Balena OpenVPN TLS Version

Hi,

We are validating some requirements on our devices, and one of them is the usage of TLSv1.2 for secure communication. We can verify that communication with Balena API uses TLSv1.2, but we cannot verify the same for Balena VPN…

The command that runs OpenVPN does not specify a minimum TLS version and in Wireshark we only see traffic as SSL. In the documentation about security, it says that the Balena VPN uses TLS, but does not specify a version…

Do you have any document that can show this or any way for us to check on the device side?

Regards

Hi,

The TLS version depends on the version of SSL available for your device. Running journalctl -au openvpn | grep TLS | tail -n1 in the HostOS shell will reveal the version for yours. For example, on an RPi 3 I have running, the result is Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA

John

Hi John,

Thanks for you response, we are running on Intel-NUC image and if I run the command above from the Host OS, I get:

And this is the output of the full command:

We are using latest OS and supervisor for this device:

Any ideas why the command will not show anything?

Hi,

Can you confirm that status of openvpn with systemctl status openvpn? Did you by any chance disable VPN in the Device Configuration menu?

John

Hi,

This is the output of the systemctl command:

image1208×404 114 KB

And this is the device configuration… everything looks standard there:

image1456×364 34.4 KB

Thanks!

Hi,

Can you try restarting openvpn with a systemctl restart openvpn and then run journalctl -au openvpn | grep TLS | tail -n1 again?

John

Hi @jtonello,

Thanks is showing up now

image756×127 19.9 KB