Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Security issue in OpenVPN when Server Mode is "Remote Access (SSL/TLS)"

    OpenVPN
    5
    20
    4.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • PippinP
      Pippin
      last edited by

      Need more info.
      Exactly how is the setup, screenshots of server config, client config file and logs of server and client @ verb 4.

      I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
      Halton Arp

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        What exactly did you change?

        I moved a line around and get this error when trying to connect…

        Sun Jan 21 05:47:39 2018 us=615403 TLS: Initial packet from [AF_INET]64.53.xxx.xxx:1194, sid=bc91f4c8 763844f7
        Sun Jan 21 05:47:39 2018 us=615403 tls-crypt unwrap error: packet authentication failed
        Sun Jan 21 05:47:39 2018 us=615403 TLS Error: tls-crypt unwrapping failed from [AF_INET]64.53.xxx.xxx:1194

        edit:
        example the yellow and red lines reversed - see attached

        swaplines.png
        swaplines.png_thumb

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • A
          albgen
          last edited by

          hi all,

          attached my server config.

          What i changed for example is the firt letter of the tls.key file on the client.

          2048 bit OpenVPN static key

          –---BEGIN OpenVPN Static key V1-----
          afddf...

          TO

          2048 bit OpenVPN static key

          -----BEGIN OpenVPN Static key V1-----
          bfddf...

          ![Config Server1.png](/public/imported_attachments/1/Config Server1.png)
          ![Config Server1.png_thumb](/public/imported_attachments/1/Config Server1.png_thumb)
          ![Config Server2.png](/public/imported_attachments/1/Config Server2.png)
          ![Config Server2.png_thumb](/public/imported_attachments/1/Config Server2.png_thumb)
          ![Config Server3.png](/public/imported_attachments/1/Config Server3.png)
          ![Config Server3.png_thumb](/public/imported_attachments/1/Config Server3.png_thumb)
          ![Config Server4.png](/public/imported_attachments/1/Config Server4.png)
          ![Config Server4.png_thumb](/public/imported_attachments/1/Config Server4.png_thumb)
          ![Config Server5.png](/public/imported_attachments/1/Config Server5.png)
          ![Config Server5.png_thumb](/public/imported_attachments/1/Config Server5.png_thumb)
          ![Config Server6.png](/public/imported_attachments/1/Config Server6.png)
          ![Config Server6.png_thumb](/public/imported_attachments/1/Config Server6.png_thumb)
          ![Config Server7.png](/public/imported_attachments/1/Config Server7.png)
          ![Config Server7.png_thumb](/public/imported_attachments/1/Config Server7.png_thumb)

          1 Reply Last reply Reply Quote 0
          • A
            albgen
            last edited by

            @johnpoz:

            What exactly did you change?

            I moved a line around and get this error when trying to connect…

            Sun Jan 21 05:47:39 2018 us=615403 TLS: Initial packet from [AF_INET]64.53.xxx.xxx:1194, sid=bc91f4c8 763844f7
            Sun Jan 21 05:47:39 2018 us=615403 tls-crypt unwrap error: packet authentication failed
            Sun Jan 21 05:47:39 2018 us=615403 TLS Error: tls-crypt unwrapping failed from [AF_INET]64.53.xxx.xxx:1194

            edit:
            example the yellow and red lines reversed - see attached

            i have changed half of the key file with random numbers and than i get the following error which actually is different from you error:

            Sun Jan 21 15:44:33 2018 TLS Error: local/remote TLS keys are out of sync:…

            The problem is that being a key, even a change one single bit should give errors instead it is not.
            No idea whats happening but it is concerning me a lot

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              I am not an expert but I do believe there is padding on the front and end of the key as presented, I don' think changing the first character is going to mess it up… Change a character in the middle.

              So I changed a 3 in the middle of the presented "key" to a 2 and get this error

              Sun Jan 21 09:20:38 2018 us=256706 TLS Error: local/remote TLS keys are out of sync: [AF_INET]64.53.xxx.xxx:1194
              Sun Jan 21 09:20:48 2018 us=886641 TLS Error: local/remote TLS keys are out of sync: [AF_INET]64.53.xxx.xxx:1194

              Maybe someone with more indepth understanding of the makeup of the key as presented can chime in.. Guess I could hunt down the rfc on the makeup, etc..  But I do know there is padding put in that could account for your changing of a character or beginning or end might not really cause an issue with the actual key being used.

              edit:  Take a look here
              http://lapo.it/asn1js/

              So the "key" is not that full thing - its encoded in that block of text… So messing up a character would change the encoding of something sure but maybe not the actual "key" part..  You could play around with a parser of the encoding and decoding above..  to see what I am talking about.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • A
                albgen
                last edited by

                @johnpoz:

                I am not an expert but I do believe there is padding on the front and end of the key as presented, I don' think changing the first character is going to mess it up… Change a character in the middle.

                So I changed a 3 in the middle of the presented "key" to a 2 and get this error

                Sun Jan 21 09:20:38 2018 us=256706 TLS Error: local/remote TLS keys are out of sync: [AF_INET]64.53.xxx.xxx:1194
                Sun Jan 21 09:20:48 2018 us=886641 TLS Error: local/remote TLS keys are out of sync: [AF_INET]64.53.xxx.xxx:1194

                Maybe someone with more indepth understanding of the makeup of the key as presented can chime in.. Guess I could hunt down the rfc on the makeup, etc..  But I do know there is padding put in that could account for your changing of a character or beginning or end might not really cause an issue with the actual key being used.

                edit:  Take a look here
                http://lapo.it/asn1js/

                So the "key" is not that full thing - its encoded in that block of text… So messing up a character would change the encoding of something sure but maybe not the actual "key" part..  You could play around with a parser of the encoding and decoding above..  to see what I am talking about.

                padding has nothing to do. Being a key, as said previously, even if you change a single bit it must not work because means it's another key. I have changed one char which means 4 bit! There is something else.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  "padding has nothing to do. Being a key, "

                  Like I said I do not believe that the list of characters given are the actual key.. So changing a couple of characters depending on their location may or may not change the actual key as it is decoded from string of text..  ie padding..

                  Maybe someone with better understanding how the key is encoded and decoded from that can explain it too you better.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • A
                    albgen
                    last edited by

                    @johnpoz:

                    "padding has nothing to do. Being a key, "

                    Like I said I do not believe that the list of characters given are the actual key.. So changing a couple of characters depending on their location may or may not change the actual key as it is decoded from string of text..  ie padding..

                    Maybe someone with better understanding how the key is encoded and decoded from that can explain it too you better.

                    There is no encoding on the key, no padding and nothing else! It is a KEY!
                    Read online what does that "2048 bit OpenVPN static key" means!

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      "There is no encoding on the key, no padding and nothing else! It is a KEY!"

                      Where did you read that at exactly???

                      An OpenVPN static key file contains enough entropy to key both a 512 bit cipher key and a 512 bit HMAC key for authentication.

                      Here
                      https://openvpn.net/index.php/open-source/faq/77-server/327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key.html

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      1 Reply Last reply Reply Quote 0
                      • A
                        albgen
                        last edited by

                        @johnpoz:

                        "There is no encoding on the key, no padding and nothing else! It is a KEY!"

                        Where did you read that at exactly???

                        An OpenVPN static key file contains enough entropy to key both a 512 bit cipher key and a 512 bit HMAC key for authentication.

                        Here
                        https://openvpn.net/index.php/open-source/faq/77-server/327-changed-hex-bytes-in-the-static-key-the-key-still-connects-to-a-remote-peer-using-the-original-key.html

                        On the same page that you posted. First line is the cipher. i'm changing the first char on the first line so it is a different cipher and the difference is 4 bit. How come that if i change the cipher, still works?!?
                        This has something to do with how it is implemented on OpenVPN or a bug or maybe a feature :P.

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          are you using auth or crypt.. Did you check it with the commands given?  If your using auth your using a key direction, etc.

                          So if you read that how is it stated its the KEY ;)  and there is not padding, etc.. When clearly that faq shows what I was talking about.

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                          1 Reply Last reply Reply Quote 0
                          • A
                            albgen
                            last edited by

                            @johnpoz:

                            are you using auth or crypt.. Did you check it with the commands given?  If your using auth your using a key direction, etc.

                            So if you read that how is it stated its the KEY ;)  and there is not padding, etc.. When clearly that faq shows what I was talking about.

                            yes of course it is like you said and in fact you posted a javascript decoder :D

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              Here I created this key and started openvpn with higher verb to see the stuff in the log..

                              2048 bit OpenVPN static key

                              –---BEGIN OpenVPN Static key V1-----
                              0c744bab82db8b9005594629e0d3dc20
                              e5385b10371707b97b2fd143bfbfea48
                              3f066d2e336ba72df5271b2ae9397ecf
                              9024093516b0b8592dd2f71db4030384
                              b62e13935ac94d5939051f110c23022a
                              8400eb7acf7e118a3a48e37fd778e3e4
                              f051edb02b693938f86d456462556b71
                              dd352e3ed0bd6a28a9204f836828db7a
                              5881431ee57d0a513a7eb2d933af1872
                              43338f9d7af296a3b0e903833c18499c

                              78f0eaef9d53512ee5261e222d217e8c
                              dfea6434d126a004ccf38886bdc58d78
                              4ed4cd50ccf87237913121e9592a36c8
                              8d3b0a0efbed91270b4fd0df37314550
                              b9f39f6166784bde212d5048ff262452
                              89013f096d5a96bc722952f48daaad34
                              –---END OpenVPN Static key V1-----

                              Jan 21 11:55:52 openvpn 18141 Incoming Control Channel Encryption: HMAC size=32 block_size=32
                              Jan 21 11:55:52 openvpn 18141 Incoming Control Channel Encryption: HMAC KEY: 4ed4cd50 ccf87237 913121e9 592a36c8 8d3b0a0e fbed9127 0b4fd0df 37314550
                              Jan 21 11:55:52 openvpn 18141 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
                              Jan 21 11:55:52 openvpn 18141 Incoming Control Channel Encryption: CIPHER block_size=16 iv_size=16
                              Jan 21 11:55:52 openvpn 18141 Incoming Control Channel Encryption: CIPHER KEY: 5881431e e57d0a51 3a7eb2d9 33af1872 43338f9d 7af296a3 b0e90383 3c18499c
                              Jan 21 11:55:52 openvpn 18141 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
                              Jan 21 11:55:52 openvpn 18141 Outgoing Control Channel Encryption: HMAC size=32 block_size=32
                              Jan 21 11:55:52 openvpn 18141 Outgoing Control Channel Encryption: HMAC KEY: b62e1393 5ac94d59 39051f11 0c23022a 8400eb7a cf7e118a 3a48e37f d778e3e4
                              Jan 21 11:55:52 openvpn 18141 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
                              Jan 21 11:55:52 openvpn 18141 Outgoing Control Channel Encryption: CIPHER block_size=16 iv_size=16
                              Jan 21 11:55:52 openvpn 18141 Outgoing Control Channel Encryption: CIPHER KEY: 0c744bab 82db8b90 05594629 e0d3dc20 e5385b10 371707b9 7b2fd143 bfbfea48
                              Jan 21 11:55:52 openvpn 18141 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

                              Looks like the incoming is not the first part of the block, that is outgoing..

                              So are you using just auth or crypt.. With auth cipher is not even used only the HMAC would be used, etc.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                              1 Reply Last reply Reply Quote 0
                              • PippinP
                                Pippin
                                last edited by

                                Edit:
                                Deleted, I should pay attention  :o

                                I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                                Halton Arp

                                1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator
                                  last edited by

                                  No that is not actually true Pippin, with tls-crypt the key is used… While I agree with you that with NCP the cipher will will be negotiated.  That does not remove the part about using tls-crypt and using the correct key from the ta.key file, etc.

                                  Working out which exact key from the block of info that makes up the actual key block is the part that is a bit tricky..  I knew that block was not the whole key, etc.  I knew the hmac was in there as well... I worded as padding, which might of been a bit off..

                                  The link I posted shows the details of what I was trying to get across..

                                  I use NCP... But if I mess with the portion of that shared key file that is actually being used then you can not get in, etc.

                                  And I end up using 128 GCM connection.. Which is what I wanted and is top of the list in the ncp settings, etc.

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                  1 Reply Last reply Reply Quote 0
                                  • PippinP
                                    Pippin
                                    last edited by

                                    Ah, in between posts  :)

                                    I see he uses SHA1 160 bit.
                                    So if he edit the file and changes the not used bits, it will still connect.

                                    I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
                                    Halton Arp

                                    1 Reply Last reply Reply Quote 0
                                    • P
                                      pwood999
                                      last edited by

                                      Does this help ?  https://openmaniak.com/openvpn_static.php

                                      ![Screen Shot 2018-01-25 at 12.23.54.png](/public/imported_attachments/1/Screen Shot 2018-01-25 at 12.23.54.png)
                                      ![Screen Shot 2018-01-25 at 12.23.54.png_thumb](/public/imported_attachments/1/Screen Shot 2018-01-25 at 12.23.54.png_thumb)

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.