This is a follow-up to my OpenVPN 2.0 on OpenBSD article.
As OpenBSD users usually care about security here are some ways to improve OpenVPN’s settings taken from http://openvpn.net/howto.html#security.
Dropping priviledges: chroot and nobody
OpenVPN can easily be told to chroot into a given directory. Just include the following statement in your server.conf:
chroot /path/to/chroot
Make sure to include all files in the chroot environment that are accessed after dropping privileges and chrooting. These are the certificate revokation list crl-verify and the client-config-dir. If you do not use a revocation list and have no client-specifc configuration, just add the chroot entry and you are done.
In my case I used:
chroot /var/empty
Further OpenVPN will run as the user nobody after the startup on UNIX systems. Verify this by checking that your server.conf includes these statments:
user nobody
group nobody
tls-auth HMAC
You can add a HMAC signature that will be verified before processing to all UPD packets. According to the HOWTO it can improve security by preventing:
- DoS attacks or port flooding on the OpenVPN UDP port.
- Port scanning to determine which server UDP ports are in a listening state.
- Buffer overflow vulnerabilities in the SSL/TLS implementation.
- SSL/TLS handshake initiations from unauthorized machines (while such handshakes would ultimately fail to authenticate, tls-auth can cut them off at a much earlier point).
In order to use the additional HMAC you need to create a shared secret key.
# openvpn—genkey—secret ta.key
Copy the ta.key file over a secure channel to all clients and the server to the same directory where the other .key files are. Then enable the HMAC in the config file:
#Server
tls-auth ta.key 0
#Clients
tls-auth ta.key 1
Larger keys
While generating the RSA keys whit the easy-rsa scripts you can choose to create larger keys than the default 1024bit by setting KEY_SIZE in the vars file.
Further you can choose a larger symmetric key and another cipher by setting it in the config file on the server and all clients. The following will tell OpenVPN to use 256bit AES:
cipher AES-256-CBC
General key security
Another reasonable step is to keep the root CA key on another machine without network access. This will increase the difficulty of key stealing and key manipulation as somebody with the CA key can generate and sign arbitrary server or client certificates.
Preventing Man in the Middle attacks
As all client certificates are signed by the root CA and a connecting client only checks for a valid certificate, a malicious (but otherwise valid) client could act as a Man in the Middle.
In order to prevent this you can tell all clients to check that the certificate of the server that they are connecting to have the nsCertType=server field in it’s certificate. This is automatically done if you create your certificates with the easy-rsa scripts. So in the client’s configuration set:
ns-cert-type server
The HOWTO lists three further ways to prevent Man in the Middle attacks but this one is the one preferred.
