Jump to content
TorGuard
  • 0
rush1967

Open VPN client keeps connecting at 128 GCM

Rate this question

Question

rush1967

I am using the config generator to create a config to ultimately use with my Vilfo VPN router.  I have tried so many variations to try to connect at 256 GCM but the logs show that the TG servers report back 256 CBC and then the client and server settle on 128 GCM.  Has anyone got a config working for this sort of scenario?  I have tested with the generic OPEN VPN client as well and always get the same result.

 

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 1
4b3e098b

This was an issue a year or two ago when I used TorGuard and it still seems to be an issue now.

There's nothing you can do to fix it. TorGuard's server config is botched in such a way that you can't negotiate with it.

I'll use connecting to UDP port 53 as an example. These are the listed ciphers.

cipher AES-256-CBC*
cipher AES-128-GCM
cipher AES-256-GCM
cipher AES-128-CBC
cipher BF-CBC

A proper OpenVPN server would use cipher AES-256-CBC and then ncp-ciphers AES-256-GCM:AES-128-GCM:AES-128-CBC:BF-CBC.

An older OpenVPN client (pre 2.4) would pass cipher AES-256-CBC in their client config. These don't support cipher negotiation, so OpenVPN 2.3 or less, or Open 2.4+ with cipher negotiation disabled, would use AES-256-CBC.

But once cipher negotiation is in play (ncp), the cipher config is overridden in favor of ncp-ciphers.

An OpenVPN client could pass a list in order of preference and as long as the server accepts them, the first one the server supports gets used.

I build my own OpenVPN servers so I have worked with this.

An example in my case, I only want to support the AES-256-GCM cipher as I only let the latest clients connect.

I set cipher AES-256-CBC as is proper, then ncp-ciphers AES-256-GCM. Since any client with OpenVPN 2.4 by default will use negotiation, and I only list AES-256-GCM, the client absolutely must support and use AES-256-GCM. Technically, they could disable ncp client side and connect with AES-256-CBC (and a 2.3 client might be able to connect, but then I use 2.4+ features so they wouldn't work anyway).

I could allow additional ciphers server side by setting ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC.

Now, a 2.4+ client with ncp enabled will default to AES-256-GCM, but they can set ncp-ciphers in the client config to force any one of those 4.

TorGuard will need to fix their servers to remedy this. There is nothing you can do on your end to force AES-256-GCM properly. I posted here awhile ago about this issue and it looks like they never fixed it. It would also be nice if they would allow SHA-512 on their tls-crypt servers, but at least according to the specs page that no configuration supports that, as opposed to the specs page stating all listed ciphers are valid on 2.4+ despite this being provably false due to their configuration error.

On both ASUS Merlin and pfSense, there is no setting that allows me to get AES-256-GCM without the local/remote error and issues that follow from there. So I've just disabled ncp and used AES-256-CBC.

  • Thanks 1

Share this post


Link to post
Share on other sites
  • 0
Support
On 12/1/2018 at 8:23 PM, rush1967 said:

I am using the config generator to create a config to ultimately use with my Vilfo VPN router.  I have tried so many variations to try to connect at 256 GCM but the logs show that the TG servers report back 256 CBC and then the client and server settle on 128 GCM.  Has anyone got a config working for this sort of scenario?  I have tested with the generic OPEN VPN client as well and always get the same result.

 

 

Hi Rush

You need to add the following config line to your OpenVPN config to prevent cipher negotiation:

 

ncp-disable

It should then use the cipher you specify

Regards

 

 

Share this post


Link to post
Share on other sites
  • 0
rush1967
7 minutes ago, Support said:

 

Hi Rush

You need to add the following config line to your OpenVPN config to prevent cipher negotiation:

 

ncp-disable

It should then use the cipher you specify

Regards

 

That is already in my config.  The server is trying to push 256-CBC to me but since I have "cipher AES-256-GCM" in my config then the server negotiates down to 125-GCM.  Below is my config with the TLS and CA key sections removed.

 

client

dev tun

proto udp

remote ny.east.usa.torguardvpnaccess.com 1195

remote-cert-tls server

auth SHA256

key-direction 1

setenv CLIENT_CERT 0

 

ncp-disable

resolv-retry infinite

nobind

tls-version-min 1.2

cipher AES-256-GCM

auth-user-pass

tun-mtu-extra 32

Share this post


Link to post
Share on other sites
  • 0
Support
1 hour ago, rush1967 said:

 

That is already in my config.  The server is trying to push 256-CBC to me but since I have "cipher AES-256-GCM" in my config then the server negotiates down to 125-GCM.  Below is my config with the TLS and CA key sections removed.

 

client

dev tun

proto udp

remote ny.east.usa.torguardvpnaccess.com 1195

remote-cert-tls server

auth SHA256

key-direction 1

setenv CLIENT_CERT 0

 

ncp-disable

resolv-retry infinite

nobind

tls-version-min 1.2

cipher AES-256-GCM

auth-user-pass

tun-mtu-extra 32

 

What version of OpenVPN are you running there?

Share this post


Link to post
Share on other sites
  • 0
rush1967
4 minutes ago, Support said:

 

What version of OpenVPN are you running there?

 

I am either using the Open VPN 2.4 client or my Vilfo router with is also version 2.4.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×