This directory contains a Dockerfile that builds OpenVPN with the OQS OpenSSL 3 provider, which allows openvpn to perform quantum-safe key exchange via TLS 1.3.
Install Docker and run the following commands in this directory:
docker build -t oqs-openvpn ../test.sh
This will create all keys, certificates and configurations for running an openvpn server and client within a docker network performing a quantum-safe key exchange via the Kyber768 (plain and hybrid) algorithm. Any of the other supported quantum safe KEM protocols can be set via the parameter --tls-groups in the server and client startup scripts, e.g., by setting the "TLS_GROUPS" environment variable.
Please note that the test script has only been tested to operate OK on Linux.
Complete information how to use the image is available in the separate file USAGE.md.
The Dockerfile provided allows for some customization of the image built:
This permits changing the build options for the underlying library with the quantum safe algorithms. All possible options are documented here.
By default, the image is built such as to have maximum portability regardless of CPU type and optimizations available, i.e. to run on the widest possible range of cloud machines.
Allow setting parameters to make operation, e.g., '-j nnn' where nnn defines the number of jobs run in parallel during build.
The default is conservative and known not to overload normal machines. If one has a very powerful (many cores, >64GB RAM) machine, passing larger numbers (or only '-j' for maximum parallelism) speeds up building considerably.
Defines the list of QSC KEM algorithms to be supported by default. This value is colon separated and inserted into the system-wide openssl.cnf configuration file defining the behaviour of the OpenSSL3 library embedded into the OpenVPN code base.
The default value is "kyber768:p384_kyber768". Any algorithm name(s) supported by OQS-OpenSSL can be chosen instead.