[OPENVPN] Cipher 'AES-256-GCM' mode not supported

[not24get]

Hello,

I have a problem on two OPNsense system.

I try to improve speed of existing openvpn connexion between these two OPNsense.

The VPN was using "AES-128-CBC" cipher, I want to use the "AES-256-GCM" cipher.

The first system is based on an Asrack C2550d4i.

The second is based on a KVM virtual machine, host has also an Atom C2550 processor, and the AES-NI is passed to the guest.

On the two system, I enable the AES-NI :

dmesg | grep AESNI
Features2=0xc3f82203<SSE3,PCLMULQDQ,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,RDRAND,HV>

dmesg | grep AESNI
Features2=0x43d8e3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,TSCDLT,AESNI,RDRAND>

Without AES-NI, I can't use the AES-GCM cipher :

/usr/local/bin/openssl speed -elapsed aes-256-gcm
Error: bad option or value

But with, It work, like expected :

/usr/local/bin/openssl speed -elapsed -evp aes-256-gcm
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-gcm for 3s on 16 size blocks: 19482378 aes-256-gcm's in 3.01s
Doing aes-256-gcm for 3s on 64 size blocks: 9111617 aes-256-gcm's in 3.04s
Doing aes-256-gcm for 3s on 256 size blocks: 2900328 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 805390 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 106650 aes-256-gcm's in 3.02s
OpenSSL 1.0.2m  2 Nov 2017
built on: reproducible build, date unspecified
options:bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) 
compiler: cc -I. -I.. -I../include  -fPIC -DOPENSSL_PIC -DOPENSSL_THREADS -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -O3 -Wall -O2 -pipe  -fPIE -fPIC -Werror -Qunused-arguments -fstack-protector -fno-strict-aliasing -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
aes-256-gcm     103636.13k   191882.69k   247494.66k   274906.45k   289716.66k

So in the Openvpn config, I enable the "Hardware Crypto" to "Intel RDRAND engine - RAND", but OPENVPN said the cipher is not supported :

Nov 26 14:49:57 | openvpn[68563]: Exiting due to fatal error
Nov 26 14:49:57 | openvpn[68563]: Cipher 'AES-256-GCM' mode not supported
Nov 26 14:49:57 | openvpn[68563]: Initializing OpenSSL support for engine 'rdrand'
Nov 26 14:49:57 | openvpn[68563]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 26 14:49:57 | openvpn[68563]: MANAGEMENT: unix domain socket listening on /var/etc/openvpn/server1.sock
Nov 26 14:49:57 | openvpn[68284]: library versions: OpenSSL 1.0.2m 2 Nov 2017, LZO 2.10
Nov 26 14:49:57 | openvpn[68284]: OpenVPN 2.4.4 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Nov 21 2017
Nov 26 14:49:57 | openvpn[68284]: disabling NCP mode (--ncp-disable) because not in P2MP client or server mode

The Openvpn config file :

cat /var/etc/openvpn/server1.conf 
dev ovpns1
verb 3
dev-type tun
tun-ipv6
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp
cipher AES-256-GCM
auth SHA384
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
local x.172.192.x
engine rdrand
ifconfig 10.0.7.1 10.0.7.2
lport 54165
management /var/etc/openvpn/server1.sock unix
route 10.10.0.0 255.255.0.0
secret /var/etc/openvpn/server1.secret 
comp-lzo no

Sorry for my English and thank's for the help

[fichtner]

If your system supports AES-NI, don't select a crypto engine in OpenSSL and it should work.

[not24get]

Hi, thank's for the reply.

I have test without Hardware Crypto in OpenVPN config and with Cryptographic Hardware Acceleration set to "AES-NI CPU Based Acceleration (aesni)" in System: Settings: Miscellaneous, same problem : "Cipher 'AES-256-GCM' mode not supported".

Vice et versa : with Hardware Crypto to "Intel RDRAND engine - RAND" in OpenVPN config and without Cryptographic Hardware Acceleration in System: Settings: Miscellaneous, same problem : "Cipher 'AES-256-GCM' mode not supported".

Without hardware crypto in both openvpn config, and system settings, same problem.

But in shell, the following command work's :
/usr/local/bin/openssl speed -elapsed -evp aes-256-gcm

System runing up-to-date :
OPNsense 17.7.8-amd64
FreeBSD 11.0-RELEASE-p15
OpenSSL 1.0.2m 2 Nov 2017

Thank's a lot.

[fichtner]

I could reproduce. Which server mode did you configure?

[not24get]

I use the "Peer to Peer ( shared key )" server mode.

[fichtner]

Yes, this does not work. The cipher is TLS-only, you can even see that from the drop down selection. :)

[not24get]

Oh I never see this mention in the drop down selection ! Thank's.

So it will work if I switch to peer to peer SSL/TLS ?

Thank's a lot, and sorry for this mistake !

[fichtner]

From a quick test, all other modes seemed to work ok. No worries. :)

[not24get]

Perfect, it work's !

Thank's

[fichtner]

👍