Description of packet structure in OpenVPN's network protocol.
This document describes the structure of packets exchanged between OpenVPN peers. It is based on the protocol description in the
VPN tunnel packets are transported between OpenVPN peers using the UDP or TCP protocols. Their structure is described below.
The type of a VPN tunnel packet is indicated by its opcode. The following describes the various opcodes available.
OpenVPN uses two different forms of packet identifiers:
The control and data channels use independent packet-id sequences, because the data channel is an unreliable channel while the control channel is a reliable channel. Each use their own independent HMAC keys.
Control channel messages (
P_ACK_* message types) are TLS ciphertext packets which have been encapsulated inside of a reliability layer. The reliability layer is implemented as a straightforward acknowledge and retransmit model.
Acknowledgments of received messages can be encoded in either the dedicated
P_ACK_* record or they can be prepended to a
See the Reliability Layer module for a detailed description.
Control channel packets in ciphertext form consist of the following parts:
session_id(random 64 bit value to identify TLS session).
–tls-authis specified] (usually 16 or 20 bytes).
Note that when
–tls-auth is used, all message types are protected with an HMAC signature, even the initial packets of the TLS handshake. This makes it easy for OpenVPN to throw away bogus packets quickly, without wasting resources on attempting a TLS handshake which will ultimately fail.
Once the TLS session has been initialized and authenticated, the TLS channel is used to exchange random key material for bidirectional cipher and HMAC keys which will be used to secure data channel packets. OpenVPN currently implements two key methods. Key method 1 directly derives keys using random bits obtained from the
rand_bytes() function. Key method 2 mixes random key material from both sides of the connection using the TLS PRF mixing function. Key method 2 is the preferred method and is the default for OpenVPN 2.0+.
The Data channel key generation related page describes the key methods in more detail.
key_source.pre_masteronly defined for client -> server).
The P_DATA_* payload represents encapsulated tunnel packets which tend to be either IP packets or Ethernet frames. This is essentially the "payload" of the VPN. Data channel packets consist of a data channel header, and a payload. There are two possible formats:
key_id, followed by the payload:
[ 5-bit opcode | 3-bit key_id ] [ payload ]
[ 5-bit opcode | 3-bit key_id ] [ 24-bit peer-id ] [ payload ]
See Data Channel Crypto module for details on the data channel payload format.