Code: Select all
Tue Oct 20 17:21:55 2020 172.17.2.123:49159 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
Client config
client
remote example.net 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-ourfamily-cert.pem
key client-ourfamily-key.pem
ns-cert-type server
comp-lzo
verb 3
remote example.net 1194
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca-cert.pem
cert client-ourfamily-cert.pem
key client-ourfamily-key.pem
ns-cert-type server
comp-lzo
verb 3
And the server config is:
Server config
port 1194
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 172.17.0.0 255.255.255.0
keepalive 10 120
compress stub-v2
push "compress stub-v2"
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
status /var/lib/openvpn/openvpn-status.log
verb 3
push "dhcp-option DNS 172.17.2.1"
push "dhcp-option DOMAIN example.com"
management 127.0.0.1 5555
log-append /var/log/openvpn
crl-verify /etc/pki/CA/crl/crl.pem
route 172.17.3.0 255.255.255.0
client-config-dir ccd
client-to-client
push "dhcp-option WINS 172.17.2.1"
push "route 172.17.2.0 255.255.255.0"
push "route 172.17.3.0 255.255.255.0"
proto udp
dev tun
ca /etc/pki/CA/ca-cert.pem
cert /etc/pki/CA/sys-0-cert.pem
key /etc/pki/CA/private/sys-0-key.pem
dh /etc/openvpn/ssl/dh1024.pem
server 172.17.0.0 255.255.255.0
keepalive 10 120
compress stub-v2
push "compress stub-v2"
user nobody
group nobody
multihome
persist-key
persist-tun
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
status /var/lib/openvpn/openvpn-status.log
verb 3
push "dhcp-option DNS 172.17.2.1"
push "dhcp-option DOMAIN example.com"
management 127.0.0.1 5555
log-append /var/log/openvpn
crl-verify /etc/pki/CA/crl/crl.pem
route 172.17.3.0 255.255.255.0
client-config-dir ccd
client-to-client
push "dhcp-option WINS 172.17.2.1"
push "route 172.17.2.0 255.255.255.0"
push "route 172.17.3.0 255.255.255.0"
I also note I still get the warning:
Code: Select all
WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.