OpenVPN Clone Server - Cipher Suites and Authentication

[kolpinkb]

Hi,

The recent release of SoftEther VPN server supports additional cipher suites and authentication. See below:

Added the support for TLS 1.2. Added TLS 1.2-based cipher sets: AES128-GCM-SHA256, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-RSA-AES256-SHA384.

Does this update apply to the OpenVPN server clone function as well? When I generate a new example file it doesn't include the new cipher suites and also does not include SHA256. Do I have to manually edit either the exported sample OpenVPN file and/or the SoftEther VPN server main config file?

[moatazelmasry]

Hi there,

the list of Ciphers is hard coded into the code and the sample client configuration.
Theoretically, it is quite easy to add the new ciphers to OpenVPN.

But someone still has to add and test them.

For the moment I created an issue on github:
https://github.com/SoftEtherVPN/SoftEtherVPN/issues/295

And will try to do this myself and create a pull request in the next 1-3 weeks

Cheers,
Moataz

[kolpinkb]

Great! Thanks so much.

Looking forward to testing it out in the next release.

[moatazelmasry]

As far as I understand now, TLS is not supported in the OpenVPN server functionality. So no ciphers could be added.

While tinkering with OpenVPN, I added SHA2 implementation and CAMELLIA cipher suite support
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/309

I still think it would be really nice to add TLS support to OpenVPN. This is not a trivial task though

Cheers