OpenVPN 2.4 and pure elliptic curve crypto setup

[matt3226]

Okay, quick update:

I seem to have fixed it by simply changing from:

Code: Select all

ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf

TO

Code: Select all

ExecStart=/usr/local/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf

The thing is, before this change, my tun0 interface was not showing up on reboot indicating that my openvpn wasn't starting up properly. After making the change and doing a reboot, the tun0 interface shows up like before !

So I guess the new 2.4.3 binary is at /usr/local/sbin/openvpn and the old one was at /usr/sbin/openvpn

My recompile with systemd failed, and this still works? Does it mean that recompiling with systemd is not required? All that is needed was to make the changes above..

[matt3226]

I might as well post my server/client conf and logs:

View Original Server.conf

dev tun
proto tcp
port 666
compress lz4
tls-server
ca /etc/openvpn/ECC/ca.crt
cert /etc/openvpn/ECC/EC-test.crt
key /etc/openvpn/ECC/EC-test.key
tls-crypt /etc/openvpn/ECC/ta.key
dh none
ecdh-curve secp521r1
auth SHA512
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
cipher AES-256-GCM
ncp-ciphers AES-256-GCM
tls-version-min 1.2
persist-key
persist-tun
server 10.8.0.0 255.255.255.0
push "compress lz4"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
user nobody
group nogroup
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 3

View Original Client

client
dev tun
remote no-ip-domain 666 tcp
resolv-retry infinite
compress lz4
nobind
verify-x509-name EC-test name
remote-cert-tls server
auth SHA512
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
cipher AES-256-GCM
tls-version-min 1.2
persist-key
persist-tun
verb 3
auth-nocache
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<tls-crypt>
</tls-crypt>

Logs:

View Original Server logs

Tue Jul 18 10:51:19 2017 TCP connection established with [AF_INET]192.168.1.1:51749
Tue Jul 18 10:51:20 2017 192.168.1.1:51749 TLS: Initial packet from [AF_INET]192.168.1.1:51749, sid=d7a8641f 4ed05a82
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 VERIFY OK: depth=1, CN=EC-test
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 VERIFY OK: depth=0, CN=test1
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_VER=2.4.3
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_PLAT=win
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_PROTO=2
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_NCP=2
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_LZ4=1
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_LZ4v2=1
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_LZO=1
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_COMP_STUB=1
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_COMP_STUBv2=1
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_TCPNL=1
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 peer info: IV_GUI_VER=OpenVPN_GUI_11
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 Control Channel: TLSv1.2, cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384, 521 bit key
Tue Jul 18 10:51:21 2017 192.168.1.1:51749 [test1] Peer Connection Initiated with [AF_INET]192.168.1.1:51749
Tue Jul 18 10:51:21 2017 test1/192.168.1.1:51749 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Tue Jul 18 10:51:21 2017 test1/192.168.1.1:51749 MULTI: Learn: 10.8.0.6 -> test1/192.168.1.1:51749
Tue Jul 18 10:51:21 2017 test1/192.168.1.1:51749 MULTI: primary virtual IP for test1/192.168.1.1:51749: 10.8.0.6
Tue Jul 18 10:51:22 2017 test1/192.168.1.1:51749 PUSH: Received control message: 'PUSH_REQUEST'
Tue Jul 18 10:51:22 2017 test1/192.168.1.1:51749 SENT CONTROL [test1]: 'PUSH_REPLY,compress lz4,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Tue Jul 18 10:51:22 2017 test1/192.168.1.1:51749 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 18 10:51:22 2017 test1/192.168.1.1:51749 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key

View Original Client Logs

Tue Jul 18 02:51:18 2017 OpenVPN 2.4.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 20 2017
Tue Jul 18 02:51:18 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Tue Jul 18 02:51:18 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Enter Management Password:
Tue Jul 18 02:51:18 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Tue Jul 18 02:51:18 2017 Need hold release from management interface, waiting...
Tue Jul 18 02:51:19 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Tue Jul 18 02:51:19 2017 MANAGEMENT: CMD 'state on'
Tue Jul 18 02:51:19 2017 MANAGEMENT: CMD 'log all on'
Tue Jul 18 02:51:19 2017 MANAGEMENT: CMD 'echo all on'
Tue Jul 18 02:51:19 2017 MANAGEMENT: CMD 'hold off'
Tue Jul 18 02:51:19 2017 MANAGEMENT: CMD 'hold release'
Tue Jul 18 02:51:19 2017 MANAGEMENT: CMD 'password [...]'
Tue Jul 18 02:51:19 2017 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jul 18 02:51:19 2017 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jul 18 02:51:19 2017 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Tue Jul 18 02:51:19 2017 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Jul 18 02:51:19 2017 MANAGEMENT: >STATE:1500371479,RESOLVE,,,,,,
Tue Jul 18 02:51:19 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]external ip:666
Tue Jul 18 02:51:19 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Tue Jul 18 02:51:19 2017 Attempting to establish TCP connection with [AF_INET]external ip:666 [nonblock]
Tue Jul 18 02:51:19 2017 MANAGEMENT: >STATE:1500371479,TCP_CONNECT,,,,,,
Tue Jul 18 02:51:20 2017 TCP connection established with [AF_INET]external ip:666
Tue Jul 18 02:51:20 2017 TCP_CLIENT link local: (not bound)
Tue Jul 18 02:51:20 2017 TCP_CLIENT link remote: [AF_INET]external ip:666
Tue Jul 18 02:51:20 2017 MANAGEMENT: >STATE:1500371480,WAIT,,,,,,
Tue Jul 18 02:51:20 2017 MANAGEMENT: >STATE:1500371480,AUTH,,,,,,
Tue Jul 18 02:51:20 2017 TLS: Initial packet from [AF_INET]external ip:666, sid=0d55331e 8a62a69e
Tue Jul 18 02:51:20 2017 VERIFY OK: depth=1, CN=EC-test
Tue Jul 18 02:51:20 2017 VERIFY KU OK
Tue Jul 18 02:51:20 2017 Validating certificate extended key usage
Tue Jul 18 02:51:20 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 18 02:51:20 2017 VERIFY EKU OK
Tue Jul 18 02:51:20 2017 VERIFY X509NAME OK: CN=EC-test
Tue Jul 18 02:51:20 2017 VERIFY OK: depth=0, CN=EC-test
Tue Jul 18 02:51:21 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384
Tue Jul 18 02:51:21 2017 [EC-test] Peer Connection Initiated with [AF_INET]external ip:666
Tue Jul 18 02:51:22 2017 MANAGEMENT: >STATE:1500371482,GET_CONFIG,,,,,,
Tue Jul 18 02:51:22 2017 SENT CONTROL [EC-test]: 'PUSH_REQUEST' (status=1)
Tue Jul 18 02:51:22 2017 PUSH: Received control message: 'PUSH_REPLY,compress lz4,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: compression parms modified
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: route options modified
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: peer-id set
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: adjusting link_mtu to 1627
Tue Jul 18 02:51:22 2017 OPTIONS IMPORT: data channel crypto options modified
Tue Jul 18 02:51:22 2017 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 18 02:51:22 2017 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 18 02:51:22 2017 interactive service msg_channel=0
Tue Jul 18 02:51:22 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=6 HWADDR=c4:e9:84:0d:37:1c
Tue Jul 18 02:51:22 2017 open_tun
Tue Jul 18 02:51:22 2017 TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{09D3110F-A374-4FAC-815E-C165F51F7901}.tap
Tue Jul 18 02:51:22 2017 TAP-Windows Driver Version 9.21
Tue Jul 18 02:51:22 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {09D3110F-A374-4FAC-815E-C165F51F7901} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Tue Jul 18 02:51:22 2017 Successful ARP Flush on interface [10] {09D3110F-A374-4FAC-815E-C165F51F7901}
Tue Jul 18 02:51:22 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jul 18 02:51:22 2017 MANAGEMENT: >STATE:1500371482,ASSIGN_IP,,10.8.0.6,,,,
Tue Jul 18 02:51:27 2017 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Tue Jul 18 02:51:27 2017 C:\Windows\system32\route.exe ADD external ip MASK 255.255.255.255 192.168.1.1
Tue Jul 18 02:51:27 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
Tue Jul 18 02:51:27 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 02:51:27 2017 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jul 18 02:51:27 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jul 18 02:51:27 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 02:51:27 2017 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Tue Jul 18 02:51:27 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jul 18 02:51:27 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 02:51:27 2017 MANAGEMENT: >STATE:1500371487,ADD_ROUTES,,,,,,
Tue Jul 18 02:51:27 2017 C:\Windows\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Tue Jul 18 02:51:27 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Tue Jul 18 02:51:27 2017 Route addition via IPAPI succeeded [adaptive]
Tue Jul 18 02:51:27 2017 Initialization Sequence Completed
Tue Jul 18 02:51:27 2017 MANAGEMENT: >STATE:1500371487,CONNECTED,SUCCESS,10.8.0.6,external ip,666,192.168.1.112,51749

[dariusz]

Well done!

you should still recompile because some things might not work as expected - what you are missing is

sudo apt-get install libsystemd-daemon-dev

[matt3226]

Oh great ! libsystemd-daemon-dev is exactly what I needed, now ./configure --enable-systemd --with-crypto-library=mbedtls works fine !


What's the point of recompiling it so that systemd is enabled?

[TinCanTech]

What's the point of recompiling it so that systemd is enabled?

The openvpn -> systemd code ensures that openvpn correctly notifies systemd of success or failure (It is a little more complicated than that because only specific use cases caused any error which is probably why you do not notice any difference).

Example: https://community.openvpn.net/openvpn/ticket/801

[matt3226]

Okay... that's complicated stuff !

Oh and, anything else to add to both the server and client configs to make it more secure?

[dariusz]

It really depends what you want achieve. Depending on threat level and potential adversaries it might even better not to use Internet at all:) hahaha

Check below if you want tinker more. In general what you've got in your config is more than enough for casual usage.

https://community.openvpn.net/openvpn/wiki/Hardening

https://gist.github.com/pwnsdx/8fc14ee1e9f561a0a5b8

[matt3226]

Thanks for sharing that github link !

Depending on threat level and potential adversaries huh?

From my understanding, the crypto implemented in these systems (like openVPN). Should be (for all practical purposes) secure from anything. I mean anything at all, NSA or huge powerful adversary or not. The crypto as far as I've read around the internet, is very secure.


And to back it up, it's been heavily audited by trusted cryptographers too, and even they agree it is a sound system. So what gives? Why are people assuming that the NSA (or anyone for that matter) is capable of breaking the crypto?

I'm just saying, just some thoughts...

[dariusz]

I would just follow good IT practices. E.g. I've noticed on your screenshot that you do stuff using root account. This is type of things you should worry more than crypto strength:)

Make sure that your openvpn server and client don't have any other vulnerabilities. Keep it patched.

if you want to be super secure I am afraid it will turn into full time job. Even the best configured system today might be compromised tomorrow. Read security blogs and stay on top of new issues - they emerge almost daily.

It is interesting subject but security is much more than choosing the longest possible key:)

Congratulation in making openvpn with ec work!! This is for sure achievement!

[dariusz]

for openvpn just run

man openvpn

and read about available options. There are plenty. But sometimes too much is not good. You can easily weaken security if you don't understand all implications of changing something.

For casual use I would stick to basic configuration.

[matt3226]

Congratulation in making openvpn with ec work!! This is for sure achievement!

Nah, it's all thanks to you ! If you didn't help me troubleshoot, I was likely to have never figured it out (or it could take a really long time )

root account? it's super easy that's why I do it, hate typing in sudo command everytime, just do sudo -s once. Much easier, I only do sudo -s when I'm making lots of changes, typing in sudo command can be very annoying.

I followed the github link and added one more option: reneg-sec 300

Last thing, why did you install the openssl in the /opt directory ? I could just install it anywhere right?

[dariusz]

yes. you can install anywhere

[matt3226]

Okay, great !

I think this thread (and the troubleshooting) is concluded.

It's been great, what an informative thread this is ! There's a tutorial and there's a troubleshooting, just perfect...learned a lot from you !

Thanks a bunch man !

[matt3226]

Okay, so I've started fresh and did the init-pki command

On connect, I get:

Code: Select all

Tue Jul 18 13:45:45 2017 VERIFY OK: depth=1, C=, ST=, L=, CN=vpn-server
Tue Jul 18 13:45:45 2017 VERIFY KU OK
Tue Jul 18 13:45:45 2017 Validating certificate extended key usage
Tue Jul 18 13:45:45 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 18 13:45:45 2017 VERIFY EKU OK
Tue Jul 18 13:45:45 2017 VERIFY X509NAME ERROR: C=, ST=, L=, CN=vpn-server,must be EC-test 
Tue Jul 18 13:45:45 2017 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Tue Jul 18 13:45:45 2017 TLS_ERROR: BIO read tls_read_plaintext error
Tue Jul 18 13:45:45 2017 TLS Error: TLS object -> incoming plaintext read error
Tue Jul 18 13:45:45 2017 TLS Error: TLS handshake failed

I've updated my common name to vpn-server and the one old was EC-test

VERIFY X509NAME ERROR: C=, ST=, L=, CN=vpn-server,must be EC-test


It seems that not everything is switching to the new common name vpn-server, what should I do with this?

I promise this is the last thing !



EDIT: This too, something worth mentioning:

WARNING: mbed TLS builds do not support specifying an ECDH curve, using default curves.

[dariusz]

well... as I told you there are many possible options in openvpn configs. You have to read about them and use accordingly.

For above problem for me it looks that removing

verify-x509-name EC-test name

from client config would solve the issue. But you have to test:)

[matt3226]

I removed it, still showing same problem..rebooted too !

Now it's verify-x509-name vpn-server name

Should work, it worked before..?


EDIT: Okay, I overlooked the most simplest thing, I forgot to import the updated config in the vpn gui !

Fun fact, the ovpn file sizes are smaller too on ECC ! Here's an imgur


Left is old right is new.

[dariusz]

If it worked before it means you changed something - isn't it obvious? Happy debugging:)

Removing it all together is fastest way to fix it. Unless you need it for specific reasons.

[matt3226]

How to make the latest OpenVPN version backwards compatible with older versions?

tls-crypt is not supported on both android and ios at the moment (if using the openvpn connect app)

[dariusz]

the latest OpenVPN is backwards compatible.

If you want use the mix environment with different clients you have to go for the lowest common denominator. Simply only use parameters supported by all versions you have to use.

[yunkpoon2]

Hi, I have tried this configuration and connect to server via Mac client. However, when I try to do the same on iOS client. I get mismatched TLS error from server side log. Any luck?