Brume OpenVPN server crypto

Reeshar · 2020-06-06T21:41:49.738Z

I’m a newbie Brume user. I’ve tried it out as a WireGuard and OpenVPN client - both are fast, the former impressively so. But looking at the OpenVPN server side, the crypto seems less than impressive: SHA1 for auth when SHA256 is now the accepted standard and the Blowfish BF-CBC cipher specified in the client ovpn file created by the server which is deprecated because it is insecure.

Is there any way of changing these crypto settings or can we expect these will be brought more up-to-date with current security expectations?

Johnex · 2020-06-07T11:58:51.431Z

@robotluo

The default config for OpenVPN needs to be updated

robotluo · 2020-06-08T02:19:12.375Z

Ok, I’ll update that.

Reeshar · 2020-06-08T11:27:02.671Z

Thanks! It certainly works fine with SHA256 and AES-256 as a client judging from the OpenVPN log on my OpenBSD-based server.

Reeshar · 2020-06-08T11:56:24.223Z

Can I suggest AES-128-CBC as the default cipher? It’s good strength for anything but the most secure traffic without the performance hit of moving to AES-256-CBC or AES-256-GCM.

Thanks!

Richard

Reeshar · 2020-06-08T20:22:22.781Z

I’ve done some more investigation of the Brume OpenVPN server and despite what it says on the config page of the GUI, it doesn’t actually offer Blowfish. Here’s the list of supported crypto algorithms. May I suggest the client config is updated to reflect what is actually available: AES-128-GCM-SHA256 is available for both TLS 1.2 and 1.3 so seems a good option!

root@GL-MV1000:~# openvpn --show-tls
Available TLS Ciphers, listed in order of preference:

For TLS 1.3 and newer (–tls-ciphersuites):

TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256

For TLS 1.2 and older (–tls-cipher):

TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA
TLS-DHE-RSA-WITH-AES-256-CBC-SHA
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA
TLS-DHE-RSA-WITH-AES-128-CBC-SHA

Johnex · 2020-06-08T21:43:53.932Z

Technically the best cipher for both TLS1.2 and TLS1.3 is TLS_CHACHA20_POLY1305_SHA256 and TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 respectively, as they offer the fastest software based decoding, since the GL routers don’t have a dedicated AES instruction on the processor. This is also why wireguard is much faster than OpenVPN with default config. AES is the best for VPN from PC to PC for example, where Intel and AMD processors have AES instructions.

Reeshar · 2020-06-09T10:33:10.291Z

Ah thanks. Good info. I had actually been trying to find out whether the Armada 3720 had hardware support for AES!

And yes, I’m a great WireGuard fan. On tests I’m getting about 140MBit/s speeds using the Google speed test over a 200Mbit/s home Internet connection. That’s via a Minisforum N40 miniPC as server. The test config is:

laptop — Brume (WG client) – N40 (WG server) – OpenBSD firewall – Internet

All connections over copper not WiFi.

Johnex · 2020-06-09T11:06:32.872Z

The block diagram for the Marvell ARMADA 88F3720 processor looks like this:

image1237×1058 286 KB

No AES engine and a search in the spec sheet confirms it too.

Reeshar · 2020-06-09T13:03:24.984Z

Unfortunately OpenVPN doesn’t seem to support “cipher CHACHA20_POLY1305” despite it being listed as one of the TLS ciphers. Only AES variants. Not being an OpenVPN expert I’m not sure why…

root@GL-MV1000:~# openvpn --show-ciphers
AES-128-CBC (128 bit key, 128 bit block)
AES-128-CFB (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB1 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-CFB8 (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-GCM (128 bit key, 128 bit block, TLS client/server mode only)
AES-128-OFB (128 bit key, 128 bit block, TLS client/server mode only)
AES-192-CBC (192 bit key, 128 bit block)
AES-192-CFB (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-CFB1 (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-CFB8 (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-GCM (192 bit key, 128 bit block, TLS client/server mode only)
AES-192-OFB (192 bit key, 128 bit block, TLS client/server mode only)
AES-256-CBC (256 bit key, 128 bit block)
AES-256-CFB (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-CFB1 (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-CFB8 (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-GCM (256 bit key, 128 bit block, TLS client/server mode only)
AES-256-OFB (256 bit key, 128 bit block, TLS client/server mode only)

I’ve not included the deprecated ciphers.

Reeshar · 2020-06-09T13:14:15.071Z

It’s not included in OpenSSL, that’s why!

root@GL-MV1000:~# openssl help
…
Cipher commands (see the `enc’ command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40

So CHACHA20 can be used for the control channel (built-in to OpenVPN) but not the data channel which uses OpenSSL.

Johnex · 2020-06-09T19:35:38.231Z

I see yeah, GL will need to update to OpenVPN 2.5:

github.com

OpenVPN/openvpn/blob/master/Changes.rst

Overview of changes in 2.6
==========================


New features
------------
Keying Material Exporters (RFC 5705) based key generation
    As part of the cipher negotiation OpenVPN will automatically prefer
    the RFC5705 based key material generation to the current custom
    OpenVPN PRF. This feature requires OpenSSL or mbed TLS 2.18+.

Compatibility with OpenSSL in FIPS mode
    OpenVPN will now work with OpenSSL in FIPS mode. Note, no effort
    has been made to check or implement all the
    requirements/recommendation of FIPS 140-2. This just allows OpenVPN
    to be run on a system that be configured OpenSSL in FIPS mode.

``mlock`` will now check if enough memlock-able memory has been reserved,
    and if less than 100MB RAM are available, use setrlimit() to upgrade
    the limit.  See Trac #1390.  Not available on OpenSolaris.

This file has been truncated. show original