Feature #13649
closed
Support for ChaCha20-Poly1305 and AES-128-GCM encryption with OpenVPN DCO
100%
Description
Copying from NG Redmine.
The if_ovpn driver (in plus) and OpenVPN userspace now support ChaCha20-Poly1305 and AES-128-GCM with DCO, but the GUI does not allow these to be configured with DCO. Currently when DCO mode is enabled it forces the use of AES-256-GCM only.
The GUI will need to allow any combination of AES-256-GCM, AES-128-GCM, and ChaCha20-Poly1305 to be selected when DCO is enabled on an OpenVPN server or client.
Files
Updated by Jim Pingle over 1 year ago
- Status changed from In Progress to Feedback
- % Done changed from 0 to 100
Changes merged: https://gitlab.netgate.com/pfSense/factory/-/commit/8a67fe3c06a070c997873cf68b38796d6df821c0
The cipher selection list is no longer hidden in DCO mode.
When switching to DCO mode, the available cipher list is set to DCO compatible ciphers and any incompatible ciphers are removed from the list of selected ciphers. The fallback cipher list is also updated for DCO compatible ciphers in a similar way.
When switching out of DCO mode, the available cipher list are fallback cipher drop-downs are set back to all possible ciphers. Selected ciphers from DCO mode remain selected.
Updated by Alhusein Zawi over 1 year ago
added as shown
23.01-DEVELOPMENT (amd64)
built on Fri Dec 02 06:04:48 UTC 2022