Opened 8 years ago
Closed 5 years ago
#519 closed Bug / Defect (wontfix)
keysize config variable of 448 for BF algorithm not respected and utilized on either Android nor iOS
| Reported by: | 5F7TujB4sEccR23Q | Owned by: | Antonio Quartulli |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | OpenVPN Connect | Version: | OpenVPN git master branch (Community Ed) |
| Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | keysize key size blowfish bf config |
| Cc: | plaisthos |
Description
What steps will reproduce the problem?
- Configure a server and client to utilize Blowfish (BF) algorithm with keysize of 448 bits (the max supported)
- Install, run, and import a VPN config file on Android with BF keysize of 448.
- In the OpenVPN server logs, notice that the Android client attempts to connect to the server using 128 bit key size rather than 448.
What is the expected output? What do you see instead?
Error will be failure to connect and numerous general errors depending on whether you choose TCP or UDP endpoint (doesn't matter to this issue).
What mobile phone are you using?
LG Nexus 4
Which Android Version and stock ROM or aftermarket like cyanogenmod?
Affects both:
Android Lollipop v5.0.2 (stock)
CyanogenMod? 12 (aftermarket)
Please provide any additional information below.
Let me know what additional information you require. Seems pretty straightforward...
Change History (9)
comment:1 follow-up: 2 Changed 8 years ago by
comment:2 Changed 8 years ago by
Replying to plaisthos:
Which Android software did you use? OpenVPN for Android or OpenVPN Connect?
I am using the official OpenVPN client for Android, OpenVPN Connect (eg. net.openvpn.openvpn in Google Play Store). URL is https://play.google.com/store/apps/details?id=net.openvpn.openvpn. It appears to me that OpenVPN for Android is an unofficial client and I wouldn't attempt to use that unless the code is open source, security audited, and recommended by OpenVPN dev team. What say you?
comment:3 Changed 8 years ago by
| Component: | Generic / unclassified → OpenVPN Connect |
|---|---|
| Owner: | set to James Smith |
| Status: | new → assigned |
See https://code.google.com/p/ics-openvpn/wiki/FAQ#Differences_between_the_OpenVPN_Android_clients for the differences between the Android clients. The UI code has not been security audited. The OpenVPN source code is (almost) identical to the community edition..
comment:4 Changed 8 years ago by
| Owner: | changed from James Smith to jamesyonan |
|---|
comment:5 Changed 8 years ago by
You don't currently map the keysize to a UI element. I didn't actually try to connect, since I saw the error when I imported the config on your semi-official app. To fix this, you can map the keysize option to your UI so that it can be edited inside the app easily (still not currently supported in your app). But you are surely right, the the bug only really affects OpenVPN Connect and works fine in your app despite the UI warning. Thanks and let me know if you plan to map the UI option :) Let me know where I can make a donation too...
comment:6 Changed 8 years ago by
Yes. I currently does not map to specific UI element. Instead the keysize (and other unknown) options are added as custom options and passed to OpenVPN. Parsing oepnvpn --ciphers and providing cipher/keysize combination is on my long todo list.
comment:7 Changed 5 years ago by
| Owner: | changed from jamesyonan to Antonio Quartulli |
|---|
comment:8 Changed 5 years ago by
| Cc: | plaisthos added |
|---|
@plaisthos is this something interesting for your client, or can we close the ticket?
comment:9 Changed 5 years ago by
| Resolution: | → wontfix |
|---|---|
| Status: | assigned → closed |
well custom config option for keysize is supported with OpenVPN 2.x and blowfish is deprecated anyway. I don't plan to add ui support for it now.
Which Android software did you use? OpenVPN for Android or OpenVPN Connect?