In the last version of OpenVPN, 2.4.0, the tls-crypt functionality was added, which adds encryption to the control channel and adds more security for the user.
When I enable it on both the server (ubuntu-linux) and the client (LEDE Reboot SNAPSHOT r2815) the client doesn't apply the 'option tls_crypt" option in the openvpn client configuration.
I've tried it with the Android app and a windows client and it works perfectly, so I guess it must be a LEDE code problem.
If you need any help testing I'll gladly help.
Thank you very much and keep up with the good work!
Apparently the updates to the OpenVPN init script got lost between the initial 2.4_rc1 patch [1] and the final 2.4.0 version, so LEDE doesn't apply any of the new options introduced, like tls-crypt. I've prepared a patch to fix this, you can wait for that to be considered and the OpenVPN packages to be rebuilt, or try editing /etc/init.d/openvpn and adding the options as was done in the 2.4_rc1 patch (look at changes to openvpn.init).
You can follow the Git changelog [1], and look for my patch [2] (or something similar, if it needs reworking). Once it has been applied to master, buildbot will include the fix the next time the OpenVPN packages are built. Note that it probably won't be included in the first 17.01 test build, so you may have to stick to snapshots for now (which I suppose you are already using).
I already upgraded all my clients windows/android/linux to use AES-256-GCM and tls-crypt
but on LEDE it just doesn't work. the tls-crypt is ignored.
Since I would love to deploy all routers on their physical locations with a fully working openvpn 2.4.0
I really hope someone who knows how to fix it will do it any time soon.
I checked the gitlog but thus far no one committed a fix.
hi,
is there a solution for that issue if one doesnt want to re-build lede /openwrt from sources? I have latest stable version with openvpn 2.4.5. and getting error ```
Thu Feb 7 01:40:07 2019 daemon.err openvpn(vpnserver)[21490]: tls-crypt unwrap error: packet too short
Thu Feb 7 01:40:07 2019 daemon.err openvpn(vpnserver)[21490]: TLS Error: tls-crypt unwrapping failed from [AF_