CryptoFree configs don't work in OpenVPN for Android v0.7.6

[4ut0-M-4t]

cryptofree_rsa-udp.ovpn is the only one that works without issues (I must admit that I haven't tried TCP configs). With cryptofree_secp521r1-udp.ovpn applied it just hangs awaiting server response, with cryptofree_ed448-udp.ovpn I get TLS errors (handshake failed, key negotiation failed) and with cryptofree_ed25519-udp.ovpn I get:

connect() error: : mbed TLS: error parsing ca certificate : X509 - Signature algorithm (oid) is unsupported : OID - OID is not found

[df-cryptostorm]

The secp521r1 configs only work on OpenVPN 2.4.0 through 2.4.6, with OpenSSL 1.0.1d through 1.1.1a. The ed448 and ed25519 configs require at least OpenVPN 2.4.3 and OpenSSL 1.1.1.

On the Google Play Store, the latest version of OpenVPN for Android they have is 0.7.5, which uses an older OpenVPN and OpenSSL. To use the above configs, update to the 0.7.6 version of the app that's on F-Droid, or install the 0.7.7 one from http://plaisthos.de/android/ics-openvpn-0.7.7.apk

[df-cryptostorm]

Oh you said you've got 0.7.6. I guess the Ed448/Ed25519 ones only work on v0.7.7 then. The secp521r1 config should work on v0.7.6 though.

[4ut0-M-4t]

But this commit has happened before v0.7.6 was released. So both ed448 and ed25519 configs should be supported.

[df-cryptostorm]

Yea, 0.7.6 does indeed include OpenSSL 1.1.1, so all the above configs should work. I just tested with 0.7.6, they all connected fine for me. Are you sure you're not on a network that might be blocking the connection? The secp521r1 configs default to 443, but it can be changed to almost anything. The ed25519 configs use port 5061, and the ed448 configs use port 5062.

Oh, and that "signature algorithm (oid) is unsupported" error means you don't have OpenSSL 1.1.1. So are you sure you're running v0.7.6?

[4ut0-M-4t]

I'm quite sure it's v0.7.6. But if you have no issues, I will reconfigure ports and test under different conditions.