OpenVPN Support Forum

My openvpn AS server is enforcing server settings and demands 448 keysize for BF-CBC. I have importted a profile from openvpn AS to my iphone. The connection disconnects and server logs says iphone tried 128 keysize which does not comply with the 448 keysize on the server.

Phone log shows the keysize is read from the profile, but never used on the tunnel

log from the phone:

2017-10-27 12:00:30 ----- OpenVPN Start ----- OpenVPN core 3.1.2 ios arm64 64-bit built on Dec 5 2016 12:50:25
2017-10-27 12:00:30 Frame=512/2048/512 mssfix-ctrl=1250
2017-10-27 12:00:30 UNUSED OPTIONS
3 [nobind]
15 [tls-version-min] [1.0] [or-highest]
17 [sndbuf] [100000]
18 [rcvbuf] [100000]
21 [verb] [3]
26 [key-direction] [1]
28 [auth-retry] [interact]
29 [tls-exit]
31 [keysize] [448]
38 [CLI_PREF_ALLOW_WEB_IMPORT] [True]
39 [CLI_PREF_BASIC_CLIENT] [False]
40 [CLI_PREF_ENABLE_CONNECT] [True]
41 [CLI_PREF_ENABLE_XD_PROXY] [True]
42 [WSHOST] [xxx.com:8443]
43 [WEB_CA_BUNDLE] [-----BEGIN CERTIFICATE----- MIIF/zCCA+egAwIBAgIBQTANBgkqhkiG9w0B...]
44 [IS_OPENVPN_WEB_CA] [0]
46 [ORGANIZATION] [xxx ltd]

2017-10-27 12:00:30 EVENT: RESOLVE
2017-10-27 12:00:30 Contacting xxx:1194 via UDP
2017-10-27 12:00:30 EVENT: WAIT
2017-10-27 12:00:30 SetTunnelSocket returned 1
2017-10-27 12:00:30 Connecting to [xxx.com]:1194 (xxx) via UDPv4
2017-10-27 12:00:30 EVENT: CONNECTING
2017-10-27 12:00:30 Tunnel Options:V4,dev-type tun,link-mtu 1554,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher BF-CBC,auth SHA256,keysize 128,tls-auth,key-method 2,tls-client
2017-10-27 12:00:30 Creds: Username/Password
2017-10-27 12:00:30 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.1.1-212
IV_VER=3.1.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO=1
IV_LZO_SWAP=1
IV_LZ4=1
IV_LZ4v2=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_BS64DL=1

2017-10-27 12:00:30 VERIFY OK: depth=1
cert. version : 3
serial number : 56:14:E1:FC
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN CA
issued on : 2015-09-30 09:12:28
expires on : 2025-10-04 09:12:28
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

2017-10-27 12:00:30 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : CN=OpenVPN CA
subject name : CN=OpenVPN Server
issued on : 2015-09-30 09:12:28
expires on : 2025-10-04 09:12:28
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
cert. type : SSL Server

2017-10-27 12:00:30 SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
2017-10-27 12:00:30 Session is ACTIVE
2017-10-27 12:00:30 EVENT: GET_CONFIG
2017-10-27 12:00:30 Sending PUSH_REQUEST to server...
2017-10-27 12:00:30 AUTH_FAILED
2017-10-27 12:00:30 EVENT: AUTH_FAILED [ERR]
2017-10-27 12:00:30 EVENT: DISCONNECTED

log line from server:

WARNING: 'keysize' is used inconsistently, local='keysize 448', remote='keysize 128'"
Option inconsistency warnings triggering disconnect due to --opt-verify'

Is this key size requirement something you added yourself, and if so, how exactly?

The cipher in openvpn AS is set to BF-CBC and keysize to 448. When the VPN profile is created for the user these settings are exported into the profile.

--opt-verify makes sure that the client must comply with the settings. Why is the tunnel using keysize 128?

If I remove the cipher and/or keysize setting from the profile OpenVPN ios app still tries to use keysize 128 and the connection fails

Okay, so, when I connect my OpenVPN Connect for iOS app to Access Server, it connects just fine.

Are you telling me that your Access Server has standard settings and you cannot connect?

/advanced_vpn page Server Config Directives and Client Config Directives

cipher BF-CBC
keysize 448

I think we either have the keysize set OR it has been changed from 128 to 448

can you check your settings? Is the keysize set at all?

Right, so, I've checked with 'the guys', and it turns out that parameter is deprecated and on its way out, and will not work on the new OpenVPN 3.0 core being used on iOS and Android and some other client software as well. So, sorry, but, you can't use that keysize directive.

ps; reason is that we're moving to a model with ciphers that have their key size already configured. Like AES-256-CBC, AES-128-CBC, and also the newer ones with GCM and so on. So to select a cipher with a bigger size, you select the correctly named cipher. And so keysize becomes irrelevant in the future.

Also, a friend of mine says you should 'suffer a little' for using the keysize 448 directive, which I'm sure he means in jest.

Oh damn. Well we suffer alot atm.

Our server has the --opt-verify on and BF-CBC with 448 keysize. This means the client has to comply. Now that the IOS app only opens the tunnel with 128 keysize we have a problem. We can't change the server config without changing 300 client laptop configs

We could of course remove the --opt-verify from the server, but that would lead to security issues.

'the guys' told me that the option for the server to support default (BF-CBC) and other ciphers might come before xmass 2017. So we will wait for that

Once negotiable crypto parameters is in effect I think you can allow new ciphers while also allowing older ciphers to connect. Meaning that you can then start converting people with iOS app to the new ciphers and get them connected, while older systems with Windows client software that are able to connect now, can still connect without a reinstall. I think that's possible anyways.