AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
Cipher menu description has been changed for N2N and RW since AES-GCM uses own authentication encryption (GMAC). More information can be found in here https://tools.ietf.org/html/rfc5288 . Added java script snipped to disable HMAC selection for N2N if AES-GCM has been selected. 'auth *' line in N2N.conf won´t be deleted even if AES-GCM is used so possible individual '--tls-auth' configurations won´t broke. 'auth *' line in N2N.conf will also be ignored if AES-GCM is used and no '--tls-auth' are configured. Left HMAC selection menu for Roadwarriors as it was since the WUI do provides '--tls-auth' which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org --- config/rootfiles/common/openssl-compat | 2 -- html/cgi-bin/ovpnmain.cgi | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) delete mode 100644 config/rootfiles/common/openssl-compat
diff --git a/config/rootfiles/common/openssl-compat b/config/rootfiles/common/openssl-compat deleted file mode 100644 index 7ef11e6..0000000 --- a/config/rootfiles/common/openssl-compat +++ /dev/null @@ -1,2 +0,0 @@ -usr/lib/libcrypto.so.10 -usr/lib/libssl.so.10 diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9f5e682..0a18ec7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4543,6 +4543,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
+ $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -4706,7 +4709,10 @@ if ($cgiparams{'TYPE'} eq 'net') { </tr>
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> + <td><select name='DCIPHER' id="n2ncipher" required> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4723,7 +4729,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td>
<td class='boldbase'>$Lang::tr{'ovpn ha'}:</td> - <td><select name='DAUTH'> + <td><select name='DAUTH' id="n2nhmac"> <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> @@ -4737,6 +4743,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; } + +#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM is used, disable HMAC menu +print<<END; + <script> + var disable_options = false; + document.getElementById('n2ncipher').onchange = function () { + if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) { + document.getElementById('n2nhmac').setAttribute('disabled', true); + } else { + document.getElementById('n2nhmac').removeAttribute('disabled'); + } + } + </script> +END + #jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5108,6 +5130,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
+ $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -5204,6 +5229,9 @@ END
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
openssl-compat deletion has been accidentally included in the patch. Will ship a version 2 .
Sorry for that....
Am Mittwoch, den 14.02.2018, 13:45 +0100 schrieb Erik Kapfer:
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
Cipher menu description has been changed for N2N and RW since AES-GCM uses own authentication encryption (GMAC). More information can be found in here https://tools.ietf.org/html /rfc5288 . Added java script snipped to disable HMAC selection for N2N if AES- GCM has been selected. 'auth *' line in N2N.conf won´t be deleted even if AES-GCM is used so possible individual '--tls-auth' configurations won´t broke. 'auth *' line in N2N.conf will also be ignored if AES-GCM is used and no '--tls-auth' are configured. Left HMAC selection menu for Roadwarriors as it was since the WUI do provides '--tls-auth' which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org
config/rootfiles/common/openssl-compat | 2 -- html/cgi-bin/ovpnmain.cgi | 32 ++++++++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 4 deletions(-) delete mode 100644 config/rootfiles/common/openssl-compat
diff --git a/config/rootfiles/common/openssl-compat b/config/rootfiles/common/openssl-compat deleted file mode 100644 index 7ef11e6..0000000 --- a/config/rootfiles/common/openssl-compat +++ /dev/null @@ -1,2 +0,0 @@ -usr/lib/libcrypto.so.10 -usr/lib/libssl.so.10 diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9f5e682..0a18ec7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4543,6 +4543,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked''; + $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -4706,7 +4709,10 @@ if ($cgiparams{'TYPE'} eq 'net') { </tr> <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
<td><select name='DCIPHER'>
<td><select name='DCIPHER' id="n2ncipher" required><option value='AES-256-GCM'$selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option>
<option value='AES-192-GCM'$selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option>
<option value='AES-128-GCM'$selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4723,7 +4729,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td> <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
<td><select name='DAUTH'>
<td><select name='DAUTH' id="n2nhmac"><option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> @@ -4737,6 +4743,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; }
+#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM is used, disable HMAC menu +print<<END;
<script>
var disable_options = false;document.getElementById('n2ncipher').onchange =function () {
if((this.value == "AES-256-GCM"||this.value== "AES-192-GCM"||this.value == "AES-128-GCM")) {
document.getElementById('n2nhmac').setAttribute('disabled', true);
} else {document.getElementById('n2nhmac').removeAttribute('disabled');
}}- </script>
+END
#jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5108,6 +5130,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; + $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -5204,6 +5229,9 @@ END <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'>
<option value='AES-256-GCM'$selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option>
<option value='AES-192-GCM'$selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option>
<option value='AES-128-GCM'$selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
Cipher menu description has been changed for N2N and RW since AES-GCM uses own authentication encryption (GMAC). More information can be found in here https://tools.ietf.org/html/rfc5288 . Added java script snipped to disable HMAC selection for N2N if AES-GCM has been selected. 'auth *' line in N2N.conf won´t be deleted even if AES-GCM is used so possible individual '--tls-auth' configurations won´t broke. 'auth *' line in N2N.conf will also be ignored if AES-GCM is used and no '--tls-auth' are configured. Left HMAC selection menu for Roadwarriors as it was since the WUI do provides '--tls-auth' which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9f5e682..0a18ec7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4543,6 +4543,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
+ $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -4706,7 +4709,10 @@ if ($cgiparams{'TYPE'} eq 'net') { </tr>
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> + <td><select name='DCIPHER' id="n2ncipher" required> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4723,7 +4729,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td>
<td class='boldbase'>$Lang::tr{'ovpn ha'}:</td> - <td><select name='DAUTH'> + <td><select name='DAUTH' id="n2nhmac"> <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> @@ -4737,6 +4743,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; } + +#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM is used, disable HMAC menu +print<<END; + <script> + var disable_options = false; + document.getElementById('n2ncipher').onchange = function () { + if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) { + document.getElementById('n2nhmac').setAttribute('disabled', true); + } else { + document.getElementById('n2nhmac').removeAttribute('disabled'); + } + } + </script> +END + #jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5108,6 +5130,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
+ $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -5204,6 +5229,9 @@ END
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
As a version 3 idea, or might it be possibly a better idea to delete the '--auth *' directive in N2N.conf if AES-GCM has been chosen ? i think it might also be better to integrate '--tls-crypt' --> https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12357.ht... instead of '--tls-auth' to N2N connections which uses a static AES-256-CTR whereby a HMAC can not be selected ?
But also it might be time to delete SHA1 complete from Net-to-Net HMAC selection since this won´t harm old connections but brings a little more security per default ?
Sorry for the back and forth but the way is the goal :D .
Some feedback might be nevertheless nice and important.
Greetings,
Erik
Am Mittwoch, den 14.02.2018, 15:40 +0100 schrieb Erik Kapfer:
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
Cipher menu description has been changed for N2N and RW since AES-GCM uses own authentication encryption (GMAC). More information can be found in here https://tools.ietf.org/html /rfc5288 . Added java script snipped to disable HMAC selection for N2N if AES- GCM has been selected. 'auth *' line in N2N.conf won´t be deleted even if AES-GCM is used so possible individual '--tls-auth' configurations won´t broke. 'auth *' line in N2N.conf will also be ignored if AES-GCM is used and no '--tls-auth' are configured. Left HMAC selection menu for Roadwarriors as it was since the WUI do provides '--tls-auth' which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9f5e682..0a18ec7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4543,6 +4543,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked''; + $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -4706,7 +4709,10 @@ if ($cgiparams{'TYPE'} eq 'net') { </tr> <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
<td><select name='DCIPHER'>
<td><select name='DCIPHER' id="n2ncipher" required><option value='AES-256-GCM'$selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option>
<option value='AES-192-GCM'$selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option>
<option value='AES-128-GCM'$selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4723,7 +4729,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td> <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
<td><select name='DAUTH'>
<td><select name='DAUTH' id="n2nhmac"><option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> @@ -4737,6 +4743,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; }
+#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM is used, disable HMAC menu +print<<END;
<script>
var disable_options = false;document.getElementById('n2ncipher').onchange =function () {
if((this.value == "AES-256-GCM"||this.value== "AES-192-GCM"||this.value == "AES-128-GCM")) {
document.getElementById('n2nhmac').setAttribute('disabled', true);
} else {document.getElementById('n2nhmac').removeAttribute('disabled');
}}- </script>
+END
#jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5108,6 +5130,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED'; + $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -5204,6 +5229,9 @@ END <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'>
<option value='AES-256-GCM'$selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option>
<option value='AES-192-GCM'$selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option>
<option value='AES-128-GCM'$selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
Hi,
On Wed, 2018-02-14 at 20:11 +0100, ummeegge wrote:
As a version 3 idea, or might it be possibly a better idea to delete the '--auth *' directive in N2N.conf if AES-GCM has been chosen ? i think it might also be better to integrate '--tls-crypt' --> https://www.mail-archive.com/openvpn- devel@lists.sourceforge.net/msg12357.html
I do not get any of those arguments in that email. I find that highly useless for a legitimate use of VPNs.
instead of '--tls-auth' to N2N connections which uses a static AES-256-CTR whereby a HMAC can not be selected ?
The counter mode does not provide authentication like GCM does.
But also it might be time to delete SHA1 complete from Net-to-Net HMAC selection since this won´t harm old connections but brings a little more security per default ?
SHA1 is fine when used as a HMAC. Even MD5 is considered secure in that context.
Sorry for the back and forth but the way is the goal :D .
Some feedback might be nevertheless nice and important.
Greetings,
Erik
Am Mittwoch, den 14.02.2018, 15:40 +0100 schrieb Erik Kapfer:
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
Cipher menu description has been changed for N2N and RW since AES-GCM uses own authentication encryption (GMAC). More information can be found in here https://tools.ietf.org/html /rfc5288 . Added java script snipped to disable HMAC selection for N2N if AES- GCM has been selected. 'auth *' line in N2N.conf won´t be deleted even if AES-GCM is used so possible individual '--tls-auth' configurations won´t broke. 'auth *' line in N2N.conf will also be ignored if AES-GCM is used and no '--tls-auth' are configured. Left HMAC selection menu for Roadwarriors as it was since the WUI do provides '--tls-auth' which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9f5e682..0a18ec7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4543,6 +4543,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
@@ -4706,7 +4709,10 @@ if ($cgiparams{'TYPE'} eq 'net') {
</tr>
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> + <td><select name='DCIPHER' id="n2ncipher" required> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4723,7 +4729,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td>
<td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
<td><select name='DAUTH'>
<td><select name='DAUTH' id="n2nhmac"> <option value='whirlpool'$selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> @@ -4737,6 +4743,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; }
+#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM is used, disable HMAC menu +print<<END;
<script>
var disable_options = false;document.getElementById('n2ncipher').onchange =function () {
if((this.value == "AES-256-GCM"||this.value== "AES-192-GCM"||this.value == "AES-128-GCM")) {
document.getElementById('n2nhmac').setAttribute('disabled', true);
} else {document.getElementById('n2nhmac').removeAttribute('disabled');
}}- </script>
+END
#jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5108,6 +5130,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
@@ -5204,6 +5229,9 @@ END
<td class='boldbase'nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'>
<option value='AES-256-GCM'$selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option>
<option value='AES-192-GCM'$selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option>
<option value='AES-128-GCM'$selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
Hi, and thanks for your feedback.
Am Mittwoch, den 14.02.2018, 20:23 +0000 schrieb Michael Tremer:
Hi,
On Wed, 2018-02-14 at 20:11 +0100, ummeegge wrote:
As a version 3 idea, or might it be possibly a better idea to delete the '--auth *' directive in N2N.conf if AES-GCM has been chosen ? i think it might also be better to integrate '--tls-crypt' --> https://www.mail-archive.com/openvpn- devel@lists.sourceforge.net/msg12357.html
I do not get any of those arguments in that email. I find that highly useless for a legitimate use of VPNs.
Not sure what you exactly mean with 'useless' ?
Just to clarify, --auth HMAC is also used by --tls-auth which serves a separate layer of authentication protection for the control channel (to mitigate DoS attacks and attacks on the TLS stack).
--tls-crypt is a new feature in v2.4 which not only authenticates (like --tls-auth do), but also encrypts the TLS control channel (more privacy) but uses AES-256-CTR instead of the --auth HMAC (also called "poor-man's" post-quantum security).
Both options are currently not available for N2N but may in the future. So i thought it might be better to delete the '--auth HMAC' directive in N2N.conf if GCM has been selected.
instead of '--tls-auth' to N2N connections which uses a static AES- 256-CTR whereby a HMAC can not be selected ?
The counter mode does not provide authentication like GCM does.
Sure CTR is different to GCM but according to OpenVPN-2.4 manpage --> https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage ( under '--tls-crypt keyfile' ) it encrypts but also authenticates. Logs from testings with --tls-crypt, AES-GCM for N2N looked like this:
Apr 7 16:59:58 ipfire UE2n2n[1530]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Apr 7 16:59:58 ipfire UE2n2n[1530]: OpenVPN 2.4.1 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 5 2017
...
Apr 7 16:59:58 ipfire UE2n2n[1531]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Apr 7 16:59:58 ipfire UE2n2n[1531]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Apr 7 16:59:58 ipfire UE2n2n[1531]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Apr 7 16:59:58 ipfire UE2n2n[1531]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
...
Apr 7 17:00:04 ipfire UE2n2n[1531]: Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Apr 7 17:00:04 ipfire UE2n2n[1531]: Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Apr 7 17:00:04 ipfire UE2n2n[1531]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 8192 bit RSA Apr 7 17:00:04 ipfire UE2n2n[1531]: [xxx.xxx-gateway.de] Peer Connection Initiated with [AF_INET]91.192.xxx.xxx:61000 Apr 7 17:00:05 ipfire UE2n2n[1531]: Initialization Sequence Completed
So i would a kind of prepare this a little for a potential future (deleting --auth from N2N.conf if GCM is used) but if there is a decision in the future to use --tls-auth, the HMAC selection makes sense even we use GCM. But since --tls-crypt uses only AES-256-CTR the HMAC selection is useless if GCM has been chosen.
Sorry for the longer term thinking and possible confusions.
Greetings,
Erik
Hi,
On Thu, 2018-02-15 at 07:09 +0100, ummeegge wrote:
Hi, and thanks for your feedback.
Am Mittwoch, den 14.02.2018, 20:23 +0000 schrieb Michael Tremer:
Hi,
On Wed, 2018-02-14 at 20:11 +0100, ummeegge wrote:
As a version 3 idea, or might it be possibly a better idea to delete the '--auth *' directive in N2N.conf if AES-GCM has been chosen ? i think it might also be better to integrate '--tls-crypt' --> https://www.mail-archive.com/openvpn- devel@lists.sourceforge.net/msg12357.html
I do not get any of those arguments in that email. I find that highly useless for a legitimate use of VPNs.
Not sure what you exactly mean with 'useless' ?
I thought some of that is a bit esoteric cryptography.
Hiding the TLS connection makes sense when you are in China behind the big state-run firewall, but that is about it.
I mean I am not against it, but this is pretty useless and probably only creates many confusing configuration options for the average user.
Just to clarify, --auth HMAC is also used by --tls-auth which serves a separate layer of authentication protection for the control channel (to mitigate DoS attacks and attacks on the TLS stack).
--tls-crypt is a new feature in v2.4 which not only authenticates (like --tls-auth do), but also encrypts the TLS control channel (more privacy) but uses AES-256-CTR instead of the --auth HMAC (also called "poor-man's" post-quantum security).
I am never a fan of non-standard cryptography. Has this been properly peer- reviewed?
Both options are currently not available for N2N but may in the future. So i thought it might be better to delete the '--auth HMAC' directive in N2N.conf if GCM has been selected.
GCM already has the authentication built in.
instead of '--tls-auth' to N2N connections which uses a static AES- 256-CTR whereby a HMAC can not be selected ?
The counter mode does not provide authentication like GCM does.
Sure CTR is different to GCM but according to OpenVPN-2.4 manpage --> https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage ( under ' --tls-crypt keyfile' ) it encrypts but also authenticates.
So this is basically using a static key and then running the TLS connection through it? Usually there will be a DH key exchange and a classic TLS connection.
And who wants to use CTR mode when you can have GCM? This can only be to speed things up a bit because messages are now being encrypted twice.
Logs from testings with --tls-crypt, AES-GCM for N2N looked like this:
Apr 7 16:59:58 ipfire UE2n2n[1530]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode Apr 7 16:59:58 ipfire UE2n2n[1530]: OpenVPN 2.4.1 i586-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 5 2017
...
Apr 7 16:59:58 ipfire UE2n2n[1531]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Apr 7 16:59:58 ipfire UE2n2n[1531]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication Apr 7 16:59:58 ipfire UE2n2n[1531]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key Apr 7 16:59:58 ipfire UE2n2n[1531]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
...
Apr 7 17:00:04 ipfire UE2n2n[1531]: Data Channel Encrypt: Cipher 'AES-256- GCM' initialized with 256 bit key Apr 7 17:00:04 ipfire UE2n2n[1531]: Data Channel Decrypt: Cipher 'AES-256- GCM' initialized with 256 bit key Apr 7 17:00:04 ipfire UE2n2n[1531]: Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 8192 bit RSA Apr 7 17:00:04 ipfire UE2n2n[1531]: [xxx.xxx-gateway.de] Peer Connection Initiated with [AF_INET]91.192.xxx.xxx:61000 Apr 7 17:00:05 ipfire UE2n2n[1531]: Initialization Sequence Completed
So i would a kind of prepare this a little for a potential future (deleting --auth from N2N.conf if GCM is used) but if there is a decision in the future to use --tls-auth, the HMAC selection makes sense even we use GCM. But since --tls-crypt uses only AES-256-CTR the HMAC selection is useless if GCM has been chosen.
Let's focus on things that are useful for the average user first. I think --tls- auth does not add anything extra when using GCM, but it doesn't harm anyone either.
The --tls-crypt is something that should never be enabled by default. But if you want to have it, add it.
Sorry for the longer term thinking and possible confusions.
Greetings,
Erik
Hello, first of all. May it is better to wait with the introduction of AES-GCM until OpenSSL-1.1.0g + OpenVPN-2.4.4 has been released, or what do you think ?
On Wed, 2018-02-14 at 20:11 +0100, ummeegge wrote:
As a version 3 idea, or might it be possibly a better idea to delete the '--auth *' directive in N2N.conf if AES-GCM has been chosen ? i think it might also be better to integrate '--tls-crypt' --> https://www.mail-archive.com/openvpn- devel@lists.sourceforge.net/msg12357.html
I do not get any of those arguments in that email. I find that highly useless for a legitimate use of VPNs.
Not sure what you exactly mean with 'useless' ?
I thought some of that is a bit esoteric cryptography.
:D i see, you are also right this is a kind of esoteric in the true sense of the word (designed for or understood by the specially initiated alone ;) .
Hiding the TLS connection makes sense when you are in China behind the big state-run firewall, but that is about it.
Not only, to some extend the Heartbleed vulnerability for example was not exploitable with an active --tls-auth (--tls-crypt serves the same mechanism) --> https://community.openvpn.net/openvpn/wiki/heartbleed but OpenVPN do also strongly encourage to use such protections --> https://community.openvpn.net/openvpn/wiki/Hardening#Useof--tls-auth .
I mean I am not against it, but this is pretty useless and probably only creates many confusing configuration options for the average user.
Have integrated it some months ago in my environment (works here without problems) and it can be activated via one checkbox https://people.ipfire.org/~ummeegge/screenshoots/OpenVPN-2.4_beta2/N2N_tls-c... same like --tls-auth which IPFire serves for Roadwarriors since 2 or 3 years meanwhile.
Just to clarify, --auth HMAC is also used by --tls-auth which serves a separate layer of authentication protection for the control channel (to mitigate DoS attacks and attacks on the TLS stack).
--tls-crypt is a new feature in v2.4 which not only authenticates (like --tls-auth do), but also encrypts the TLS control channel (more privacy) but uses AES-256-CTR instead of the --auth HMAC (also called "poor-man's" post-quantum security).
I am never a fan of non-standard cryptography. Has this been properly peer- reviewed?
I think it has also been reviewed while the v2.4 security evaluation from Quarkslabs and PrivateInternetAccess https://blog.quarkslab.com/resources/2017-05-11-security-assessment-of-openv... take a look into the 'Recommendations' section under '2. Executive Summary' . But it is also meanwhile widely used on other distros e.g. https://redmine.pfsense.org/issues/7071%C2%A0 but also by some VPN providers i think.
Both options are currently not available for N2N but may in the future. So i thought it might be better to delete the '--auth HMAC' directive in N2N.conf if GCM has been selected.
GCM already has the authentication built in.
This are two different layers of security in my opinion whereby both directives do offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation, whereby --tls-crypt encrypts also the control channel. A little deeper explanation can also be found in the hardening wiki or in here http://archive.openvpn.net/pipermail/openvpn-devel/2016-July/024892.html for a little more info causing --tls-crypt .
The --tls-crypt is something that should never be enabled by default. But if you want to have it, add it.
Think so and i haven´t it enabled by default, integrated it in the same way as --tls-auth is already integrated, ticking a checkbox and ready.
But as mentioned this is a future sound of music and i would wait with this since there are more important things i think (--ncp-cipher, AES- GCM integration, deprecated directives such as comp-lzo, ...).
Most important for me was to come to a decision for the AES-GCM patch if i should delete the 'auth' directive (needed only for --tls-auth since it use the same HMAC then the old ciphers) if a GCM cipher has been chosen and i think i will do this to keep the house clean so to say ;-).
Greetings,
Erik
Hi,
this patch is actually quite big and introduces a new feature by adding AES-GCM. It would have been better to get the necessary stuff done first.
On Wed, 2018-02-14 at 15:40 +0100, Erik Kapfer wrote:
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
Cipher menu description has been changed for N2N and RW since AES-GCM uses own authentication encryption (GMAC). More information can be found in here https://tools.ietf.org/html/rfc5288 . Added java script snipped to disable HMAC selection for N2N if AES-GCM has been selected. 'auth *' line in N2N.conf won´t be deleted even if AES-GCM is used so possible individual '--tls-auth' configurations won´t broke. 'auth *' line in N2N.conf will also be ignored if AES-GCM is used and no '--tls-auth' are configured. Left HMAC selection menu for Roadwarriors as it was since the WUI do provides '--tls-auth' which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9f5e682..0a18ec7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -4543,6 +4543,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
@@ -4706,7 +4709,10 @@ if ($cgiparams{'TYPE'} eq 'net') {
</tr>
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> + <td><select name='DCIPHER' id="n2ncipher" required> + <option value='AES-256-GCM' $s elected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option> + <option value='AES-192-GCM' $s elected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option> + <option value='AES-128-GCM' $s elected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option>
This has nothing to do with SHA* and SHA is not being used at all. The message authentication is in GCM and only AES is being use as a cipher in counter mode.
So it would only be AES-GCM (X bit).
Also "with" was not translated.
<option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $sele cted{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $sele cted{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4723,7 +4729,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td>
<td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
<td><select name='DAUTH'>
<td><select name='DAUTH' id="n2nhmac"> <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> @@ -4737,6 +4743,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; }
+#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM is used, disable HMAC menu +print<<END;
<script>
var disable_options = false;document.getElementById('n2ncipher').onchange = function () {if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {
document.getElementById('n2nhmac').setAttribute('disabled', true);
} else {document.getElementById('n2nhmac').removeAttribute('disabled');
}}- </script>
+END
#jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5108,6 +5130,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
@@ -5204,6 +5229,9 @@ END
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'>
<option value='AES-256-GCM'$selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'}) with SHA384</option>
<option value='AES-192-GCM'$selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'}) with SHA256</option>
<option value='AES-128-GCM'$selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'}) with SHA256</option>
Same as above.
<option value='CAMELLIA-256-CBC'$selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
-Michael
Hello,
Am Mittwoch, den 14.02.2018, 20:20 +0000 schrieb Michael Tremer:
Hi,
this patch is actually quite big and introduces a new feature by adding AES-GCM. It would have been better to get the necessary stuff done first.
Should i split the java stuff (if it is in general usefull) in a separate patch ? Can also split N2N from the Roadwarrior patch but trhe changes are pretty equal and straight forward ?
We can leave this patch behind, most important for me was feedback with this. Have send the most necessary stuff already.
Greetings,
Erik
Hi,
On Thu, 2018-02-15 at 06:02 +0100, ummeegge wrote:
Hello,
Am Mittwoch, den 14.02.2018, 20:20 +0000 schrieb Michael Tremer:
Hi,
this patch is actually quite big and introduces a new feature by adding AES-GCM. It would have been better to get the necessary stuff done first.
Should i split the java stuff (if it is in general usefull) in a separate patch ? Can also split N2N from the Roadwarrior patch but trhe changes are pretty equal and straight forward ?
No, leave this in there. That just creates some extra work. But consider that JS is a not a strict requirement in the webUI. And we do have jQuery if you want to use that.
We can leave this patch behind, most important for me was feedback with this. Have send the most necessary stuff already.
Greetings,
Erik
Hello,
#Am Donnerstag, den 15.02.2018, 10:42 +0000 schrieb Michael Tremer:
Hi,
On Thu, 2018-02-15 at 06:02 +0100, ummeegge wrote:
Hello,
Am Mittwoch, den 14.02.2018, 20:20 +0000 schrieb Michael Tremer:
Hi,
this patch is actually quite big and introduces a new feature by adding AES-GCM. It would have been better to get the necessary stuff done first.
Should i split the java stuff (if it is in general usefull) in a separate patch ? Can also split N2N from the Roadwarrior patch but trhe changes are pretty equal and straight forward ?
No, leave this in there. That just creates some extra work.
OK.
But consider that JS is a not a strict requirement in the webUI. And we do have jQuery if you want to use that.
Good to know will give it a try but i need to take a deeper look into the jQuery thing then.
Have also already added your other suggestions for the cipher list description.
Thanks for the feedback.
Greetings,
Erik
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
HMAC selection for N2N will be disabled if AES-GCM is used since GCM provides an own message authentication (GMAC). 'auth *' line in N2N.conf will be deleted appropriately if AES-GCM is used since '--tls-auth' is not available for N2N. HMAC selection menu for Roadwarriors is still available since '--tls-auth' is available for RWs which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org --- html/cgi-bin/ovpnmain.cgi | 84 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 69 insertions(+), 15 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index c52e8ba..ff3d055 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -970,12 +970,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n"; print SERVERCONF "# Cipher\n"; print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n"; - if ($cgiparams{'DAUTH'} eq '') { - print SERVERCONF "auth SHA1\n"; + + # If GCM cipher is used, do not use --auth + if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') || + ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') || + ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) { + print SERVERCONF unless "# HMAC algorithm\n"; + print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n"; } else { - print SERVERCONF "# HMAC algorithm\n"; - print SERVERCONF "auth $cgiparams{'DAUTH'}\n"; + print SERVERCONF "# HMAC algorithm\n"; + print SERVERCONF "auth $cgiparams{'DAUTH'}\n"; } + if ($cgiparams{'COMPLZO'} eq 'on') { print SERVERCONF "# Enable Compression\n"; print SERVERCONF "comp-lzo\n"; @@ -1076,12 +1082,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Cipher\n"; print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n"; print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n"; - if ($cgiparams{'DAUTH'} eq '') { - print CLIENTCONF "auth SHA1\n"; + + # If GCM cipher is used, do not use --auth + if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') || + ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') || + ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) { + print CLIENTCONF unless "# HMAC algorithm\n"; + print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n"; } else { - print CLIENTCONF "# HMAC algorithm\n"; - print CLIENTCONF "auth $cgiparams{'DAUTH'}\n"; + print CLIENTCONF "# HMAC algorithm\n"; + print CLIENTCONF "auth $cgiparams{'DAUTH'}\n"; } + if ($cgiparams{'COMPLZO'} eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\n"; @@ -2198,13 +2210,18 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; } - if ($confighash{$cgiparams{'KEY'}}[39] eq '') { - print CLIENTCONF "# HMAC algorithm\n"; - print CLIENTCONF "auth SHA1\n"; + + # If GCM cipher is used, do not use --auth + if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') || + ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') || + ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) { + print CLIENTCONF unless "# HMAC algorithm\n"; + print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n"; } else { - print CLIENTCONF "# HMAC algorithm\n"; - print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n"; + print CLIENTCONF "# HMAC algorithm\n"; + print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n"; } + if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\n"; @@ -4544,6 +4561,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
+ $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -4629,6 +4649,15 @@ if ($cgiparams{'TYPE'} eq 'net') { } else { print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>"; } + + # If GCM ciphers are in usage, HMAC menu is disabled + my $hmacdisabled; + if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') || + ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') || + ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) { + $hmacdisabled = "disabled='disabled'"; + }; + print <<END; <td width='25%'> </td> <td width='25%'> </td></tr> @@ -4707,7 +4736,10 @@ if ($cgiparams{'TYPE'} eq 'net') { </tr>
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> + <td><select name='DCIPHER' id="n2ncipher" required> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4724,7 +4756,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td>
<td class='boldbase'>$Lang::tr{'ovpn ha'}:</td> - <td><select name='DAUTH'> + <td><select name='DAUTH' id="n2nhmac" $hmacdisabled> <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option> @@ -4738,6 +4770,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; } + +#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM will be used, HMAC menu will be disabled onchange +print<<END; + <script> + var disable_options = false; + document.getElementById('n2ncipher').onchange = function () { + if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) { + document.getElementById('n2nhmac').setAttribute('disabled', true); + } else { + document.getElementById('n2nhmac').removeAttribute('disabled'); + } + } + </script> +END + #jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5109,6 +5157,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
+ $selected{'DCIPHER'}{'AES-256-GCM'} = ''; + $selected{'DCIPHER'}{'AES-192-GCM'} = ''; + $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; @@ -5205,6 +5256,9 @@ END
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
Hi,
I suppose this looks alright.
Does OpenVPN 2.4 support ChaCha20-Poly1305, too?
-Michael
On Sun, 2018-02-25 at 14:49 +0100, Erik Kapfer via Development wrote:
AES-GCM 128, 196 and 256 bit has been added to Net-to-Net and Roadwarrior section.
HMAC selection for N2N will be disabled if AES-GCM is used since GCM provides an own message authentication (GMAC). 'auth *' line in N2N.conf will be deleted appropriately if AES-GCM is used since '--tls-auth' is not available for N2N. HMAC selection menu for Roadwarriors is still available since '--tls-auth' is available for RWs which uses the configuered HMAC even AES-GCM has been applied.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org
html/cgi-bin/ovpnmain.cgi | 84 ++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 69 insertions(+), 15 deletions(-)
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index c52e8ba..ff3d055 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -970,12 +970,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n"; print SERVERCONF "# Cipher\n"; print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
- if ($cgiparams{'DAUTH'} eq '') {
- print SERVERCONF "auth SHA1\n";
- # If GCM cipher is used, do not use --auth
- if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {- print SERVERCONF unless "# HMAC algorithm\n";
- print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n"; } else {
- print SERVERCONF "# HMAC algorithm\n";
- print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
- print SERVERCONF "# HMAC algorithm\n";
- print SERVERCONF "auth $cgiparams{'DAUTH'}\n"; }
- if ($cgiparams{'COMPLZO'} eq 'on') { print SERVERCONF "# Enable Compression\n"; print SERVERCONF "comp-lzo\n";
@@ -1076,12 +1082,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Cipher\n"; print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n"; print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
- if ($cgiparams{'DAUTH'} eq '') {
- print CLIENTCONF "auth SHA1\n";
- # If GCM cipher is used, do not use --auth
- if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {- print CLIENTCONF unless "# HMAC algorithm\n";
- print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n"; } else {
- print CLIENTCONF "# HMAC algorithm\n";
- print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
- print CLIENTCONF "# HMAC algorithm\n";
- print CLIENTCONF "auth $cgiparams{'DAUTH'}\n"; }
- if ($cgiparams{'COMPLZO'} eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\n";
@@ -2198,13 +2210,18 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; }
- if ($confighash{$cgiparams{'KEY'}}[39] eq '') {
- print CLIENTCONF "# HMAC algorithm\n";
- print CLIENTCONF "auth SHA1\n";
- # If GCM cipher is used, do not use --auth
- if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {print CLIENTCONF unless "# HMAC algorithm\n";print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n";
- print CLIENTCONF "# HMAC algorithm\n";
- print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
print CLIENTCONF "# HMAC algorithm\n";print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";- if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\n";
@@ -4544,6 +4561,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
@@ -4629,6 +4649,15 @@ if ($cgiparams{'TYPE'} eq 'net') { } else { print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>"; }
# If GCM ciphers are in usage, HMAC menu is disabledmy $hmacdisabled;if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {$hmacdisabled = "disabled='disabled'";};print <<END; <td width='25%'> </td> <td width='25%'> </td></tr>@@ -4707,7 +4736,10 @@ if ($cgiparams{'TYPE'} eq 'net') {
</tr>
<tr><td class='boldbase'>$Lang::tr{'cipher'}</td> - <td><select name='DCIPHER'> + <td><select name='DCIPHER' id="n2ncipher" required> + <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option> + <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option> + <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option> @@ -4724,7 +4756,7 @@ if ($cgiparams{'TYPE'} eq 'net') { </td>
<td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
<td><select name='DAUTH'>
<td><select name='DAUTH' id="n2nhmac" $hmacdisabled> <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option> <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option> <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>@@ -4738,6 +4770,22 @@ if ($cgiparams{'TYPE'} eq 'net') { END ; }
+#### JAVA SCRIPT #### +# Validate N2N cipher. If GCM will be used, HMAC menu will be disabled onchange +print<<END;
<script>
var disable_options = false;document.getElementById('n2ncipher').onchange = function () {if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {document.getElementById('n2nhmac').setAttribute('disabled', true);} else {document.getElementById('n2nhmac').removeAttribute('disabled');}}- </script>
+END
#jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; @@ -5109,6 +5157,9 @@ END $selected{'DPROTOCOL'}{'tcp'} = ''; $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
- $selected{'DCIPHER'}{'AES-256-GCM'} = '';
- $selected{'DCIPHER'}{'AES-192-GCM'} = '';
- $selected{'DCIPHER'}{'AES-128-GCM'} = ''; $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
@@ -5205,6 +5256,9 @@ END
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td> <td><select name='DCIPHER'>
<option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option><option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option><option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option> <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option> <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option> <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
Hi Michael,
Am Sonntag, den 25.02.2018, 17:06 +0000 schrieb Michael Tremer via Development:
Hi,
I suppose this looks alright.
OK
Does OpenVPN 2.4 support ChaCha20-Poly1305, too?
Yes, but i think only via the '--tls-cipher' directive which IPFire currently do not supports via WUI. Made a quick try over the server.conf.local and the additional configuration.
server.conf.local entries:
tls-version-min 1.2 tls-cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
whereby the server logs points the following out:
Feb 26 07:19:47 ipfire-prime openvpnserver[10190]: cipher_list = 'TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256'
But in general we step into a new crypto era with OpenVPN since ECC is now fully integrated in OpenVPN.
Under the hood we will discover now also ECDHE for the control channel without changing anything so the EC crypto is now partly available with Core 120.
But pure elliptic curve crypto is also possible e.g. https://forums.openvpn.net/viewtopic.php?t=23227 but this would be a huge amount of changes in ovpnmain.cgi but may it is worth it. Let´s see...
-Michael
Greetings,
Erik
Hi,
some ECC in OpenVPN would be really nice. We have that in IPsec for quite a while now and it makes the tunnels come up a lot faster and we can assume that it is more secure, too.
ChaCha20-Poly1305 is quite interesting, too. It is an AEAD just like AES-*-GCM. It is supposed to be really fast on mobile devices and an alternative to AES. We only have one other alternative to AES which is Camellia. But that one does not seem to receive a lot of love these days.
In contrast to Camellia, AES is usually hardware-accelerated whereas ChaCha20 can be implemented very efficiently in software that it does not consume too much CPU time at all. Perfect for mobile to save battery life.
Probably there is not very good support for ChaCha20-Poly1305 out there. So AES will be the default, but we would have a very good alternative for anyone who know what they are doing.
Best, -Michael
On Mon, 2018-02-26 at 07:48 +0100, ummeegge wrote:
Hi Michael,
Am Sonntag, den 25.02.2018, 17:06 +0000 schrieb Michael Tremer via Development:
Hi,
I suppose this looks alright.
OK
Does OpenVPN 2.4 support ChaCha20-Poly1305, too?
Yes, but i think only via the '--tls-cipher' directive which IPFire currently do not supports via WUI. Made a quick try over the server.conf.local and the additional configuration.
server.conf.local entries:
tls-version-min 1.2 tls-cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
whereby the server logs points the following out:
Feb 26 07:19:47 ipfire-prime openvpnserver[10190]: cipher_list = 'TLS-ECDHE- RSA-WITH-CHACHA20-POLY1305-SHA256'
But in general we step into a new crypto era with OpenVPN since ECC is now fully integrated in OpenVPN.
Under the hood we will discover now also ECDHE for the control channel without changing anything so the EC crypto is now partly available with Core 120.
But pure elliptic curve crypto is also possible e.g. https://forums.openvpn.net/viewtopic.php?t=23227 but this would be a huge amount of changes in ovpnmain.cgi but may it is worth it. Let´s see...
-Michael
Greetings,
Erik
Hi Michael,
Am Montag, den 26.02.2018, 10:24 +0000 schrieb Michael Tremer via Development:
Hi,
some ECC in OpenVPN would be really nice. We have that in IPsec for quite a while now and it makes the tunnels come up a lot faster and we can assume that it is more secure, too.
I can confirm this here too, the key exchange on IPFires updated OpenVPN looks now like this
Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 8192 bit RSA
even i used 8192 bit in my testing scenario (normally 2048 bit) the connection build up and the key exchange is really fast.
ChaCha20-Poly1305 is quite interesting, too. It is an AEAD just like AES-*-GCM. It is supposed to be really fast on mobile devices and an alternative to AES. We only have one other alternative to AES which is Camellia. But that one does not seem to receive a lot of love these days.
Seed is also available which did not marked as 'weak' but possibly not as widely used as the others i think. A modern cipher usage from Mozilla can be found in here --> https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility whereby there are some limitations for IPFire since we do not have currently the possiblity for ECDSA instead of RSA, also OpenVPN limits at this time character lenght to 256 'Maximum optione line length (256) exceeded' which should be a known bug and also a fixed one https://community.openvpn.net/openvpn/ticket/631 but it appears again in 2.4.4 . Checked it and this
ipfire-server openvpnserver[16775]: cipher_list = 'TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256'
was the maximum.
In contrast to Camellia, AES is usually hardware-accelerated whereas ChaCha20 can be implemented very efficiently in software that it does not consume too much CPU time at all. Perfect for mobile to save battery life.
Probably there is not very good support for ChaCha20-Poly1305 out there. So AES will be the default, but we would have a very good alternative for anyone who know what they are doing.
If someone wants to use ChaCha20-Poly1305 this should be no problem via via the "Additional configuration".
May we should set also AES-256-GCM as default cipher instead of AES- 256-CBC in ovpnmain.cgi ?!
ECDSA instead of RSA might be also worth to think about but as i said, this implies huge changes.
Best, -Michael
On Mon, 2018-02-26 at 07:48 +0100, ummeegge wrote:
Hi Michael,
Am Sonntag, den 25.02.2018, 17:06 +0000 schrieb Michael Tremer via Development:
Hi,
I suppose this looks alright.
OK
Does OpenVPN 2.4 support ChaCha20-Poly1305, too?
Yes, but i think only via the '--tls-cipher' directive which IPFire currently do not supports via WUI. Made a quick try over the server.conf.local and the additional configuration.
server.conf.local entries:
tls-version-min 1.2 tls-cipher TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
whereby the server logs points the following out:
Feb 26 07:19:47 ipfire-prime openvpnserver[10190]: cipher_list = 'TLS-ECDHE- RSA-WITH-CHACHA20-POLY1305-SHA256'
But in general we step into a new crypto era with OpenVPN since ECC is now fully integrated in OpenVPN.
Under the hood we will discover now also ECDHE for the control channel without changing anything so the EC crypto is now partly available with Core 120.
But pure elliptic curve crypto is also possible e.g. https://forums.openvpn.net/viewtopic.php?t=23227 but this would be a huge amount of changes in ovpnmain.cgi but may it is worth it. Let´s see...
-Michael
Greetings,
Erik
-
Erik Kapfer -
Michael Tremer -
ummeegge