Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Gert Doering]

Hi,

On Mon, Jul 13, 2020 at 10:07:38AM +0400, dm wrote:
> Forgot to add info from server console, last messages  are:
> 
> 2020-07-13 10:04:41 us=435946 10.1.1.17:53148 WARNING: 'version' is used 
> inconsistently, local='version V4', remote='version V0 UNDEF'
> 2020-07-13 10:04:41 us=435976 10.1.1.17:53148 WARNING: 'dev-type' is 
> present in local config but missing in remote config, local='dev-type tun'

Yeah, it's "no OCC and no NCP".  Should be easy to reproduce here.

thanks,

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[dm]

13.07.2020 09:36, Dmitry Melekhov пишет:

12.07.2020 04:05, Arne Schwabe пишет:

Am 23.06.20 um 11:12 schrieb Dmitry Melekhov:

23.06.2020 13:02, Gert Doering пишет:


That patch is from Steffan, and review has been sitting in my lap for
way too long.  Need to see if it still applies.


Unfortunately it is not compatible with 2.4.9, because of introduced
change...

Can you test with current openvpn master if that works for you? That has
now allows you set the --cipher in ccd/connect-client scripts.

Arne


Hello!

Compiled master from git, installed on server copy with Ubuntu 18.04.

Compiled  the same master with enable-small on my Ubuntu 20.04 desktop.

Added ncp-disable to config.

If cipher is different from default on client and there is no cipher 
in ccd for client - connection fails.


If I add specific cipher to client, i.e. ciphers match- everything is 
fine.



So, looks like it works, but unfortunately, there is problem:


Then I compiled openvpn-2.3.18 on Centos 6.

It connects if it is compiled by just  using configure.

But if I compile 2.3.18 with enable-small, then 2.5 server dies, 
always, even if there is no cipher in ccd and ciphers match.


On client side:

./openvpn belkam.ovpn
Mon Jul 13 09:33:17 2020 OpenVPN 2.3.18 x86_64-unknown-linux-gnu [SSL 
(OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 13 2020
Mon Jul 13 09:33:17 2020 library versions: OpenSSL 1.0.1e-fips 11 Feb 
2013, LZO 2.03

Enter Auth Username:dm
Enter Auth Password:
Mon Jul 13 09:33:20 2020 WARNING: No server certificate verification 
method has been enabled.  See http://openvpn.net/howto.html#mitm for 
more info.
Mon Jul 13 09:33:20 2020 WARNING: file '/home/dm/openvpn/dm.key' is 
group or others accessible
Mon Jul 13 09:33:20 2020 Socket Buffers: R=[87380->87380] 
S=[16384->16384]
Mon Jul 13 09:33:20 2020 Attempting to establish TCP connection with 
[AF_INET]192.168.222.2:1194 [nonblock]
Mon Jul 13 09:33:21 2020 TCP connection established with 
[AF_INET]192.168.222.2:1194

Mon Jul 13 09:33:21 2020 TCPv4_CLIENT link local: [undef]
Mon Jul 13 09:33:21 2020 TCPv4_CLIENT link remote: 
[AF_INET]192.168.222.2:1194
Mon Jul 13 09:33:21 2020 TLS: Initial packet from 
[AF_INET]192.168.222.2:1194, sid=7c5295f5 d243c13b
Mon Jul 13 09:33:21 2020 WARNING: this configuration may cache 
passwords in memory -- use the auth-nocache option to prevent this
Mon Jul 13 09:33:21 2020 VERIFY OK: depth=1, C=RU, ST=Udm, L=Izhevsk, 
O=Belkam, OU=UIT, CN=vpn.belkam.com, emailAddress=supp...@belkam.com
Mon Jul 13 09:33:21 2020 VERIFY OK: depth=0, C=RU, ST=Udm, L=Izhevsk, 
O=Belkam, OU=UIT, CN=ovpn1, emailAddress=supp...@belkam.com
Mon Jul 13 09:33:22 2020 Data Channel Encrypt: Cipher 'AES-256-CBC' 
initialized with 256 bit key
Mon Jul 13 09:33:22 2020 Data Channel Encrypt: Using 160 bit message 
hash 'SHA1' for HMAC authentication
Mon Jul 13 09:33:22 2020 Data Channel Decrypt: Cipher 'AES-256-CBC' 
initialized with 256 bit key
Mon Jul 13 09:33:22 2020 Data Channel Decrypt: Using 160 bit message 
hash 'SHA1' for HMAC authentication
Mon Jul 13 09:33:22 2020 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 
ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Mon Jul 13 09:33:22 2020 [ovpn1] Peer Connection Initiated with 
[AF_INET]192.168.222.2:1194

Mon Jul 13 09:33:22 2020 Connection reset, restarting [0]
Mon Jul 13 09:33:22 2020 SIGUSR1[soft,connection-reset] received, 
process restarting

Mon Jul 13 09:33:22 2020 Restart pause, 5 second(s)

On server side:

Jul 13 09:33:22 ovpn1 systemd[1]: openvpn@server.service: Main process 
exited, code=killed, status=11/SEGV
Jul 13 09:33:22 ovpn1 systemd[1]: openvpn@server.service: Killing 
process 9231 (openvpn) with signal SIGKILL.
Jul 13 09:33:22 ovpn1 systemd[1]: openvpn@server.service: Failed with 
result 'signal'.



Servers just dies...



Forgot to add info from server console, last messages  are:


2020-07-13 10:04:41 us=435946 10.1.1.17:53148 WARNING: 'version' is used 
inconsistently, local='version V4', remote='version V0 UNDEF'
2020-07-13 10:04:41 us=435976 10.1.1.17:53148 WARNING: 'dev-type' is 
present in local config but missing in remote config, local='dev-type tun'
2020-07-13 10:04:41 us=436004 10.1.1.17:53148 WARNING: 'link-mtu' is 
present in local config but missing in remote config, local='link-mtu 1560'
2020-07-13 10:04:41 us=436029 10.1.1.17:53148 WARNING: 'tun-mtu' is 
present in local config but missing in remote config, local='tun-mtu 1500'
2020-07-13 10:04:41 us=436054 10.1.1.17:53148 WARNING: 'comp-lzo' is 
present in local config but missing in remote config, local='comp-lzo'
2020-07-13 10:04:41 us=436078 10.1.1.17:53148 WARNING: 'cipher' is 
present in local config but missing in remote config, local='cipher 
AES-256-CBC'
2020-07-13 10:04:41 us=436104 10.1.1.17:53148 WARNING: 'auth' is present 
in local config but missing in remote config, local='auth SHA1'
2020-07-13 10:04:41 us=436127 10.1.1.17:53148 WARNING: 'keysize' is 
present in local config but missing in remote config, 

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Dmitry Melekhov]

12.07.2020 04:05, Arne Schwabe пишет:

Am 23.06.20 um 11:12 schrieb Dmitry Melekhov:

23.06.2020 13:02, Gert Doering пишет:


That patch is from Steffan, and review has been sitting in my lap for
way too long.  Need to see if it still applies.


Unfortunately it is not compatible with 2.4.9, because of introduced
change...

Can you test with current openvpn master if that works for you? That has
now allows you set the --cipher in ccd/connect-client scripts.

Arne


Hello!

Compiled master from git, installed on server copy with Ubuntu 18.04.

Compiled  the same master with enable-small on my Ubuntu 20.04 desktop.

Added ncp-disable to config.

If cipher is different from default on client and there is no cipher in 
ccd for client - connection fails.


If I add specific cipher to client, i.e. ciphers match- everything is fine.


So, looks like it works, but unfortunately, there is problem:


Then I compiled openvpn-2.3.18 on Centos 6.

It connects if it is compiled by just  using configure.

But if I compile 2.3.18 with enable-small, then 2.5 server dies, always, 
even if there is no cipher in ccd and ciphers match.


On client side:

./openvpn belkam.ovpn
Mon Jul 13 09:33:17 2020 OpenVPN 2.3.18 x86_64-unknown-linux-gnu [SSL 
(OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 13 2020
Mon Jul 13 09:33:17 2020 library versions: OpenSSL 1.0.1e-fips 11 Feb 
2013, LZO 2.03

Enter Auth Username:dm
Enter Auth Password:
Mon Jul 13 09:33:20 2020 WARNING: No server certificate verification 
method has been enabled.  See http://openvpn.net/howto.html#mitm for 
more info.
Mon Jul 13 09:33:20 2020 WARNING: file '/home/dm/openvpn/dm.key' is 
group or others accessible

Mon Jul 13 09:33:20 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Jul 13 09:33:20 2020 Attempting to establish TCP connection with 
[AF_INET]192.168.222.2:1194 [nonblock]
Mon Jul 13 09:33:21 2020 TCP connection established with 
[AF_INET]192.168.222.2:1194

Mon Jul 13 09:33:21 2020 TCPv4_CLIENT link local: [undef]
Mon Jul 13 09:33:21 2020 TCPv4_CLIENT link remote: 
[AF_INET]192.168.222.2:1194
Mon Jul 13 09:33:21 2020 TLS: Initial packet from 
[AF_INET]192.168.222.2:1194, sid=7c5295f5 d243c13b
Mon Jul 13 09:33:21 2020 WARNING: this configuration may cache passwords 
in memory -- use the auth-nocache option to prevent this
Mon Jul 13 09:33:21 2020 VERIFY OK: depth=1, C=RU, ST=Udm, L=Izhevsk, 
O=Belkam, OU=UIT, CN=vpn.belkam.com, emailAddress=supp...@belkam.com
Mon Jul 13 09:33:21 2020 VERIFY OK: depth=0, C=RU, ST=Udm, L=Izhevsk, 
O=Belkam, OU=UIT, CN=ovpn1, emailAddress=supp...@belkam.com
Mon Jul 13 09:33:22 2020 Data Channel Encrypt: Cipher 'AES-256-CBC' 
initialized with 256 bit key
Mon Jul 13 09:33:22 2020 Data Channel Encrypt: Using 160 bit message 
hash 'SHA1' for HMAC authentication
Mon Jul 13 09:33:22 2020 Data Channel Decrypt: Cipher 'AES-256-CBC' 
initialized with 256 bit key
Mon Jul 13 09:33:22 2020 Data Channel Decrypt: Using 160 bit message 
hash 'SHA1' for HMAC authentication
Mon Jul 13 09:33:22 2020 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 
ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA
Mon Jul 13 09:33:22 2020 [ovpn1] Peer Connection Initiated with 
[AF_INET]192.168.222.2:1194

Mon Jul 13 09:33:22 2020 Connection reset, restarting [0]
Mon Jul 13 09:33:22 2020 SIGUSR1[soft,connection-reset] received, 
process restarting

Mon Jul 13 09:33:22 2020 Restart pause, 5 second(s)

On server side:

Jul 13 09:33:22 ovpn1 systemd[1]: openvpn@server.service: Main process 
exited, code=killed, status=11/SEGV
Jul 13 09:33:22 ovpn1 systemd[1]: openvpn@server.service: Killing 
process 9231 (openvpn) with signal SIGKILL.
Jul 13 09:33:22 ovpn1 systemd[1]: openvpn@server.service: Failed with 
result 'signal'.



Servers just dies...

Thank you!




___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Arne Schwabe]

Am 23.06.20 um 11:12 schrieb Dmitry Melekhov:
> 23.06.2020 13:02, Gert Doering пишет:
>>
>>
>> That patch is from Steffan, and review has been sitting in my lap for
>> way too long.  Need to see if it still applies.
>>
> 
> Unfortunately it is not compatible with 2.4.9, because of introduced
> change...

Can you test with current openvpn master if that works for you? That has
now allows you set the --cipher in ccd/connect-client scripts.

Arne



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Steffan Karger]

On 22-06-2020 19:59, David Sommerseth wrote:
> On 22/06/2020 14:43, Steffan Karger wrote:
>> On 22-06-2020 14:29, David Sommerseth wrote:
>>> On 22/06/2020 14:21, Arne Schwabe wrote:

>  PrivateTmp=true
>  WorkingDirectory=/etc/openvpn/server
> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --config %i.conf
> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --cipher AES-256-GCM 
> --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC 
> --config %i.conf
>  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 
> CAP_AUDIT_WRITE
>  LimitNPROC=10
>  DeviceAllow=/dev/null rw
>

 NACK.

 Setting ncp-cipher to include BF-CBC by default allows BF-CBC in configs
 that did not allow it before. Basically any config that had something
 other than cipher BF-CBC and no ncp-ciphers in it will now allow clients
 with BF-CBC to connect. I don't want force users to set ncp-cipher to a
 sane value since the systemd unit file doesn't.
>>>
>>> That will break existing configs on the next upgrade.  Do we want do do 
>>> that?
>>>
>>> I'm fine with removing BF-CBC, but it is scheduled for removal in OpenVPN 
>>> 2.6.
>>
>> I think Arne has a very good point that it's kinda weird to "degrade"
>> the NCP defaults.
>>
>> Making AES-256-GCM the default cipher for TLS-based connections (GCM
>> won't work with static key configs) does not imply *removing* BF-CBC
>> support. Maybe these should be the steps:
>>
>> 2.4: Use to AES-256-GCM when available (basically what NCP did)
>> 2.5: Switch to AES-256-GCM as the default cipher (but allow overriding)
>> 2.6: Remove support for small block ciphers all together
>>
>> Yes, this will probably break some (less secure) setups and make some
>> people angry. But at some point people need to move on. We've been
>> throwing warnings at them for a while now.
> 
> Yes, I agree that Arne got a point.  But I'm not completely convinced breaking
> configs in OpenVPN 2.5 without a prior note that it will stop working.  Our
> warning only screams "you shouldn't use ciphers with block sizes < 128 bits",
> it doesn't say "this will stop working in a future release".
> 
> OpenVPN 2.4.9 gives this warning:
> 
> WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This
> allows attacks like SWEET32.  Mitigate by using a --cipher with a larger
> block size (e.g. AES-256-CBC).
> 
> The community has been informed it will stop working in 2.6, not before this
> release.
> 
> This must be documented properly and log warnings updated to indicate
> short-term workarounds.
> 
> I could be willing to consider breaking configs for ciphers in a later 2.5.x
> release as long as users are properly warned *when* it will stop working - and
> that users gets a real chance to fix configs before we do break their configs
> - where a workaround approach could be considered and available from v2.5.0
> (on the other hand, if they change their configs, they should swap ciphers
> instead of applying a workaround for a dying cipher - but for some it might be
> a bit more complicated to do such a swap).
> 
> We need to find a good middle-way for OpenVPN 2.5, where we clearly signal
> "weak ciphers will be removed" and when we will do that.  While also moving
> forward and break as few configs as possible and not make configs weaker than
> before.

I agree the warning we log should be made even more scary.

The DeprecatedOptions wiki however already says:

Removal of insecure ciphers: Ciphers with cipher block-size less than
128 bits (most commonly BF, DES, CAST5, IDEA and RC2)

Deprecated in: OpenVPN v2.4
To be removed in: OpenVPN v2.6

What I'm proposing is a step in between for something that is long
overdue: update the *defaults* to no longer use insecure ciphers. But to
cater for those that are unprepared, allow them to explicitly re-enable
BF-CBC during a transition period. They've been ignoring our advice to
migrate for a long time now, and even the wiki page says that these
ciphers are already deprecated in 2.4.

-Steffan



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Steffan Karger]

Hi,

On 22-06-2020 16:01, Arne Schwabe wrote:
> Am 22.06.20 um 14:43 schrieb Steffan Karger:
>> Maybe these should be the steps:
>>
>> 2.4: Use to AES-256-GCM when available (basically what NCP did)
>> 2.5: Switch to AES-256-GCM as the default cipher (but allow overriding)
>> 2.6: Remove support for small block ciphers all together
>>
>> Yes, this will probably break some (less secure) setups and make some
>> people angry. But at some point people need to move on. We've been
>> throwing warnings at them for a while now.
> 
> I had a different suggestion in the channel:
> 
> - Deprecate ncp-disable. Reason: Was a good debug switch when introduced
> should not be necessary anymore.

Deprecate in 2.5, remove in 2.6 makes sense to me.

Should we do the same for --cipher in P2MP configs?

> - Introduce ncp-fallback-cipher for compatibility with ncp-disable/old
> versions
> - needs to be a cipher from ncp-ciphers list
> - Eventually default the first cipher from ncp-ciphers list
> - in 2.5 default to --cipher if --cipher is set and automatically
> add cipher to ncp-ciphers and set ncp-fallback-cipher.
> 
> - If cipher is not set
>   a) warn about that cipher will be ignored in p2mp mode and if BF-CBC is
> still needed (e.g. peer 2.3 or older) that ncp-fallback-cipher should be set
> b) same a) but do it automatically for the user+warn
> 
> This allows us to eventually get rid of --cipher while providing still a
> smooth transaction.

That does sounds more friendly than my proposal.

But do we really need an extra option? Does is really differ so much
from changing the default cipher to AES-256-CBC? Both proposals require
config changes to keep old clients working with 2.5+ if --cipher wasn't
set explicitly.

We already have a lot of things in place to cater for a smooth transition:
 - 2.4+ does NCP by default.
 - Any 2.4+ client always sends OCC strings, which makes "poor man's
NCP" work for --ncp-disable clients as long as their cipher is in the
server's --ncp-ciphers list.
 - pre-2.4 clients almost always send OCC strings too, except for
ENABLE_SMALL builds.
 - If NCP and poor-man's NCP fail, 2.5 can (if --cipher is explicitly
set) fall back to whatever is in --cipher and print a big fat warning
that this connection will break in 2.6.
 - If someone *really* wants to have 2.3 ENABLE_SMALL clients connect to
a 2.6 server, they can run a separate server for those clients with only
the cipher of their choice in --ncp-ciphers ("Fall back to the first
cipher", as you proposed).

Basically: if we can agree to no longer guarantee interoperability
between 2.6+ and 2.3- ("mostly just works, but special cases - in
particular ENABLE_SMALL builds - might break"), I don't think we need to
add yet another option.

-Steffan



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Dmitry Melekhov]

24.06.2020 14:12, Arne Schwabe пишет:

There are openvpn 2.3 clients in 3g routers which  are built without
ability to inform server about cipher, so server uses default cipher for
them,

in case you need to change default cipher on server you can't do this ,
because clients will not work, it is also impossible to change default
cipher on all clients at once,

so this is where ability to set default cipher on ccd helps.  All these
are explained in ticket.

Thanks to patch author we were able to change default cipher without
downtime.

btw, we still run such routers but can't do the same procedure because
patch is not compatible with 2.4.9 if for some reason current cipher
will became nonsecure as blowfish.


Allowing to be able to specify ncp-fallback-cipher from my proposal per
ccd if no NCP could be performed would also fix your use case, right?



Yes, sure!

Thank you!



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Arne Schwabe]

> There are openvpn 2.3 clients in 3g routers which  are built without
> ability to inform server about cipher, so server uses default cipher for
> them,
> 
> in case you need to change default cipher on server you can't do this ,
> because clients will not work, it is also impossible to change default
> cipher on all clients at once,
> 
> so this is where ability to set default cipher on ccd helps.  All these
> are explained in ticket.
> 
> Thanks to patch author we were able to change default cipher without
> downtime.
> 
> btw, we still run such routers but can't do the same procedure because
> patch is not compatible with 2.4.9 if for some reason current cipher
> will became nonsecure as blowfish.
> 

Allowing to be able to specify ncp-fallback-cipher from my proposal per
ccd if no NCP could be performed would also fix your use case, right?

Arne



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Gert Doering]

Hi,

On Tue, Jun 23, 2020 at 01:12:42PM +0400, Dmitry Melekhov wrote:
> 23.06.2020 13:02, Gert Doering ??:
> > That patch is from Steffan, and review has been sitting in my lap for
> > way too long.  Need to see if it still applies.
> 
> Unfortunately it is not compatible with 2.4.9, because of introduced 
> change...

Depending on how intrusive that patch is, it won't go into 2.4.9 anyway
but into git master (to be 2.5.0 "some time this summer").

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Dmitry Melekhov]

23.06.2020 13:02, Gert Doering пишет:



That patch is from Steffan, and review has been sitting in my lap for
way too long.  Need to see if it still applies.



Unfortunately it is not compatible with 2.4.9, because of introduced 
change...






___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Gert Doering]

Hi,

On Tue, Jun 23, 2020 at 10:34:47AM +0200, Arne Schwabe wrote:
> > Well, may be it is possible to add support for setting cipher in ccd
> > 
> > as it was possible before 2.4.9 using patch from here
> > 
> > https://community.openvpn.net/openvpn/ticket/845
> >
> 
> I get that this might have been needed in 2.4.x with the first version
> of NCP. But the NCP negoiation in 2.5.x should handle all use cases.
> 
> Help me understand why --cipher in ccd should be needed?

Non-negotiated (because dumb clients) per-client cipher - e.g. for 
migration.

That patch is from Steffan, and review has been sitting in my lap for
way too long.  Need to see if it still applies.

gert

-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
 Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany g...@greenie.muc.de


signature.asc
Description: PGP signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Dmitry Melekhov]

23.06.2020 12:34, Arne Schwabe пишет:

Am 23.06.20 um 06:16 schrieb Dmitry Melekhov:

22.06.2020 20:58, Selva Nair пишет:

+*WARNING*    This MAY break configurations where the client uses
+    ``--disable-occ`` feature where the ``--cipher`` has
+    not been explicitly configured on both client and
+    server side.  It is recommended to remove the
``--disable-occ``
+    option*or*  explicitly add ``--cipher AES-256-GCM``
on the
+    client side if ``--disable-occ`` is strictly needed.

Well, may be it is possible to add support for setting cipher in ccd

as it was possible before 2.4.9 using patch from here

https://community.openvpn.net/openvpn/ticket/845


I get that this might have been needed in 2.4.x with the first version
of NCP. But the NCP negoiation in 2.5.x should handle all use cases.

Help me understand why --cipher in ccd should be needed?

Arne

There are openvpn 2.3 clients in 3g routers which  are built without 
ability to inform server about cipher, so server uses default cipher for 
them,


in case you need to change default cipher on server you can't do this , 
because clients will not work, it is also impossible to change default 
cipher on all clients at once,


so this is where ability to set default cipher on ccd helps.  All these 
are explained in ticket.


Thanks to patch author we were able to change default cipher without 
downtime.


btw, we still run such routers but can't do the same procedure because 
patch is not compatible with 2.4.9 if for some reason current cipher 
will became nonsecure as blowfish.



Thank you!




___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Arne Schwabe]

Am 23.06.20 um 06:16 schrieb Dmitry Melekhov:
> 22.06.2020 20:58, Selva Nair пишет:
>> +*WARNING*    This MAY break configurations where the client uses
>> +    ``--disable-occ`` feature where the ``--cipher`` has
>> +    not been explicitly configured on both client and
>> +    server side.  It is recommended to remove the
>> ``--disable-occ``
>> +    option*or*  explicitly add ``--cipher AES-256-GCM``
>> on the
>> +    client side if ``--disable-occ`` is strictly needed.
> 
> Well, may be it is possible to add support for setting cipher in ccd
> 
> as it was possible before 2.4.9 using patch from here
> 
> https://community.openvpn.net/openvpn/ticket/845
>

I get that this might have been needed in 2.4.x with the first version
of NCP. But the NCP negoiation in 2.5.x should handle all use cases.

Help me understand why --cipher in ccd should be needed?

Arne



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Dmitry Melekhov]

22.06.2020 20:58, Selva Nair пишет:

+*WARNING*This MAY break configurations where the client uses
+``--disable-occ`` feature where the ``--cipher`` has
+not been explicitly configured on both client and
+server side.  It is recommended to remove the ``--disable-occ``
+option*or*  explicitly add ``--cipher AES-256-GCM`` on the
+client side if ``--disable-occ`` is strictly needed.


Well, may be it is possible to add support for setting cipher in ccd

as it was possible before 2.4.9 using patch from here

https://community.openvpn.net/openvpn/ticket/845

?


Thank you!





___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[David Sommerseth]

[resent for the ML inclusion]

On 22/06/2020 18:58, Selva Nair wrote:
> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth  wrote:
[...snip...]
>> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
>> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
>> AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
> 
> This is why I keep my openvpn servers out of systemd's view -- it
> keeps deciding what's good for us. I want to run my configs as is.

The order of options are crucial here.  This only changes the _default_ if
these options are not set.  If they are set in the config file, the config
file will override.


-- 
kind regards,

David Sommerseth
OpenVPN Inc






signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[David Sommerseth]

On 22/06/2020 14:43, Steffan Karger wrote:
> Hi,
> 
> On 22-06-2020 14:29, David Sommerseth wrote:
>> On 22/06/2020 14:21, Arne Schwabe wrote:
>>>
  PrivateTmp=true
  WorkingDirectory=/etc/openvpn/server
 -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
 --status-version 2 --suppress-timestamps --config %i.conf
 +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
 --status-version 2 --suppress-timestamps --cipher AES-256-GCM 
 --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC 
 --config %i.conf
  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
 CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 
 CAP_AUDIT_WRITE
  LimitNPROC=10
  DeviceAllow=/dev/null rw

>>>
>>> NACK.
>>>
>>> Setting ncp-cipher to include BF-CBC by default allows BF-CBC in configs
>>> that did not allow it before. Basically any config that had something
>>> other than cipher BF-CBC and no ncp-ciphers in it will now allow clients
>>> with BF-CBC to connect. I don't want force users to set ncp-cipher to a
>>> sane value since the systemd unit file doesn't.
>>
>> That will break existing configs on the next upgrade.  Do we want do do that?
>>
>> I'm fine with removing BF-CBC, but it is scheduled for removal in OpenVPN 
>> 2.6.
> 
> I think Arne has a very good point that it's kinda weird to "degrade"
> the NCP defaults.
> 
> Making AES-256-GCM the default cipher for TLS-based connections (GCM
> won't work with static key configs) does not imply *removing* BF-CBC
> support. Maybe these should be the steps:
> 
> 2.4: Use to AES-256-GCM when available (basically what NCP did)
> 2.5: Switch to AES-256-GCM as the default cipher (but allow overriding)
> 2.6: Remove support for small block ciphers all together
> 
> Yes, this will probably break some (less secure) setups and make some
> people angry. But at some point people need to move on. We've been
> throwing warnings at them for a while now.

Yes, I agree that Arne got a point.  But I'm not completely convinced breaking
configs in OpenVPN 2.5 without a prior note that it will stop working.  Our
warning only screams "you shouldn't use ciphers with block sizes < 128 bits",
it doesn't say "this will stop working in a future release".

OpenVPN 2.4.9 gives this warning:

WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This
allows attacks like SWEET32.  Mitigate by using a --cipher with a larger
block size (e.g. AES-256-CBC).

The community has been informed it will stop working in 2.6, not before this
release.

This must be documented properly and log warnings updated to indicate
short-term workarounds.

I could be willing to consider breaking configs for ciphers in a later 2.5.x
release as long as users are properly warned *when* it will stop working - and
that users gets a real chance to fix configs before we do break their configs
- where a workaround approach could be considered and available from v2.5.0
(on the other hand, if they change their configs, they should swap ciphers
instead of applying a workaround for a dying cipher - but for some it might be
a bit more complicated to do such a swap).

We need to find a good middle-way for OpenVPN 2.5, where we clearly signal
"weak ciphers will be removed" and when we will do that.  While also moving
forward and break as few configs as possible and not make configs weaker than
before.


-- 
kind regards,

David Sommerseth
OpenVPN Inc




signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[David Sommerseth]

On 22/06/2020 19:20, André via Openvpn-devel wrote:
> Hi,
> 
> 
> Sent with ProtonMail Secure Email.
> 
> ‐‐‐ Original Message ‐‐‐
> On Monday 22 June 2020 18:58, Selva Nair  wrote:
> 
>> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth dav...@openvpn.net wrote:
>>
>>> This change makes the server use AES-256-GCM instead of BF-CBC as the
>>> default cipher for the VPN tunnel when starting OpenVPN via systemd
>>> and the openvpn-server@.service unit file.
>>> To avoid breaking existing running configurations defaulting to BF-CBC,
>>> the Negotiable Crypto Parameters (NCP) list contains the BF-CBC in
>>> addition to AES-CBC. This makes it possible to migrate existing older
>>> client configurations one-by-one to use at least AES-CBC unless the
>>> client is updated to v2.4 or newer (which defaults to upgrade to
>>> AES-GCM automatically)
>>> This has been tested in Fedora 27 (released November 2017) with no
>>> reported issues. By making this default for all Linux distributions
>>> with systemd shipping with the unit files we provide, we gradually
>>> expand setups using this possibility. As we gather experience from
>>> this change, we can further move these changes into the defaults of
>>> the OpenVPN binary itself with time.
>>>
>>> Signed-off-by: David Sommerseth dav...@openvpn.net
>>>
>>> ---
>>>
>>> Changes.rst | 15 +++
>>> distro/systemd/openvpn-ser...@.service.in | 2 +-
>>> 2 files changed, 16 insertions(+), 1 deletion(-)
>>> diff --git a/Changes.rst b/Changes.rst
>>> index 00dd6ed8..e76d3c73 100644
>>> --- a/Changes.rst
>>> +++ b/Changes.rst
>>> @@ -14,6 +14,21 @@ ChaCha20-Poly1305 cipher support
>>> channel.
>>> +User-visible Changes
>>> +
>>> +New default cipher for systemd based Linux distributions
>>>
>>> -   For Linux distributions with systemd which packages the systemd unit 
>>> files
>>> -   from the OpenVPN project, the default cipher is now changed to 
>>> AES-256-GCM,
>>> -   with BF-CBC as a fallback through the NCP feature. This change has been
>>> -   tested successfully since the Fedora 27 release (released November 
>>> 2017).
>>> -
>>> -   WARNING This MAY break configurations where the client uses
>>> -  ``--disable-occ`` feature where the ``--cipher`` has
>>>
>>>
>>> -  not been explicitly configured on both client and
>>>
>>>
>>> -  server side.  It is recommended to remove the 
>>> ``--disable-occ``
>>>
>>>
>>> -  option *or* explicitly add ``--cipher AES-256-GCM`` on 
>>> the
>>>
>>>
>>> -  client side if ``--disable-occ`` is strictly needed.
>>>
>>>
>>> -
>>>
>>> Overview of changes in 2.4
>>>
>>> ===
>>>
>>> diff --git a/distro/systemd/openvpn-ser...@.service.in 
>>> b/distro/systemd/openvpn-ser...@.service.in
>>> index d1cc72cb..f3545ff5 100644
>>> --- a/distro/systemd/openvpn-ser...@.service.in
>>> +++ b/distro/systemd/openvpn-ser...@.service.in
>>> @@ -10,7 +10,7 @@ 
>>> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
>>> Type=notify
>>> PrivateTmp=true
>>> WorkingDirectory=/etc/openvpn/server
>>> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
>>> --status-version 2 --suppress-timestamps --config %i.conf
>>> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
>>> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
>>> AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
>>
>> This is why I keep my openvpn servers out of systemd's view -- it
>> keeps deciding what's good for us. I want to run my configs as is.
>>
>> Selva
>>
>> Openvpn-devel mailing list
>> Openvpn-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
> 
> Sorry for the noise in advance but I agree.
> No idea how to keep it out of systemd's view :) but I change the line to
> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --config %i.conf
> +ExecStart=@sbindir@/openvpn --config %i.conf
> and do everything in %i.conf
> No unexpected configuration behaviour that way like missing timestamps in log.

The --suppress-timestamps is actually the _only_ option there which cannot be
overridden.  By not having it there, a lot of users would be annoyed by
duplicated timestamps in their logs when they don't use log files directly.
But I can agree, having a way to override this option could be beneficial for
some users.

There might be many reasons why to use separate log files, but on a busy
server it may actually slow openvpn down a little bit (it is still single
threaded and logging happens in the same thread as key negotiations and VPN
network traffic) - especially if file write caches fills up and the fprint()
calls are blocked until file system has synced up.

By default, all logging is easily accessible via 'journalctl -u

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[André via Openvpn-devel]

Hi,


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Monday 22 June 2020 18:58, Selva Nair  wrote:

> On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth dav...@openvpn.net wrote:
>
> > This change makes the server use AES-256-GCM instead of BF-CBC as the
> > default cipher for the VPN tunnel when starting OpenVPN via systemd
> > and the openvpn-server@.service unit file.
> > To avoid breaking existing running configurations defaulting to BF-CBC,
> > the Negotiable Crypto Parameters (NCP) list contains the BF-CBC in
> > addition to AES-CBC. This makes it possible to migrate existing older
> > client configurations one-by-one to use at least AES-CBC unless the
> > client is updated to v2.4 or newer (which defaults to upgrade to
> > AES-GCM automatically)
> > This has been tested in Fedora 27 (released November 2017) with no
> > reported issues. By making this default for all Linux distributions
> > with systemd shipping with the unit files we provide, we gradually
> > expand setups using this possibility. As we gather experience from
> > this change, we can further move these changes into the defaults of
> > the OpenVPN binary itself with time.
> >
> > Signed-off-by: David Sommerseth dav...@openvpn.net
> >
> > ---
> >
> > Changes.rst | 15 +++
> > distro/systemd/openvpn-ser...@.service.in | 2 +-
> > 2 files changed, 16 insertions(+), 1 deletion(-)
> > diff --git a/Changes.rst b/Changes.rst
> > index 00dd6ed8..e76d3c73 100644
> > --- a/Changes.rst
> > +++ b/Changes.rst
> > @@ -14,6 +14,21 @@ ChaCha20-Poly1305 cipher support
> > channel.
> > +User-visible Changes
> > +
> > +New default cipher for systemd based Linux distributions
> >
> > -   For Linux distributions with systemd which packages the systemd unit 
> > files
> > -   from the OpenVPN project, the default cipher is now changed to 
> > AES-256-GCM,
> > -   with BF-CBC as a fallback through the NCP feature. This change has been
> > -   tested successfully since the Fedora 27 release (released November 
> > 2017).
> > -
> > -   WARNING This MAY break configurations where the client uses
> > -  ``--disable-occ`` feature where the ``--cipher`` has
> >
> >
> > -  not been explicitly configured on both client and
> >
> >
> > -  server side.  It is recommended to remove the 
> > ``--disable-occ``
> >
> >
> > -  option *or* explicitly add ``--cipher AES-256-GCM`` on 
> > the
> >
> >
> > -  client side if ``--disable-occ`` is strictly needed.
> >
> >
> > -
> >
> > Overview of changes in 2.4
> >
> > ===
> >
> > diff --git a/distro/systemd/openvpn-ser...@.service.in 
> > b/distro/systemd/openvpn-ser...@.service.in
> > index d1cc72cb..f3545ff5 100644
> > --- a/distro/systemd/openvpn-ser...@.service.in
> > +++ b/distro/systemd/openvpn-ser...@.service.in
> > @@ -10,7 +10,7 @@ 
> > Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
> > Type=notify
> > PrivateTmp=true
> > WorkingDirectory=/etc/openvpn/server
> > -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> > --status-version 2 --suppress-timestamps --config %i.conf
> > +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> > --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
> > AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
>
> This is why I keep my openvpn servers out of systemd's view -- it
> keeps deciding what's good for us. I want to run my configs as is.
>
> Selva
>
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Sorry for the noise in advance but I agree.
No idea how to keep it out of systemd's view :) but I change the line to
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
--status-version 2 --suppress-timestamps --config %i.conf
+ExecStart=@sbindir@/openvpn --config %i.conf
and do everything in %i.conf
No unexpected configuration behaviour that way like missing timestamps in log.

Pippin


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Selva Nair]

On Mon, Jun 22, 2020 at 7:31 AM David Sommerseth  wrote:
>
> This change makes the server use AES-256-GCM instead of BF-CBC as the
> default cipher for the VPN tunnel when starting OpenVPN via systemd
> and the openvpn-server@.service unit file.
>
> To avoid breaking existing running configurations defaulting to BF-CBC,
> the Negotiable Crypto Parameters (NCP) list contains the BF-CBC in
> addition to AES-CBC.  This makes it possible to migrate existing older
> client configurations one-by-one to use at least AES-CBC unless the
> client is updated to v2.4 or newer (which defaults to upgrade to
> AES-GCM automatically)
>
> This has been tested in Fedora 27 (released November 2017) with no
> reported issues.  By making this default for all Linux distributions
> with systemd shipping with the unit files we provide, we gradually
> expand setups using this possibility.  As we gather experience from
> this change, we can further move these changes into the defaults of
> the OpenVPN binary itself with time.
>
> Signed-off-by: David Sommerseth 
> ---
>  Changes.rst   | 15 +++
>  distro/systemd/openvpn-ser...@.service.in |  2 +-
>  2 files changed, 16 insertions(+), 1 deletion(-)
>
> diff --git a/Changes.rst b/Changes.rst
> index 00dd6ed8..e76d3c73 100644
> --- a/Changes.rst
> +++ b/Changes.rst
> @@ -14,6 +14,21 @@ ChaCha20-Poly1305 cipher support
>  channel.
>
>
> +User-visible Changes
> +
> +New default cipher for systemd based Linux distributions
> +For Linux distributions with systemd which packages the systemd unit 
> files
> +from the OpenVPN project, the default cipher is now changed to 
> AES-256-GCM,
> +with BF-CBC as a fallback through the NCP feature.  This change has been
> +tested successfully since the Fedora 27 release (released November 2017).
> +
> +*WARNING*   This MAY break configurations where the client uses
> +``--disable-occ`` feature where the ``--cipher`` has
> +not been explicitly configured on both client and
> +server side.  It is recommended to remove the 
> ``--disable-occ``
> +option *or* explicitly add ``--cipher AES-256-GCM`` on the
> +client side if ``--disable-occ`` is strictly needed.
> +
>  Overview of changes in 2.4
>  ==
>
> diff --git a/distro/systemd/openvpn-ser...@.service.in 
> b/distro/systemd/openvpn-ser...@.service.in
> index d1cc72cb..f3545ff5 100644
> --- a/distro/systemd/openvpn-ser...@.service.in
> +++ b/distro/systemd/openvpn-ser...@.service.in
> @@ -10,7 +10,7 @@ 
> Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
>  Type=notify
>  PrivateTmp=true
>  WorkingDirectory=/etc/openvpn/server
> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --config %i.conf
> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
> AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf

This is why I keep my openvpn servers out of systemd's view -- it
keeps deciding what's good for us. I want to run my configs as is.

Selva


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Arne Schwabe]

Am 22.06.20 um 14:43 schrieb Steffan Karger:
> Hi,
> 
> On 22-06-2020 14:29, David Sommerseth wrote:
>> On 22/06/2020 14:21, Arne Schwabe wrote:
>>>
  PrivateTmp=true
  WorkingDirectory=/etc/openvpn/server
 -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
 --status-version 2 --suppress-timestamps --config %i.conf
 +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
 --status-version 2 --suppress-timestamps --cipher AES-256-GCM 
 --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC 
 --config %i.conf
  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
 CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 
 CAP_AUDIT_WRITE
  LimitNPROC=10
  DeviceAllow=/dev/null rw

>>>
>>> NACK.
>>>
>>> Setting ncp-cipher to include BF-CBC by default allows BF-CBC in configs
>>> that did not allow it before. Basically any config that had something
>>> other than cipher BF-CBC and no ncp-ciphers in it will now allow clients
>>> with BF-CBC to connect. I don't want force users to set ncp-cipher to a
>>> sane value since the systemd unit file doesn't.
>>
>> That will break existing configs on the next upgrade.  Do we want do do that?
>>
>> I'm fine with removing BF-CBC, but it is scheduled for removal in OpenVPN 
>> 2.6.
> 
> I think Arne has a very good point that it's kinda weird to "degrade"
> the NCP defaults.
> 
> Making AES-256-GCM the default cipher for TLS-based connections (GCM
> won't work with static key configs) does not imply *removing* BF-CBC
> support. Maybe these should be the steps:
> 
> 2.4: Use to AES-256-GCM when available (basically what NCP did)
> 2.5: Switch to AES-256-GCM as the default cipher (but allow overriding)
> 2.6: Remove support for small block ciphers all together
> 
> Yes, this will probably break some (less secure) setups and make some
> people angry. But at some point people need to move on. We've been
> throwing warnings at them for a while now.

I had a different suggestion in the channel:

- Deprecate ncp-disable. Reason: Was a good debug switch when introduced
should not be necessary anymore.

- Introduce ncp-fallback-cipher for compatibility with ncp-disable/old
versions
- needs to be a cipher from ncp-ciphers list
- Eventually default the first cipher from ncp-ciphers list
- in 2.5 default to --cipher if --cipher is set and automatically
add cipher to ncp-ciphers and set ncp-fallback-cipher.

- If cipher is not set
a) warn about that cipher will be ignored in p2mp mode and if BF-CBC is
still needed (e.g. peer 2.3 or older) that ncp-fallback-cipher should be set
b) same a) but do it automatically for the user+warn


This allows us to eventually get rid of --cipher while providing still a
smooth transaction.

Arne



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Steffan Karger]

Hi,

On 22-06-2020 14:29, David Sommerseth wrote:
> On 22/06/2020 14:21, Arne Schwabe wrote:
>>
>>>  PrivateTmp=true
>>>  WorkingDirectory=/etc/openvpn/server
>>> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
>>> --status-version 2 --suppress-timestamps --config %i.conf
>>> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
>>> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
>>> AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
>>>  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
>>> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 
>>> CAP_AUDIT_WRITE
>>>  LimitNPROC=10
>>>  DeviceAllow=/dev/null rw
>>>
>>
>> NACK.
>>
>> Setting ncp-cipher to include BF-CBC by default allows BF-CBC in configs
>> that did not allow it before. Basically any config that had something
>> other than cipher BF-CBC and no ncp-ciphers in it will now allow clients
>> with BF-CBC to connect. I don't want force users to set ncp-cipher to a
>> sane value since the systemd unit file doesn't.
> 
> That will break existing configs on the next upgrade.  Do we want do do that?
> 
> I'm fine with removing BF-CBC, but it is scheduled for removal in OpenVPN 2.6.

I think Arne has a very good point that it's kinda weird to "degrade"
the NCP defaults.

Making AES-256-GCM the default cipher for TLS-based connections (GCM
won't work with static key configs) does not imply *removing* BF-CBC
support. Maybe these should be the steps:

2.4: Use to AES-256-GCM when available (basically what NCP did)
2.5: Switch to AES-256-GCM as the default cipher (but allow overriding)
2.6: Remove support for small block ciphers all together

Yes, this will probably break some (less secure) setups and make some
people angry. But at some point people need to move on. We've been
throwing warnings at them for a while now.

-Steffan


___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[David Sommerseth]

On 22/06/2020 14:21, Arne Schwabe wrote:
> 
>>  PrivateTmp=true
>>  WorkingDirectory=/etc/openvpn/server
>> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
>> --status-version 2 --suppress-timestamps --config %i.conf
>> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
>> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
>> AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
>>  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
>> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 
>> CAP_AUDIT_WRITE
>>  LimitNPROC=10
>>  DeviceAllow=/dev/null rw
>>
> 
> NACK.
> 
> Setting ncp-cipher to include BF-CBC by default allows BF-CBC in configs
> that did not allow it before. Basically any config that had something
> other than cipher BF-CBC and no ncp-ciphers in it will now allow clients
> with BF-CBC to connect. I don't want force users to set ncp-cipher to a
> sane value since the systemd unit file doesn't.

That will break existing configs on the next upgrade.  Do we want do do that?

I'm fine with removing BF-CBC, but it is scheduled for removal in OpenVPN 2.6.




-- 
kind regards,

David Sommerseth
OpenVPN Inc




signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[Arne Schwabe]

>  PrivateTmp=true
>  WorkingDirectory=/etc/openvpn/server
> -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --config %i.conf
> +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
> --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
> AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
>  CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
> CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 
> CAP_AUDIT_WRITE
>  LimitNPROC=10
>  DeviceAllow=/dev/null rw
> 

NACK.

Setting ncp-cipher to include BF-CBC by default allows BF-CBC in configs
that did not allow it before. Basically any config that had something
other than cipher BF-CBC and no ncp-ciphers in it will now allow clients
with BF-CBC to connect. I don't want force users to set ncp-cipher to a
sane value since the systemd unit file doesn't.

Arne



signature.asc
Description: OpenPGP digital signature
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

[Openvpn-devel] [PATCH] systemd: Change the default cipher to AES-256-GCM for server configs

[David Sommerseth]

This change makes the server use AES-256-GCM instead of BF-CBC as the
default cipher for the VPN tunnel when starting OpenVPN via systemd
and the openvpn-server@.service unit file.

To avoid breaking existing running configurations defaulting to BF-CBC,
the Negotiable Crypto Parameters (NCP) list contains the BF-CBC in
addition to AES-CBC.  This makes it possible to migrate existing older
client configurations one-by-one to use at least AES-CBC unless the
client is updated to v2.4 or newer (which defaults to upgrade to
AES-GCM automatically)

This has been tested in Fedora 27 (released November 2017) with no
reported issues.  By making this default for all Linux distributions
with systemd shipping with the unit files we provide, we gradually
expand setups using this possibility.  As we gather experience from
this change, we can further move these changes into the defaults of
the OpenVPN binary itself with time.

Signed-off-by: David Sommerseth 
---
 Changes.rst   | 15 +++
 distro/systemd/openvpn-ser...@.service.in |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Changes.rst b/Changes.rst
index 00dd6ed8..e76d3c73 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -14,6 +14,21 @@ ChaCha20-Poly1305 cipher support
 channel.
 
 
+User-visible Changes
+
+New default cipher for systemd based Linux distributions
+For Linux distributions with systemd which packages the systemd unit files
+from the OpenVPN project, the default cipher is now changed to AES-256-GCM,
+with BF-CBC as a fallback through the NCP feature.  This change has been
+tested successfully since the Fedora 27 release (released November 2017).
+
+*WARNING*   This MAY break configurations where the client uses
+``--disable-occ`` feature where the ``--cipher`` has
+not been explicitly configured on both client and
+server side.  It is recommended to remove the ``--disable-occ``
+option *or* explicitly add ``--cipher AES-256-GCM`` on the
+client side if ``--disable-occ`` is strictly needed.
+
 Overview of changes in 2.4
 ==
 
diff --git a/distro/systemd/openvpn-ser...@.service.in 
b/distro/systemd/openvpn-ser...@.service.in
index d1cc72cb..f3545ff5 100644
--- a/distro/systemd/openvpn-ser...@.service.in
+++ b/distro/systemd/openvpn-ser...@.service.in
@@ -10,7 +10,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
 Type=notify
 PrivateTmp=true
 WorkingDirectory=/etc/openvpn/server
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
--status-version 2 --suppress-timestamps --config %i.conf
+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log 
--status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers 
AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE 
CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE 
CAP_AUDIT_WRITE
 LimitNPROC=10
 DeviceAllow=/dev/null rw
-- 
2.26.0



___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel