Various OpenVPN issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Various OpenVPN issues

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Various OpenVPN issues
Various OpenVPN issues
2023-06-29 12:07:38
Model: Archer AXE300  
Hardware Version:
Firmware Version:

Hi, I'd like to highlight a few issues with OpenVPN I have on TL-Link consumer routers:

 

1. OpenVPN server uses AES-128-CBC encryption. CBC is Broken or Risky Cryptographic Algorithm which is considered a security volnerability. Check CVE-2016-6329 for more details.

Recommendation: Do not use cipher suites that include RC4, MD5, 3DES, DES, DSS, NULL, EXPORT, anon, and CBC.

 

2. My Internet provider (and actually many providers nowadays) offers Carrier-grade NAT (CGNAT). That means that the router doesn't have the public  IPv4 address and is not accessible from intenet using IPv4 address. Router has the public IPv6 address though, but unfortunately router binds all its IP services to IPv4 address only.  As the result VPN and remote management functionality is not available for IPv6 clients. This problem has no workaround currently and I advise to look into in and treat IPv4 and IPv6 addresses in the similar way and offer the same set of IP services.

 

P.S. I wonder if you have any open firmware engineer vacancies so I can help you to improve the configuration UX and available router features. :) 

  1      
  1      
#1
Options