Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.
Moderators: TinCanTech , TinCanTech , TinCanTech , TinCanTech , TinCanTech , TinCanTech
Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
nickh
OpenVPN User
Posts: 29 Joined: Sun Mar 02, 2014 1:25 pm
Post
by nickh » Tue Oct 20, 2020 4:38 pm
I've just noticed that using 2.5rc3 Win10 x64 seems to be producing an erroneous error log in an OpenVPN server using openvpn-2.4.9-1.el7.x86_64. On the server logs I am now seeing:
Code: Select all
Tue Oct 20 17:21:55 2020 172.17.2.123:49159 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
The client config is:
View Original Client config
19
cert client-ourfamily-cert.pem
21
key client-ourfamily-key.pem
10
cert client-ourfamily-cert.pem
11
key client-ourfamily-key.pem
And the server config is:
View Original Server config
7
ca /etc/pki/CA/ca-cert.pem
9
cert /etc/pki/CA/sys-0-cert.pem
11
key /etc/pki/CA/private/sys-0-key.pem
13
dh /etc/openvpn/ssl/dh1024.pem
15
server 172.17.0.0 255.255.255.0
21
push "compress stub-v2"
33
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
35
status /var/lib/openvpn/openvpn-status.log
39
push "dhcp-option DNS 172.17.2.1"
41
push "dhcp-option DOMAIN example.com"
43
management 127.0.0.1 5555
45
log-append /var/log/openvpn
47
crl-verify /etc/pki/CA/crl/crl.pem
49
route 172.17.3.0 255.255.255.0
55
push "dhcp-option WINS 172.17.2.1"
57
push "route 172.17.2.0 255.255.255.0"
59
push "route 172.17.3.0 255.255.255.0"
4
ca /etc/pki/CA/ca-cert.pem
5
cert /etc/pki/CA/sys-0-cert.pem
6
key /etc/pki/CA/private/sys-0-key.pem
7
dh /etc/openvpn/ssl/dh1024.pem
8
server 172.17.0.0 255.255.255.0
11
push "compress stub-v2"
17
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
18
status /var/lib/openvpn/openvpn-status.log
20
push "dhcp-option DNS 172.17.2.1"
21
push "dhcp-option DOMAIN example.com"
22
management 127.0.0.1 5555
23
log-append /var/log/openvpn
24
crl-verify /etc/pki/CA/crl/crl.pem
25
route 172.17.3.0 255.255.255.0
28
push "dhcp-option WINS 172.17.2.1"
29
push "route 172.17.2.0 255.255.255.0"
30
push "route 172.17.3.0 255.255.255.0"
I also note I still get the warning:
Code: Select all
WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
I thought --ns-cert-type was going to be removed in 2.5 (but I am very glad it has not been)
Last edited by
Pippin on Tue Oct 20, 2020 4:49 pm, edited 1 time in total.
Reason: Formatting
TinCanTech
OpenVPN Protagonist
Posts: 11139 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Oct 20, 2020 5:04 pm
nickh wrote: ↑ Tue Oct 20, 2020 4:38 pm
OpenVPN server using openvpn-2.4.9-1.el7.x86_64. On the server logs I am now seeing:
Code: Select all
Tue Oct 20 17:21:55 2020 172.17.2.123:49159 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
BF-CBC is the default --cipher in 2.4 and --cipher has been replaced with --data-ciphers in 2.5 .. So the message is actually correct .. The plan is to have everybody move to 2.5 for the new features.
nickh
OpenVPN User
Posts: 29 Joined: Sun Mar 02, 2014 1:25 pm
Post
by nickh » Tue Oct 20, 2020 5:17 pm
I am confused. Doesn't it autonogotiate? Mine goes to:
Code: Select all
Tue Oct 20 17:21:56 2020 ourfamily/172.17.2.123:49159 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Oct 20 17:21:56 2020 ourfamily/172.17.2.123:49159 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
What then is there to upgrade?
TinCanTech
OpenVPN Protagonist
Posts: 11139 Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Tue Oct 20, 2020 5:48 pm
nickh wrote: ↑ Tue Oct 20, 2020 5:17 pm
I am confused. Doesn't it autonogotiate?
Yes it does.
nickh wrote: ↑ Tue Oct 20, 2020 5:17 pm
What then is there to upgrade?
Your server, when 2.5 is officially released.