OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Bug with Windows v2.5 rc3 client

https://forums.openvpn.net/viewtopic.php?t=31152

Page 1 of 1

Bug with Windows v2.5 rc3 client

Posted: Tue Oct 20, 2020 4:38 pm
by nickh
I've just noticed that using 2.5rc3 Win10 x64 seems to be producing an erroneous error log in an OpenVPN server using openvpn-2.4.9-1.el7.x86_64. On the server logs I am now seeing:

Code: Select all

Tue Oct 20 17:21:55 2020 172.17.2.123:49159 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
The client config is:
Client config
client
remote example.net 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-ourfamily-cert.pem
key client-ourfamily-key.pem
ns-cert-type server
comp-lzo
verb 3


And the server config is:
Server config
port 1194
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 172.17.0.0 255.255.255.0
keepalive 10 120
compress stub-v2
push "compress stub-v2"
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
status /var/lib/openvpn/openvpn-status.log
verb 3
push "dhcp-option DNS 172.17.2.1"
push "dhcp-option DOMAIN example.com"
management 127.0.0.1 5555
log-append /var/log/openvpn
crl-verify /etc/pki/CA/crl/crl.pem
route 172.17.3.0 255.255.255.0
client-config-dir ccd
client-to-client
push "dhcp-option WINS 172.17.2.1"
push "route 172.17.2.0 255.255.255.0"
push "route 172.17.3.0 255.255.255.0"


I also note I still get the warning:

Code: Select all

WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
I thought --ns-cert-type was going to be removed in 2.5 (but I am very glad it has not been)

Re: Bug with Windows v2.5 rc3 client

Posted: Tue Oct 20, 2020 5:04 pm
by TinCanTech
nickh wrote:
Tue Oct 20, 2020 4:38 pm
 OpenVPN server using openvpn-2.4.9-1.el7.x86_64. On the server logs I am now seeing:

Code: Select all

Tue Oct 20 17:21:55 2020 172.17.2.123:49159 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
BF-CBC is the default --cipher in 2.4 and --cipher has been replaced with --data-ciphers in 2.5 .. So the message is actually correct .. The plan is to have everybody move to 2.5 for the new features.

Re: Bug with Windows v2.5 rc3 client

Posted: Tue Oct 20, 2020 5:17 pm
by nickh
I am confused. Doesn't it autonogotiate? Mine goes to:

Code: Select all

Tue Oct 20 17:21:56 2020 ourfamily/172.17.2.123:49159 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Oct 20 17:21:56 2020 ourfamily/172.17.2.123:49159 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
What then is there to upgrade?

Re: Bug with Windows v2.5 rc3 client

Posted: Tue Oct 20, 2020 5:48 pm
by TinCanTech
nickh wrote:
Tue Oct 20, 2020 5:17 pm
 I am confused. Doesn't it autonogotiate?
Yes it does.
nickh wrote:
Tue Oct 20, 2020 5:17 pm
 What then is there to upgrade?
Your server, when 2.5 is officially released.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/