OpenVPN's default logging level does not report the cipher being used for the data channel.  This can leave some question as to what is being used.


If you'd like to verify the cipher that is being negotiated, you'll need to change OpenVPN's logging level by editing your clientpack file.


We need to set verbosity level three; adding the line below to your client's OpenVPN configuration will accomplish that.


verb 3


Once that is done and you stop/start the OpenVPN process, you will see something like the following in your OpenVPN log:


Data Channel: using negotiated cipher 'AES-256-GCM'

Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key


In that example, OpenVPN is using AES256-GCM encryption for data in transit.