Allow selection of cipher of cipher and bitsize in UI

acidburn0zzz / ics-openvpn

Automatically exported from code.google.com/p/ics-openvpn

1 stars 0 forks source link

Allow selection of cipher of cipher and bitsize in UI #330

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Configure a server and client to utilize Blowfish (BF) algorithm with 
keysize of 448 bits (the max supported)
2. Install, run, and import a VPN config file on Android with BF keysize of 448.
3. In the OpenVPN server logs, notice that the Android client attempts to 
connect to the server using 128 bit key size rather than 448.

What is the expected output? What do you see instead?

Error will be failure to connect and numerous general errors depending on 
whether you choose TCP or UDP endpoint (doesn't matter to this issue).

What mobile phone are you using?

LG Nexus 4

Which Android Version and stock ROM or aftermarket like cyanogenmod?

Affects both:

Android Lollipop v5.0.2 (stock)
CyanogenMod 12 (aftermarket)

Please provide any additional information below.

Let me know what additional information you require. Seems pretty 
straightforward...

Original issue reported on code.google.com by kristian...@gmail.com on 26 Feb 2015 at 3:44

GoogleCodeExporter commented 9 years ago

Can you also provide the config file you imported or a snippet of the config 
file?

Original comment by arne@rfc2549.org on 26 Feb 2015 at 8:38

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Sure, see below. Please note the same config works just fine on my Linux
openvpn client with larger keysize and is respected / utilized, so that's
why I filed the bug for the Android and iOS clients. If there is a more
secure cipher / keysize that works across all platforms, please also
recommend what that should be. Per my research BF@448 seemed the most
trustable and secure option...

client.ovpn
"""
client
dev tun
proto udp
remote <redacted> <redacted>
resolv-retry infinite
nobind
user nobody
group nogroup
persist-key
persist-tun
cipher BF-CBC        # Blowfish (default)
comp-lzo
verb 3
keysize 448
remote-cert-tls server
auth SHA512
...
<redacted private / public keys follow>
...
"""

Original comment by kristian...@gmail.com on 26 Feb 2015 at 12:11

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

From https://community.openvpn.net/openvpn/ticket/519  I think that this bug 
only applies to OpenVPN Connect, did you test with OpenVPN for Android or only 
with OpenVPN Connect?

Original comment by arne@rfc2549.org on 26 Feb 2015 at 12:37

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

Original comment by arne@rfc2549.org on 27 Feb 2015 at 10:05

Changed title: Allow selection of cipher of cipher and bitsize in UI
Changed state: Accepted
Added labels: Type-Enhancement
Removed labels: Type-Defect