VPN Connection information being detected

[pembrokeVPN 1]

Came across this site from the pfSense forum

https://ipx.ac/run

When I connect over AirVPN on my OpenVPN server on pfSense nothing is detected under Network Link. However when I connect over my own OpenVPN connection on pfSense it detects "OpenVPN TCP bs128 SHA256 lzo".

My query is what is the setting on OpenVPN server that prevents connection information from leaking, obviously AirVPN know what they are doing 🙂

[OpenSourcerer 1435]

Could be --tls-crypt. It's encrypting all control channel packets, not only some of them. One of the packet types contains the peer (or client) info, e.g., whether LZO is used.

[pembrokeVPN 1]

Well I'm using tls-crypt on both on own OpenVPN instance and my AirVPN OpenVPN instance.

The way I have setup the two OpenVPN servers are basically identical, so I think there is something on the AirVPN side that prevents some data leakage but it's not obvious what.

[OpenSourcerer 1435]

Hm. Maybe --push-peer-info is enabled on your side?

[pembrokeVPN 1]

Had to look up push peer info, seems like it would present more information about the connection. However, I don't think I have in enabled in the client.

My own OpenVPN client config:
dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM
data-ciphers-fallback AES-256-GCM
auth SHA512
tls-client
client
resolv-retry infinite
remote MY IP ADDRESS 1140 udp4
verify-x509-name "MY OPENVPN" name
auth-user-pass
remote-cert-tls server
comp-lzo no
explicit-exit-notify

My AirVPN client config:
client
dev tun
remote AirVPN Server 443
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
verb 3
explicit-exit-notify 5
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
proto udp
auth SHA512

Now I see my client certs are not so similar, is there anything on my config which stands out or vice versa with the AirVPN config ?