Which config to use?

Which config to use?

A few people have asked which of our OpenVPN configs they should be using, or which one is the most secure? We'll try to answer that here without getting too technical.

We offer four types of configs: RSA, ECC, Ed25519, and Ed448.
We also offer two different protocols for connecting: UDP and TCP.

We'll start with the two protocol options, UDP or TCP.
Some of our clients believe that they should be using the TCP configs because TCP is more reliable than UDP. Normally this is true, but in the case of OpenVPN it's not. When you're connected to a UDP OpenVPN server, your traffic gets wrapped into the VPN tunnel created by OpenVPN. Most likely, the traffic you're generating is already TCP (browsing websites, checking email, etc.) so any integrity checks or retransmissions that need to be done will be handled by your operating system at the TCP level.
OpenVPN also has it's own layer of redundancy checks against VPN traffic that'll ensure the traffic gets to where it needs to go, regardless of UDP's lack of integrity checks.
http://sites.inka.de/~W1011/devel/tcp-tcp.html does a good job of explaining in detail why TCP OpenVPN wouldn't be a good idea. They talk about PPP over TCP, but the same can be applied to OpenVPN over TCP.

So you should be using our UDP configs. The only reason we also offer TCP is for people who are behind such restrictive firewalls that UDP OpenVPN is blocked.

As for the four types of configs and their security level, that depends.

RSA configs are mainly provided to support clients who are still using ancient versions of OpenVPN, ones that don't support ECC. They use 8192-bit RSA. If you've got OpenVPN 2.4.x, you shouldn't use the RSA configs. These configs will work with UDP or TCP ports 1 through 29999, excluding ports 5061 and 5062.

The default ECC configs use the elliptic curve secp521r1, which is 521-bit, or according to https://web.archive.org/web/20090207194412/http://www.nsa.gov/business/programs/elliptic_curve.shtml roughly the same as 15360-bit RSA, or a security level (symmetric key size) of 256-bits. So the default ECC configs would provide the strongest cryptography out of the four. However, secp521r1 is an NIST curve. There was an incident where the NIST allowed the NSA to backdoor the Dual_EC_DRBG algorithm. Most cryptographers agree that secp521r1 is secure, but some people believe that if the NIST was willing to let the NSA do that once, it's possible that they'd do it again in some other fashion.
These configs will work with UDP or TCP ports 1 through 29999, excluding ports 5061 and 5062.

The Ed25519 configs use the Ed25519 curve, which is not an NIST curve. So the NSA's ability to influence aspects of it are highly unlikely. According to https://tools.ietf.org/rfc/rfc8032.txt, Ed25519 operates at the 128-bit security level, or roughly 3072-bit RSA.
These configs will only work with UDP or TCP port 5061.

The Ed448 configs use the Ed448 curve, which is also not an NIST curve. The same rfc8032.txt document above lists Ed448 as operating at the 224-bit security level.
These configs will only work with UDP or TCP port 5062.

 

To summarize, if you don't think the NSA has influenced secp521r1, the default ECC configs would be the strongest option.
If that is a concern for you, Ed448 would be the next best option.
If you care more about speeds than security, Ed25519.
If you're using some ancient version of OpenVPN, you're stuck with RSA.

Keep in mind, that all 4 of those options are considered to be very secure, and will most likely remain very secure for the foreseeable future.
Also that you need at least OpenSSL 1.1.1 and OpenVPN 2.4.3 to use the Ed25519 or Ed448 configs.

Posted on