[SOLVED] auth SHA384 in openvpn

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
valvolt
DD-WRT Novice


Joined: 29 Sep 2019
Posts: 7
PostPosted: Mon Oct 14, 2019 17:11    Post subject: [SOLVED] auth SHA384 in openvpn Reply with quote
Is it possible to use the command:

auth SHA384

in the configuration of the openvpn client and if yes, how?
The remote server expects it.

I speak about the auth keyword, not the tls-auth one. In the combo-box I can specify different hash algorithms but SHA384 is not one of them. I tried specifying 'none' and adding 'auth SHA384' in the Additional Config field but this leads to a conflict since then the keyword auth is defined twice...

Support appreciated, as always Smile

Last edited by valvolt on Tue Oct 15, 2019 19:35; edited 1 time in total
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12873
Location: Netherlands
PostPosted: Mon Oct 14, 2019 19:02    Post subject: Reply with quote
The " auth " directive is for the hash algorithm (HMAC)

Not sure why the server wants SHA384 for this.

Set the Hash Algorithm to "none"
and in the Additional Config add:
Code:
auth SHA384


As newer GCM ciphers do not use the auth setting anymore I think it would be better and faster to use the new GCM ciphers


EDIT:

I reviewed the source code and can see what is going on, if set to none, in the openvpn.conf you you can see: " auth none "

That is not correct there should not be anything Sad

I saw that for " cipher " setting we have the same problem.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
valvolt
DD-WRT Novice


Joined: 29 Sep 2019
Posts: 7
PostPosted: Tue Oct 15, 2019 5:58    Post subject: Reply with quote
Cool, I've found a bug ! Wink
For the record, these are required by vpntunnel.

Keep-up the good work !
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12873
Location: Netherlands
PostPosted: Tue Oct 15, 2019 12:00    Post subject: Reply with quote
A bug yes but it should work nonetheless.

I just tested, set both server en client (both DDWRT routers running OVPN 2.4.7.; OpenSSL 1.1.1d 10 Sep 2019)

I have set Auth to None and added in the additional config:
Code:
auth SHA384


Checked openvpn.conf:
Code:
auth none
auth SHA384

I can connect with no warnings:
Code:
20191015 13:48:32 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
20191015 13:48:32 Outgoing Data Channel: Using 384 bit message hash 'SHA384' for HMAC authentication


So no problem using other auth settings (or cipher settings) on my setup, maybe you are using an older version which has this problems?
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
valvolt
DD-WRT Novice


Joined: 29 Sep 2019
Posts: 7
PostPosted: Tue Oct 15, 2019 19:33    Post subject: Reply with quote
Thanks ! You are correct, I managed to get a working connection despite having both auth none and auth SHA384 in the config file.

Another solved problem Cool
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum