OpenVPN Client Key Generation - 3DES?

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
pi_user
OpenVpn Newbie
Posts: 1
Joined: Thu Jul 21, 2016 8:01 pm

OpenVPN Client Key Generation - 3DES?

Post by pi_user » Thu Jul 21, 2016 8:16 pm

I'm setting up OpenVPN on a Raspberry Pi 3 for use from an iPhone/iPad via OpenVPN Connect. I'm brand new to the Raspberry Pi and while I have a basic understanding of encryption concepts, I'm pretty new to it all. I've been following several very helpful guides, including these:

http://www.bbc.co.uk/news/technology-33548728
https://www.raspberrypi.org/forums/view ... hp?t=81657
http://readwrite.com/2014/04/10/raspber ... -browsing/

My question is about the following command applied to the client keys, contained in a couple of the guides (this specific line is from the readwrite.com link above):

Code: Select all

openssl rsa -in Client1.key -des3 -out Client1.3des.key
Some of the guides contain this step, but some do not. The justification in those that do is (something like) iOS devices won't be able to parse the key created by

Code: Select all

./build-key-pass [User_Name]
and therefore a 3DES encrypted version of the key must be created for use in iOS.

But I'm confused by some guides skipping this step, and I thought that 3DES was no longer recommended for use. Can anyone explain why it's required? And whether it's still required in iOS 9? If so, would it now be better to use AES instead of 3DES?

Apologies if I've missed something fundamental, or if this is already covered elsewhere - I've looked but failed to find the answer. Thanks in advance!
Top
TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Client Key Generation - 3DES?

Post by TinCanTech » Fri Jul 22, 2016 4:45 pm

I would use easyrsa to create your full PKI and then try the iOS client cert/key .. I would be surprised if does not work.
Top
Post Reply

Return to “OpenVPN Connect (iOS)”