OpenVPN 2.4 with ECC and ECDH

[JimbobJay]

Hi. First things first, want to thank Merlin for the great work on the firmware - really appreciate the hard work that goes into this project

So, I've upgraded the firmware on my AC87U to 380.65, which comes with OpenVPN 2.4. So now I'm trying to set up a server that uses Elliptic Curve Cryptography (ECC) with Elliptic curve Diffie–Hellman (ECDH) key exchange, which is supposed to be both more secure and more efficient. As far as I'm aware, both are built-in to OpenVPN 2.4.

Now I''ve followed the instructions from the OpenVPN and Easy-RSA How-To's to create a CA and PKI using ECC, but when it comes to getting these to work with the AC87U server, I'm having some trouble. There doesn't seem to be an option for any of the ECC curves in the Auth digest section, which I believe is what causing me to have problems connecting. Even using the custom field has yielded no results.

So my question is this. Does the OpenVPN version included with 380.65 support Elliptic Curve? And if so, could anyone help me with setting up a server using ECC on my AC87U? Any help would be appreciated. Thanks

 

[JimbobJay]

Just an update having spent the better part of the the day trying to sort this, without getting anywhere

I have created a PKI using easy-rsa, and created an EC CA using secp384r1 (384 bit). In fact, I have tried creating multiple different PKIs to try and see if it was a problem with that.

As it is, I can't figure out where I'm going wrong. As far as I can tell, on openvpn 2.4 there should be no problems with using ECDH key exchange with elliptic curve digital signature algorithm (ECDSA), so I'm assuming this is user error rather that something to do with the router/firmware's configuration of openvpn?

I have tried fiddling with so many different options with the Web GUI OpenVPN Server configuration, but to no avail. I thought maybe I'd cracked it, as I managed to get the server running according to the ASUS log, by instead going with a custom TLS configuration with inline keys, as the new ECC and ECDH no longer requires a Diffie-Helman entry and the Web GUI was throwing up an error when I was leaving Diffie-Helman blank, but it's still not working even with the server running ok.
Here is what the server config .ovpn file looks like right now:

# Automatically generated configuration
daemon
proto udp
port 1194
dev tun21
cipher AES-128-CBC
auth SHA512
compress lz4
keepalive 15 60
verb 3
status-version 2
status status 10

# Custom Configuration
topology subnet
server 10.8.0.0 255.255.255.0
cipher AES-256-GCM
ecdh-curve secp384r1
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
tls-version-min 1.2
ncp-ciphers AES-256-GCM
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1"
<tls-crypt>
***
</tls-crypt>
plugin /usr/lib/openvpn-plugin-auth-pam.so openvpn
<ca>
***
</ca>
dh none
<cert>
***
</cert>
<key>
***
</key>

Again, I have tried multiple permutations of this, with and without the second cipher AES-256-GCM option, but I just cannot tell what's wrong. Perhaps the problem is client side, as it's the client that is not connecting, with the following error being thrown up each time

2017-02-16 16:33:57 VERIFY nsCertType ERROR: C=US, ST=California, L=SanFrancisco, O=., OU=., CN=*, emailAddress=me@example.net, require nsCertType=SERVER
2017-02-16 16:33:57 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
2017-02-16 16:33:57 TLS_ERROR: BIO read tls_read_plaintext error
2017-02-16 16:33:57 TLS Error: TLS object -> incoming plaintext read error
2017-02-16 16:33:57 TLS Error: TLS handshake failed
2017-02-16 16:33:57 SIGUSR1[soft,tls-error] received, process restarting

So I'm guessing it's something to do with the TLS handshake, but that's as far as I got with trying to get EC working on the new OpenVPN 2.4 server. Any help would be appreciated

 

[JimbobJay]

Guess I'll just have a conversation with myself seeing as no one could help :/

For anyone interested I managed to get this fixed in the end. Turned out to be user error, as expected, and a problem with the client config file. Unfortunately, due to tiredness (and I guess plain stupidity), I have no idea what exactly it was in the client config that was wrong. I generated a new config file which was bare minimum, and built it up from there using as few options as possible. Good news is the problem is now solved, and I can now connect to my OpenVPN 2.4 server using pure Elliptic Curve Cryptography and ECDHE bad news is that I have no idea what exactly the problem was.

Anyway, I hope in the future either ASUS or Merlin can integrate better options for ECC and ECDHE with the web gui, because at the moment the only way to configure this is to use the custom option.

 

[Fitz Mutch]

I use only the new GCM ciphers and then configure the server with "tls-version-min 1.2". I think it will automatically use "elliptic curve diffe-hellman exchange" with the new GCM ciphers. You can always check the syslog to be sure.

 

[pitboss]

Can you post your Client.conf or client ovpn?

 

[JimbobJay]

Can you post your Client.conf or client ovpn?

No need - I figured out the problem by reintroducing the options I had one by one. It was the inclusion of

ns-cert-type server

in the client .ovpn that was causing the problem, which I see is now defunct, and should be replaced with

remote-cert-tls server

I think it got in there because I copied it in by mistake. I created the custom client .ovpn file I was using by going off the one that the web gui generated for me before I started using the custom option.
(Unless you wanted me to post them for your own troubleshooting?)

I use only the new GCM ciphers and then configure the server with "tls-version-min 1.2". I think it will automatically use "elliptic curve diffe-hellman exchange" with the new GCM ciphers. You can always check the syslog to be sure.

So are you saying you can do this without using the Custom option in the authorisation field on the web gui? Because it seemed to me that openvpn was ignoring the entries I was putting into the custom entry box unless I explicitly chose Custom in the authorisation field.

As I am already using the Custom option, I added

tls-version-min 1.2

for the heck of it (although it wasn't really needed as my other custom options are ensuring I am using ECC and ECDHE anyway). I'm going to go ahead and keep all the other custom options the same regardless, as everything seems to be working now, and I don't want to fiddle around with it. Like I said above, I don't think the problems I had ever were server side (apart from an issue with the web gui not liking blank DH parameters).

As far as I can tell, there is no way to add the

dh none

Diffie-Hellman parameter without using the Custom config option, as when I tried typing 'none' for DH in TLS Certificates entry field, the server was throwing up a problem and refusing to start. Since there is no need for Diffie-Hellman to be included when setting up the server to use only ECDHE, I'm going to stick with my current custom config. Hopefully the ability to set up an ECDHE only server will be made easier when using the web gui in future firmware updates, I assume form ASUS rather than Merlin.

 

[Fitz Mutch]

https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
"Warning! --tls-cipher is an expert feature, which - if used correcly - can improve the security of your VPN connection. But it is also easy to unwittingly use it to carefully align a gun with your foot, or just break your connection. Use with care!"

 

[JimbobJay]

https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
"Warning! --tls-cipher is an expert feature, which - if used correcly - can improve the security of your VPN connection. But it is also easy to unwittingly use it to carefully align a gun with your foot, or just break your connection. Use with care!"

Yes, I saw that. The reason I put it in was because I was following the instructions here https://forums.openvpn.net/viewtopic.php?t=23227

I assumed that it wouldn't be a problem as I inlcuded both tls-version-min and tls-cipher, but just in case, I took out tls-cipher from both client and server configs, and it's still using TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 so good stuff

So are you using Custom or not?

 

[Fitz Mutch]

... are you using Custom or not?

I use OpenVPN custom firewall to insert and remove the rules within the middle of the chains. It's good for protecting the port.

.. I inlcuded both tls-version-min and ...

I use tls-version-min just in case the client tries to silently downgrade the control channel to TLS v1.1. This can happen with the Windows Certificate System Store.

 

[RMerlin]

As far as I can tell, there is no way to add the

dh none

Diffie-Hellman parameter without using the Custom config option, as when I tried typing 'none' for DH in TLS Certificates entry field, the server was throwing up a problem and refusing to start. Since there is no need for Diffie-Hellman to be included when setting up the server to use only ECDHE, I'm going to stick with my current custom config. Hopefully the ability to set up an ECDHE only server will be made easier when using the web gui in future firmware updates, I assume form ASUS rather than Merlin.

Added with this commit. I'm not sure it's actually necessary, as I would have expected OpenVPN to simply ignore any provided DH when using ECDH (I've been using ECDH for over a year myself without the need for this).