Support for Edwards Curves
-
i am see some about Edwards Curves and /OpenVPN/easy-rsa/ has add support.
https://blog.pinterjann.is/ed25519-certificates.html
https://ianix.com/pub/ed25519-deployment.htmlI still do n’t know what its advantages are. Are we considering adding it?
-
I would like to have them in OpenVPN as well Curve25519 is now widely used.
-
@aligator638 said in Support for Edwards Curves:
in OpenVPN as well Curve25519 is now widely used.
It is available to use in openvpn, has been for a while - you understand this thread is 3 years old? ;)
I use it in my 2 instances running.
edit:
Doh not sure what I thinking.. Curve 25519 from what I am reading is coming.. Not sure when but when openvpn supports it and pfsense moves to that version then it would be supported. -
@johnpoz
I do not see what ChaCha20-Poly1305 which is a Data Encryption Algorithm has to do with curve25519 which is used in Key Exchange Algorithm......Have you tried to select the curve in PF ? On my version (22.05-RELEASE) with
/usr/local/sbin/openvpn --version OpenVPN 2.6_git amd64-portbld-freebsd12.3 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] [DCO] built on Sep 8 2022 library versions: OpenSSL 1.1.1n-freebsd 15 Mar 2022, LZO 2.10and
openssl list -public-key-algorithms | grep 25519 Name: OpenSSL X25519 algorithm OID: X25519 PEM string: X25519 Name: OpenSSL ED25519 algorithm OID: ED25519 PEM string: ED25519Because me I cannot
-
@aligator638 yeah see my edit, maybe I needed more coffee ;) Not sure what I was thinking - sorry about that.
I did some research this morning - and it seems there is a way to use it, but not with the official versions as of yet, I saw talk of compiling your own version and or manually doing some settings.
While that might be possible in pfsense, until its a standard feature in the released versions you most likely will not see it available in the pfsense openvpn settings.
