https://redmine.pfsense.org/https://redmine.pfsense.org/favicon.ico?16780521162017-01-04T17:31:52ZpfSense bugtrackerpfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=303412017-01-04T17:31:52ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Needs Patch</i></li><li><strong>Assignee</strong> deleted (<del><i>Jim Pingle</i></del>)</li><li><strong>Target version</strong> changed from <i>2.4.0</i> to <i>Future</i></li></ul><p>We have no way to detect that currently. OpenVPN does not report that in any of their status output. Open a feature request with OpenVPN and if they add it in, we'll display it.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=303452017-01-04T18:45:48ZJeff Wischkaemper
<ul></ul><p>Will do. Is there something specific I can ask for over there that would make it easier for you?</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=303462017-01-04T19:09:55ZJim Pingle
<ul></ul><p>Nothing in particular comes to mind, it would be nice to see all of the known parameters for connecting clients/servers (selected NCP cipher, compression settings, ECDH curve, etc.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=303472017-01-04T19:14:15ZJeff Wischkaemper
<ul></ul><p>I'll see what I can do and report back.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=303622017-01-05T07:52:30ZJeff Wischkaemper
<ul></ul><p>Their initial reply is that it's available if you use verbosity 4... which is correct, but not entirely useful. I'm asking if a couple of specific messages can be moved to 2/3.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=303632017-01-05T08:00:50ZJim Pingle
<ul></ul><p>"verbosity 4"? As in the system logs? Sure, it's in the logs, sure, but scraping logs isn't proper status output. It should show up in the management status output. For example you connect to the management socket/port and ask for data, like "status 2" and it should output the info there.</p>
<p>That's where the rest of the status output is gleaned from:<br /><pre>
: nc -U server2.sock
>INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
status 2
TITLE,OpenVPN 2.4.0 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Dec 30 2016
TIME,Thu Jan 5 08:59:22 2017,1483624762
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID
CLIENT_LIST,clara.dw.example.com,198.51.100.6:42289,10.163.202.2,2001:470:c614:202::1000,82837,79207,Thu Jan 5 08:50:19 2017,1483624219,UNDEF,1,1
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,2001:470:c614:202::1000,clara.dw.example.com,198.51.100.6:42289,Thu Jan 5 08:59:22 2017,1483624762
ROUTING_TABLE,10.163.202.2,clara.dw.example.com,198.51.100.6:42289,Thu Jan 5 08:50:19 2017,1483624219
GLOBAL_STATS,Max bcast/mcast queue length,0
END
</pre></p>
<p>If they would add a couple more columns to that for the cipher/compression/etc that would be ideal.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=304212017-01-07T08:27:17ZJeff Wischkaemper
<ul></ul><p>The proposal to add the info to status 2 / 3 has been accepted, and may make it into OVPN 2.4.1. I'll update this when the commit happens.</p>
<p>Thanks</p>
<p><a class="external" href="https://community.openvpn.net/openvpn/ticket/814#comment:3">https://community.openvpn.net/openvpn/ticket/814#comment:3</a></p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=304222017-01-07T08:40:19ZJim Pingle
<ul></ul><p>Great news!</p>
<p>We'll keep an eye out for it</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=420712019-08-21T13:48:40ZJim Pingle
<ul></ul><p>Looks like this was finally merged in but it's not slated to be in an OpenVPN release until they put out 2.5.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=509362021-02-07T17:21:08ZMatthew Ray
<ul></ul><p>Now that OpenVPN 2.5.0 is released and will be included pfSense 2.5.0, can this feature request be reopened?</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=509432021-02-08T04:49:12ZViktor Gurov
<ul><li><strong>Status</strong> changed from <i>Needs Patch</i> to <i>New</i></li></ul><p>sample output:<br /><pre>
# nc -U ../server1/sock
>INFO:OpenVPN Management Interface Version 3 -- type 'help' for more info
status 2
TITLE,OpenVPN 2.5.0 amd64-portbld-freebsd12.2 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 2 2020
TIME,2021-02-08 13:48:00,1612781280
HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Virtual IPv6 Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username,Client ID,Peer ID,Data Channel Cipher
CLIENT_LIST,cert42client,192.168.88.42:3613,10.54.54.2,,12489,11920,2021-02-08 13:12:10,1612779130,UNDEF,0,0,AES-256-GCM
HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
ROUTING_TABLE,10.54.54.2,cert42client,192.168.88.42:3613,2021-02-08 13:12:10,1612779130
GLOBAL_STATS,Max bcast/mcast queue length,0
END
</pre></p>
<p><a class="external" href="https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/127">https://gitlab.netgate.com/pfSense/pfSense/-/merge_requests/127</a></p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=509502021-02-08T07:18:59ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Pull Request Review</i></li><li><strong>Assignee</strong> set to <i>Viktor Gurov</i></li><li><strong>Target version</strong> changed from <i>Future</i> to <i>CE-Next</i></li></ul> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=512002021-02-18T10:00:51ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Pull Request Review</i> to <i>Feedback</i></li></ul><p>PR has been merged. Thanks!</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=512102021-02-18T10:10:07ZViktor Gurov
<ul><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>Applied in changeset <a class="changeset" title="Display negotiated cipher on Status / OpenVPN page. Implements #7077" href="https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/f5736d9827cf1997b648481c50993d69e3caedff">f5736d9827cf1997b648481c50993d69e3caedff</a>.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=520582021-03-09T13:14:52ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Waiting on Merge</i></li><li><strong>Target version</strong> changed from <i>CE-Next</i> to <i>2.5.1</i></li></ul> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=522092021-03-10T13:15:34ZRenato Botelhorenato@netgate.com
<ul><li><strong>Status</strong> changed from <i>Waiting on Merge</i> to <i>Feedback</i></li></ul><p>Cherry-picked to RELENG_2_5_1</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=523152021-03-12T11:05:46ZJim Pingle
<ul><li><strong>Subject</strong> changed from <i>Display negotiated cipher for NCP OpenVPN connections in Status->OpenVPN</i> to <i>Display negotiated data encryption algorithm in OpenVPN connection status</i></li></ul><p>Updating subject for release notes.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=524652021-03-16T16:59:26ZNick Goehring
<ul><li><strong>File</strong> <a href="/attachments/3515">encryptionCipher.JPG</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/3515/encryptionCipher.JPG">encryptionCipher.JPG</a> added</li></ul><p>Can confirm this is working for me on a SG-5100 running 21.02.2 RC. When connected with my android device, I navigate to Status -> OpenVPN where it shows my device as being connected with AES-128-GCM. Nice feature.</p> pfSense - Feature #7077: Display negotiated data encryption algorithm in OpenVPN connection statushttps://redmine.pfsense.org/issues/7077?journal_id=524842021-03-17T10:44:47ZJim Pingle
<ul><li><strong>Status</strong> changed from <i>Feedback</i> to <i>Resolved</i></li></ul>