id summary reporter owner description type status priority milestone component version severity resolution keywords cc
290 OpenVPN connect on iOS Keysize issue, with DD-WRT shadoweyez jamesyonan "Hi all, first bug report here;
On iPad2 w/openvpn connect 1.0, attempting to connect w/DD-WRT w/openvpn 2.3.0, configs listed at the end.
When attempting to connect using 4096-bit keys, connection times out.
When attempting to connect using 1024-bit keys, connection works.
Other combinations with these server/client configs work, including a linux laptop with openvpn to the DD-WRT server, a windows box to the DD-WRT server, and openvpn on the iPad to a linux openvpn server with 4096-bit keys.
Then, without changing the config *** OTHER THAN USING 1024-bit key sizes *** on both the iPad and DD-WRT router, everything connects and works.
I'm using easy-rsa on linux to generate keys, though I believe other key generation methods would not really change the results.
The only thing changing here is the key sizes, and it only occurs with openVPN connect.
(I consider this a bug, as from a security standpoint, 1024-bit asymmetric/RSA is weak)
=========================
DD-WRT v24-sp2 (03/17/13) mega, SVN revision 20979, on Asus RT-N66U
$ uname -a
Linux DD-WRT 2.6.24.111 #68 Sun Mar 17 19:00:02 PDT 2013 mips GNU/Linux
$ openvpn --help
OpenVPN 2.3.0 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 17 2013
iPad2 config:
remote vpn.site 443
client
remote-cert-tls server
comp-lzo
dev tun0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
float
cipher AES-256-CBC
auth SHA512
4096-bit ca-key
4096-bit cert
4096-bit key
DD-WRT server config:
push ""dhcp-option DNS 208.67.222.222""
server 192.168.3.0 255.255.255.0
duplicate-cn
tls-server
push ""redirect-gateway""
script-security 2
verb 5
dev tun0
proto udp
keepalive 60 180
port 443
comp-lzo
cipher AES-256-CBC
auth SHA512
#4096-bit keys
dh /tmp/openvpn/dh.pem
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/cert.pem
key /tmp/openvpn/key.pem
management localhost 5001
" Bug / Defect closed major OpenVPN Connect Not set (select this one, unless your'e a OpenVPN developer) fixed iOS james@…