Re: About Peter Gutmann's critique of CIPE

["James Yonan" <jim,AT,yonan,DOT,net>]

> OpenVPN may have promise, but I haven't used it yet and don't know if it 
> has 
> the same useful combination of features CIPE has (low resource, simple, 
> small, etc.)

OpenVPN is a user-space VPN that is relatively lightweight, simple-to-use,
runs on 7 different OSes including Windows, and uses a high-security crypto
model that so far has stood up well to analysis (even PG couldn't find much
bad to say about it).

In a nutshell I would say that OpenVPN's security model is a mixture of IPSec
ESP and TLS.  A major difference between OpenVPN and CIPE is that OpenVPN
offloads nearly all crypto functions to the OpenSSL library.  

While I would have preferred to use TLS exclusively in OpenVPN, it is not
really suited for IP tunneling because it is designed to operate over reliable
protocols such as TCP.  OpenVPN, like CIPE, tunnels over UDP, though it can
also tunnel over TCP as well.  OpenVPN actually runs TLS over UDP by
implementing a reliability layer for the TLS control channel.  TLS is a fairly
strong, well regarded protocol, easily accessible using the OpenSSL library,
and it seems to be the obvious choice for initial authentication and key
exchange.  For the data channel, OpenVPN uses the core components of the IPSec
ESP protocol, including HMAC-SHA1 authentication, Explicit IV, a 64 bit
sequence number, and replay protection using the sliding-window algorithm to
protect against all known forms of message insertion or modification.  OpenVPN
offers the choice of any cipher or key size supported by the OpenSSL library
including AES-256.

OpenVPN essentially has two separate crypto modes which users can freely
choose between.  One uses pre-shared static keys, the other uses TLS.  There
are benefits and drawbacks to both approaches.  Static keys are easier to
configure but less secure.  TLS offers more security (including "perfect
forward security"), but also requires more configuration and key management. 
The OpenVPN protocol is stateless when run in static key mode, but is stateful
when TLS authentication is enabled.

OpenVPN uses the ubiquitous and generic tun/tap virtual network driver that
exists on most *nix systems as its virtual networking interface.  On Windows,
OpenVPN uses a fork of Damion's windows kernel driver that has a bunch of
modifications including support for the tun/tap virtual networking model, SMP
support, and support for NDIS 5 suspend/resume.  OpenVPN's TAP-Win32 driver is
a tun/tap driver, which exports the same interface as tun/tap drivers on other
platforms.

OpenVPN supports ethernet bridging, point-to-point IP tunnels, dynamic DNS
(both endpoints can have DHCP addresses), and real-time LZO link compression.

OpenVPN doesn't support Windows NT (only 2000 and higher), and because
HMAC-SHA1 authentication is used on every packet, there is slightly more
tunneling overhead.

In general, I would say that the OpenVPN philosophy is to offload the crypto
to the OpenSSL library, offload the virtual networking support to the tun/tap
driver, and then focus the OpenVPN application itself on usability, improving
ease of configuration, and working around internet gotchas such as PMTU black
holes.

One observation I would make is that CIPE is a relatively old project, having
been started at a time when IPSec was impractical, tun/tap drivers did not
exist, and high-quality crypto libraries were either nonexistent or in a
nascent state of development.

Today, many of the functions that CIPE is trying to do, both at the crypto
level and at the networking level, can be done quite well by external,
independently developed libraries and drivers.  IMHO, to avail itself of these
resources would make CIPE a stronger, more lightweight solution.

James Yonan
OpenVPN Developer