Custom algorithm as cipher option

How to customize and extend your OpenVPN installation.
Post Reply
rafael-at
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 18, 2020 2:24 pm

Custom algorithm as cipher option

Post by rafael-at » Thu Jun 18, 2020 2:38 pm

Suppose i want to work with a different algorithm in the symmetrical communication between client and server in a openvpn tunnel. The page about changing encryption cipher in access server gives a list of allowed ciphers, but, in the case that i want to use a non-standard custom made algorithm to encrypt and decrypt messages sent through the VPN tunnel, what would be the steps to be done to make such algorithm available on the openvpn?

I initially thought about 2 options:
- Create an application to simulate a cryptographic token and insert my custom made algorithm in the PKCS11 functions, managing also the certificate and key stored on the server/client and use the generated ".so" as a pkcs11 token to feed the server and client configuration files.
- Modify openSSL library to integrate my custom cipher, such as described here, so my algorithm shows as an option for --cipher in server and client configuration files.

I am aware of the benefits of using an algorithm such as AES to manage the encryption, but would any of the 2 options above work to include a custom algorithm?

Thanks in advance.
Last edited by Pippin on Thu Jun 18, 2020 2:52 pm, edited 1 time in total.
Reason: Fix topic title

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7576
Joined: Fri Jun 03, 2016 1:17 pm

Re: Custom algorithm as cipher option

Post by TinCanTech » Thu Jun 18, 2020 5:20 pm

All encryption in OpenVPN is provided by the SSL library.

One of:
  • OpenSSL
  • PolarSSL
  • LibreSSL
  • WolfSSL
So if you want to write your own cipher then that is where you start. Your second option above..

And [ oconf ] is a BBCode for OpenVPN configuration files which removes private user keys.

It does not work in a subject field ... :roll:

Looking forward to hearing more about your new cipher ..

rafael-at
OpenVpn Newbie
Posts: 2
Joined: Thu Jun 18, 2020 2:24 pm

Re: Custom algorithm as cipher option

Post by rafael-at » Fri Jun 19, 2020 12:21 pm

Thank you for the reply, sorry i got a little confused by the forum rules.

Post Reply