). I’ve tested a lot of option combinations, enabled OpenVPN debugging and “verb 4” on the client and I cannot figure out if this is a bug or no auth. algorithm is actually used all the time. All the time is in bold because I’ve never seen the router with the 7.13 showing anything else than null-digest.
At the same time in RouterOS 6.46.8 I see “AES-256-CBC/SHA1”.
Digest (Auth) is not used for GCM ciphers (always null), imho Auth selection should be disabled in window form when only GCM ciphers are selected to avoid confusion.
@optio, thank you for your time and your reply. After your reply I had another question and this is what I’ve found. Thanks again!
When using Galois/Counter Mode (GCM) ciphers with OpenVPN, authentication is performed using the Galois Message Authentication Code (GMAC), which is integrated into the encryption process. Therefore, no separate digest or authentication mechanism is used; it is inherently included in the GCM encryption. As a result, the authentication parameter in the OpenVPN configuration (auth) for GCM ciphers is always set to null.
