OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

OpenVPN connection with authentication but without encryption

https://forums.openvpn.net/viewtopic.php?t=28435

Page 1 of 1

OpenVPN connection with authentication but without encryption

Posted: Fri Jun 07, 2019 8:52 am
by spitkanen
Hi,

I'm using OpenVPN 2.4.6 and I'm trying to create authenticated but unencrypted connections between devices.

My server config looks like this:

Code: Select all

port 1194
proto udp
mode server
tls-server
topology subnet
push "topology subnet"
dev tun
#Keys and certificates
ca /usr/share/vpn/keys/ca.crt
cert /usr/share/vpn/keys/server.crt
key /usr/share/vpn/keys/server.key
dh /usr/share/vpn/keys/dh1024.pem
#Network settings
ifconfig 10.8.0.2 255.255.224.0
push "route-gateway 10.8.0.2"
ifconfig-pool 10.8.0.1 10.8.31.254 255.255.224.0
#Allowing of connections with same common names
duplicate-cn
#Data persisting over reload
persist-key
persist-tun
#Client to client communication
client-to-client
#Encryption
cipher none
#Authentication
auth SHA384
And the config for one substation looks like this:

Code: Select all

client
port 1194
proto udp
topology subnet
dev tun
#Network settings
remote a.b.c.d 1194 # <- Actual IP address of server goes here
#Keys and certificates
ca /usr/share/vpn/keys/ca.crt
cert /usr/share/vpn/keys/5.crt
key /usr/share/vpn/keys/5.key  # This file should be kept secret
#Data persisting over reload
persist-key
persist-tun
#Encryption
cipher none
#Authentication
auth SHA384
The first client to connect works, but every client that connects afterwards does not work. The tunnel is seemingly created successfully:

Code: Select all

5/10.10.32.5:1194 Data Channel: using negotiated cipher 'AES-256-GCM'
5/10.10.32.5:1194 Data Channel MTU parms [ L:1549 D:1450 EF:49 EB:406 ET:0 EL:3 AF:14/121 ]
5/10.10.32.5:1194 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
5/10.10.32.5:1194 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
But when traffic is sent, the following errors are seen in the server logs:

Code: Select all

Float requested for peer 0 to 10.10.32.5:1194
AEAD Decrypt error: cipher final failed
Does anyone have any idea what could be wrong?

Re: OpenVPN connection with authentication but without encryption

Posted: Fri Jun 07, 2019 11:56 am
by TinCanTech
Re: OpenVPN connection with authentication but without encryption

You still have cipher negotiation enabled ..

Re: OpenVPN connection with authentication but without encryption

Posted: Mon Jun 10, 2019 6:57 am
by spitkanen
I have tried disabling cipher negotiation by adding ncp-disable to both the server and clients. But then it does not work with even one client. In the server, I see the following errors when receiving data:

Code: Select all

Authenticate/Decrypt packet error: missing authentication info
And the following errors in the client:

Code: Select all

Authenticate/Decrypt packet error: packet HMAC authentication failed
What else do I need to add/modify to get the connection working with ncp-disable?

Re: OpenVPN connection with authentication but without encryption

Posted: Sun Feb 21, 2021 7:20 am
by rasfar
Did you ever get this working?

I am trying something the same, but cant get it working correctly.

Authentication yes
but Encryption No

The options are all there but it just doesn't work on some devices. Namely my OpenWRT client, my Ubuntu can connect fine...

Re: OpenVPN connection with authentication but without encryption

Posted: Sun Feb 21, 2021 8:24 am
by TinCanTech
If you do not have encryption then it is not a Private network .. virtual or otherwise.

Which is why nobody cares ..
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/