OpenVPN server Ubuntu 16.04 (xenial) TLS 1.3 connection
Posted: Tue Jul 24, 2018 10:37 am
I am running on my Ubuntu 16.04 (xenial) an OpenVPN server using the OpenVPN community build script provided : https://community.openvpn.net/openvpn/w ... system#no1
Running the command: IMAGEROOT=`pwd`/image-native ./build gives me the following specs of OpenVPN:
Since OpenVPN 2.4.5 there is support for TLS 1.3 in tls-version-{min,max} added (https://community.openvpn.net/openvpn/w ... enVPN2.4.5)
This is discussed in mailinglist (https://sourceforge.net/p/openvpn/mailm ... karger.me/)
When I run the server with the default configuration
Everything works and I am able to create a connection.
However when i ad the option tls-version-min 1.3 i get the Error:
When i instead use the tls-version-min 1.2 option everything works fine again.
My Question:
What do I have to change in my setup, to create a working OpenVPN server where you can connect to with a TLS 1.3 connection?
Running the command: IMAGEROOT=`pwd`/image-native ./build gives me the following specs of OpenVPN:
Code: Select all
#openvpn --version
OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 24 2018
library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10
Originally developed by James Yonan
Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=no enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_
install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs
11=yes enable_plugin_auth_pam=no enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_snappy=no enable_stat
ic=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_special_build= wit
h_sysroot=no
This is discussed in mailinglist (https://sourceforge.net/p/openvpn/mailm ... karger.me/)
When I run the server with the default configuration
Code: Select all
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
tls-auth ta.key 0 # This file is secret
key-direction 0
keepalive 10 120
auth SHA256
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
However when i ad the option tls-version-min 1.3 i get the Error:
When i instead use the tls-version-min 1.2 option everything works fine again.
My Question:
What do I have to change in my setup, to create a working OpenVPN server where you can connect to with a TLS 1.3 connection?