Community discussions

MikroTik App
 
ros44
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Sun Feb 25, 2018 2:05 am
Location: Sofia, Bulgaria

OpenVPN auth. is always null-digest

Tue Feb 13, 2024 10:48 am

Hello,

RouterOS 7.13.3 and 7.13.4 (updated today) always show null-digest as auth. algorithm for connected users no matter the selected auth option(s). I've tested a lot of option combinations, enabled OpenVPN debugging and "verb 4" on the client and I cannot figure out if this is a bug or no auth. algorithm is actually used all the time. All the time is in bold because I've never seen the router with the 7.13 showing anything else than null-digest.

At the same time in RouterOS 6.46.8 I see "AES-256-CBC/SHA1".

Can anyone suggest an idea?

OpenVPN null-digest.png
You do not have the required permissions to view the files attached to this post.
 
optio
Forum Veteran
Forum Veteran
Posts: 948
Joined: Mon Dec 26, 2022 2:57 pm

Re: OpenVPN auth. is always null-digest  [SOLVED]

Tue Feb 13, 2024 12:37 pm

Digest (Auth) is not used for GCM ciphers (always null), imho Auth selection should be disabled in window form when only GCM ciphers are selected to avoid confusion.
 
ros44
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 85
Joined: Sun Feb 25, 2018 2:05 am
Location: Sofia, Bulgaria

Re: OpenVPN auth. is always null-digest

Wed Feb 14, 2024 12:03 am

@optio, thank you for your time and your reply. After your reply I had another question and this is what I've found. Thanks again!

When using Galois/Counter Mode (GCM) ciphers with OpenVPN, authentication is performed using the Galois Message Authentication Code (GMAC), which is integrated into the encryption process. Therefore, no separate digest or authentication mechanism is used; it is inherently included in the GCM encryption. As a result, the authentication parameter in the OpenVPN configuration (auth) for GCM ciphers is always set to null.

Who is online

Users browsing this forum: MaxwellsEq and 62 guests