Another new feature of OpenVPN 2.4+ is the ability to "push" a cipher or HMAC algorithm from the server to the client. This makes it much easier to switch encryption or HMAC authentication algorithms, provided that all clients are using OpenVPN 2.4. This recipe provides a setup for explicitly pushing a cipher, as well as an explanation of the new cipher negotiation protocol.
This recipe uses the PKI files created in the first recipe from Chapter 2, Client-server IP-only Networks. For this recipe, the server computer was running CentOS 6 Linux and OpenVPN 2.4.0. The client was running Fedora 22 Linux and OpenVPN 2.4.0. For the server, keep the server configuration file basic-udp-server.conf
from the Server-side routing recipe in Chapter 2, Client-server IP-only Networks. For the Windows client, keep the corresponding client configuration file basic-udp-client.ovpn
, from the Using an ifconfig-pool block recipe in Chapter 2, Client-server IP-only Networks.
basic-udp-server.conf
, by adding the following lines:cipher aes-256-gcm push "cipher aes-256-gcm"
Then save it as example4-10-server.conf
.
[root@server]# openvpn --config example4-10-server.conf
[root@client]# openvpn --config basic-udp-client.conf -- verb 4 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256- GCM-SHA384, 2048 bit RSA [...] OPTIONS IMPORT: data channel crypto options modified [...] Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
The output showing that OpenVPN is now using an AES-256 cipher is shown in bold face.
ping
command:[client]$ ping -c 4 10.200.0.1 PING 10.200.0.1 (10.200.0.1) 56(84) bytes of data. 64 bytes from 10.200.0.1: icmp_seq=1 ttl=64 time=9.23 ms 64 bytes from 10.200.0.1: icmp_seq=2 ttl=64 time=8.78 ms 64 bytes from 10.200.0.1: icmp_seq=3 ttl=64 time=10.0 ms 64 bytes from 10.200.0.1: icmp_seq=4 ttl=64 time=9.00 ms --- 10.200.0.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 8.780/9.259/10.022/0.468 ms
Pushing a cipher is now just as simple as pushing other OpenVPN options. Versions prior to 2.4 did not support this, however. This allows VPN administrators to change the encryption parameters used without having to modify all (remote) client configuration files.
Starting with OpenVPN 2.4 a new cipher negotiation protocol is introduced. At startup, the client and server will check whether both sides support the new GCM encryption protocols. The strongest cipher from this list is then chosen as the cipher. If no match is found, then OpenVPN reverts to the default BlowFish (BF-CBC) cipher, to ensure backward compatibility.
This feature can be tuned using the new directives ncp-ciphers
and disable-ncp
. The first directive specifies the list of ciphers to negotiate, whereas the second directive turns off cipher negotiation altogether.
When explicitly pushing a cipher from the server to the client you can only specify a cipher from the NCP cipher list. The default NCP cipher list is AES-256-GCM:AES-128-CGM:BF-CBC.
ccp-ciphers push "auth SHA512"
It is expected that future enhancements of this new feature will be:
18.220.203.200