Hey there guys!
im trying to make some wireguard out of openvpn and since release 2.5.0 it can be possible. im already setup ec in easy-rsa instead of rsa and the chacha20Poly1305 chipher and wintun adapter and it works very fast, but it not enough and we have to go deeper. So the next thing in the line is ed25519 curve. As it states in easy-rsa release notes that ed curves been added support in release 3.0.7, openssl 1.1.1i supports it's too - keys are generates, connection is established and everything seems ok, but there is the line in log file that keeps me guessing:
when am using ec in the set_var EASYRSA_ALGO in vars file, the connection log shows me
Code: Select all
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 384 bit EC, curve: secp384r1
but when am switches to ed in set_var EASYRSA_ALGO the log has:
Code: Select all
Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256
and thats it - no curve info, no nothing so i dont know thats ovpn using it or not, well im guessing thats it works 'cause if it doesnt - connection to the server wasnt been established, am i right or right?
additional info that i been googled:
doesnt show the 25519 curve in the list 'cause its not a "standart" curve
https://github.com/openssl/openssl/issu ... -489459074 and this one
https://bugs.debian.org/cgi-bin/bugrepo ... bug=839777, but when you do somethign like this
Code: Select all
openssl list -public-key-algorithms
it shows
Code: Select all
Name: OpenSSL ED25519 algorithm
Type: Builtin Algorithm
OID: ED25519
PEM string: ED25519
Name: OpenSSL ED448 algorithm
Type: Builtin Algorithm
OID: ED448
PEM string: ED448
so my guess thats is openvpn doesnt show curve info in the connection log because it doesnt appear to be in the list in openssl but it supported though
and #2 you cant use ed with curves that in the list 'cause of it
https://github.com/OpenVPN/easy-rsa/blo ... syrsa#L447
So the question is - ovpn works with ed25519 or not? 'cause i dont get it.