This section describes how OpenVPN peers generate and exchange key material necessary for the security operations performed on data channel packets.
The key generation and exchange process between OpenVPN client and server occurs every time data channel security parameters are negotiated, for example during the initial setup of a VPN tunnel or when the active security parameters expire. In source code terms, this is when a new key_state structure is initialized.
OpenVPN supports two different ways of generating and exchanging key material between client and server. These are known as key method 1 and key method 2. Key method 2 is the recommended method. Both are explained below.
Key method 2 key expansion is performed by the
generate_key_expansion() function. Please refer to its source code for details of the key expansion process.
OpenVPN uses the either the OpenSSL library or the PolarSSL library as its source of random material.
In OpenSSL, the
RAND_bytes() function is called to supply cryptographically strong pseudo-random data. The following links contain more information on this subject:
In PolarSSL, the Havege random number generator is used. For details, see the PolarSSL documentation.
The key exchange process is initiated by the OpenVPN process running in client mode. After the initial three-way handshake has successfully completed, the client sends its share of random material to the server, after which the server responds with its part. This process is depicted below:
Client Client Server Server State Action Action State ---------- -------------------- -------------------- ---------- ... waiting until three-way handshake complete ... S_START S_START key_method_?_write() send to server --> --> --> --> receive from client S_SENT_KEY key_method_?_read() S_GOT_KEY key_method_?_write() receive from server <-- <-- <-- <-- send to client key_method_?_read() S_SENT_KEY S_GOT_KEY ... waiting until control channel fully synchronized ... S_ACTIVE S_ACTIVE
For more information about the client and server state values, see the Control Channel Processor module.
Depending on which key method is used, the
? in the function names of the diagram above is a
1 or a
2. For example, if key method 2 is used, that key exchange would be started by the client calling
key_method_2_write(). These functions are called from the Control Channel Processor module's
tls_process() function and control the key generation and exchange process as follows:
The OpenVPN client and server communicate with each other through their control channel. This means that all of the data transmitted over the network, such as random material for key generation, is encapsulated in a TLS layer. For more details, see the Control Channel TLS module documentation.