Changes between Initial Version and Version 9 of Ticket #1035


Ignore:
Timestamp:
03/09/18 08:18:12 (4 years ago)
Author:
Antonio
Comment:

thanks for explaining what you expected. I think this is the way OpenVPN (not just Connect clients) have always operated.

We could turn this ticket into a feature request and see what the others think about it.

But I can see here the main problem is that client and server do not always exchange cipher details - they are just expected to be configured on both sides.

OpenVPN 2.4 comes with a basic cipher negotiation (when installed on both client and server) but this is not enough to assume that this info is always exchanged.

@syzzer what do you think? This ticket was originally filed as an OpenVPN Connect bug, but it's actually a generic OpenVPN design decision that might be improved.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1035

    • Property Status changed from new to assigned
    • Property Component changed from OpenVPN Connect to Crypto
    • Property Summary changed from iOS: OpenVPN Connect will hang with connected status after failed handshake to OpenVPN will hang with connected status in case of cipher mismatch
    • Property Priority changed from major to minor
    • Property Version changed from OpenVPN Connect for iOS v1.2.9 to OpenVPN git master branch (Community Ed)
    • Property Owner changed from Antonio to Steffan Karger
    • Property Type changed from Bug / Defect to Feature Wish
  • Ticket #1035 – Description

    initial v9  
    11When attempting to connect to my PIA VPN provider with GCM as the ovpn configured cipher, OpenVPN will show connected status, but will actually be hung without a connection at all. Going into sleep mode will NOT result in a reconnect attempt. The log will be frozen at the initial connection attempt. The connection slider was in the ON position, and the VPN status bar indicator was present.
    22
    3 PIA has confirmed that AES-128-GCM, and AES-256-GCM (or any GCM) is not supported at this time. All the supported CBC ciphers work as expected with CpenVPN.
     3PIA has confirmed that AES-128-GCM, and AES-256-GCM (or any GCM) is not supported at this time. All the supported CBC ciphers work as expected with OpenVPN.
    44
    55I have tested the same GCM ovpn file with another OpenVPN client, and that resulted with a failed handshake. The client correctly failed and terminated the connection.