GXP1625 OpenVPN TLS support


#1

Hi,

I’ve successfully connected my GXP1625 using OpenVPN, but I would like to activate TLS Auth in order to improve security (Adding tls-auth to my server configuration and adding the tls-auth OpenVPN Static key to the phone configuration). Is it possible to do so? If not, is there any possibility of suggesting it as an improvement for future firmware releases?

Thank you in advance.


#2

Hi again,

I’ve seen that GXP 1625 firmware version 1.0.4.140 adds more options to OpenVPN Settings (appreciate it), but I can’t still configure tls-auth (recommended option for hardening OpenVPN).

I have tried to use the " Additional Options" field to add tls-auth support and the ta.key certificate without success. The value I have tried to set to P8460 variable is:

remote-cert-tls+server;<tls-auth>;-----BEGIN+OpenVPN+Static+key+V1-----;<My super secret 2048 bit OpenVPN static key goes here>;-----END+OpenVPN+Static+key+V1-----;</tls-auth>

I can’t send this additional configuration because max allowed length on this variable (P8460) is 512 characters, when a 2048 bit key is already 512 characters long (enable tls and you have run out of space).

Is there any possibility of increasing this max allowed length to P8460 variable or to add tls-auth support as OpenVPN recommends?

Thank you in advance.