Brume OpenVPN server crypto

I’m a newbie Brume user. I’ve tried it out as a WireGuard and OpenVPN client - both are fast, the former impressively so. But looking at the OpenVPN server side, the crypto seems less than impressive: SHA1 for auth when SHA256 is now the accepted standard and the Blowfish BF-CBC cipher specified in the client ovpn file created by the server which is deprecated because it is insecure.

Is there any way of changing these crypto settings or can we expect these will be brought more up-to-date with current security expectations?

@luochongjun

The default config for OpenVPN needs to be updated

Ok, I’ll update that.

Thanks! It certainly works fine with SHA256 and AES-256 as a client judging from the OpenVPN log on my OpenBSD-based server.

Can I suggest AES-128-CBC as the default cipher? It’s good strength for anything but the most secure traffic without the performance hit of moving to AES-256-CBC or AES-256-GCM.

Thanks!

Richard

I’ve done some more investigation of the Brume OpenVPN server and despite what it says on the config page of the GUI, it doesn’t actually offer Blowfish. Here’s the list of supported crypto algorithms. May I suggest the client config is updated to reflect what is actually available: AES-128-GCM-SHA256 is available for both TLS 1.2 and 1.3 so seems a good option!

root@GL-MV1000:~# openvpn --show-tls
Available TLS Ciphers, listed in order of preference:

For TLS 1.3 and newer (–tls-ciphersuites):

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

For TLS 1.2 and older (–tls-cipher):

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-CBC-SHA

Technically the best cipher for both TLS1.2 and TLS1.3 is TLS_CHACHA20_POLY1305_SHA256 and TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 respectively, as they offer the fastest software based decoding, since the GL routers don’t have a dedicated AES instruction on the processor. This is also why wireguard is much faster than OpenVPN with default config. AES is the best for VPN from PC to PC for example, where Intel and AMD processors have AES instructions.

Ah thanks. Good info. I had actually been trying to find out whether the Armada 3720 had hardware support for AES!

And yes, I’m a great WireGuard fan. On tests I’m getting about 140MBit/s speeds using the Google speed test over a 200Mbit/s home Internet connection. That’s via a Minisforum N40 miniPC as server. The test config is:

laptop — Brume (WG client) – N40 (WG server) – OpenBSD firewall – Internet

All connections over copper not WiFi.

The block diagram for the Marvell ARMADA 88F3720 processor looks like this:

image1237×1058 286 KB

No AES engine and a search in the spec sheet confirms it too.

Unfortunately OpenVPN doesn’t seem to support “cipher CHACHA20_POLY1305” despite it being listed as one of the TLS ciphers. Only AES variants. Not being an OpenVPN expert I’m not sure why…

root@GL-MV1000:~# openvpn --show-ciphers
AES-128-CBC (128 bit key, 128 bit block)
AES-128-CFB (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB1 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB8 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-GCM (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-OFB (128 bit key, 128 bit block, TLS client/server mode only)
AES-192-CBC (192 bit key, 128 bit block)
AES-192-CFB (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-CFB1 (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-CFB8 (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-GCM (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-OFB (192 bit key, 128 bit block, TLS client/server mode only)
AES-256-CBC (256 bit key, 128 bit block)
AES-256-CFB (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-CFB1 (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-CFB8 (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-GCM (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-OFB (256 bit key, 128 bit block, TLS client/server mode only)

I’ve not included the deprecated ciphers.

It’s not included in OpenSSL, that’s why!

root@GL-MV1000:~# openssl help
…
Cipher commands (see the `enc’ command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40

So CHACHA20 can be used for the control channel (built-in to OpenVPN) but not the data channel which uses OpenSSL.

I see yeah, GL will need to update to OpenVPN 2.5: