Project

General

Profile

Actions

Feature #13649

closed

Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO

Added by Jim Pingle 3 months ago. Updated about 2 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Release Notes:
Default

Description

Copying from NG Redmine.

The if_ovpn driver (in plus) and OpenVPN userspace now support ChaCha20-Poly1305 and AES-128-GCM with DCO, but the GUI does not allow these to be configured with DCO. Currently when DCO mode is enabled it forces the use of AES-256-GCM only.

The GUI will need to allow any combination of AES-256-GCM, AES-128-GCM, and ChaCha20-Poly1305 to be selected when DCO is enabled on an OpenVPN server or client.


Files

13649.jpg (29.5 KB) 13649.jpg Alhusein Zawi, 12/10/2022 01:02 PM
Actions #1

Updated by Jim Pingle 3 months ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100

Changes merged: https://gitlab.netgate.com/pfSense/factory/-/commit/8a67fe3c06a070c997873cf68b38796d6df821c0

The cipher selection list is no longer hidden in DCO mode.

When switching to DCO mode, the available cipher list is set to DCO compatible ciphers and any incompatible ciphers are removed from the list of selected ciphers. The fallback cipher list is also updated for DCO compatible ciphers in a similar way.

When switching out of DCO mode, the available cipher list are fallback cipher drop-downs are set back to all possible ciphers. Selected ciphers from DCO mode remain selected.

Actions #2

Updated by Alhusein Zawi about 2 months ago

added as shown

23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022

Actions #3

Updated by Jim Pingle about 2 months ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF