Bug with Windows v2.5 rc3 client

Weekly dev snapshots are available for testing.
We talk about them here. Testing features in the dev snapshot helps the features make it to stable.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please report your experience with testing branch. Include what you were using and how
If there is a problem, the more info the better!
Post Reply
nickh
OpenVPN User
Posts: 29
Joined: Sun Mar 02, 2014 1:25 pm

Bug with Windows v2.5 rc3 client

Post by nickh » Tue Oct 20, 2020 4:38 pm

I've just noticed that using 2.5rc3 Win10 x64 seems to be producing an erroneous error log in an OpenVPN server using openvpn-2.4.9-1.el7.x86_64. On the server logs I am now seeing:

Code: Select all

Tue Oct 20 17:21:55 2020 172.17.2.123:49159 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
The client config is:
Client config
1
client
2
remote example.net 1194
3
dev tun
4
proto udp
5
resolv-retry infinite
6
nobind
7
persist-key
8
persist-tun
9
ca ca-cert.pem
10
cert client-ourfamily-cert.pem
11
key client-ourfamily-key.pem
12
ns-cert-type server
13
comp-lzo
14
verb 3


And the server config is:
Server config
1
port 1194
2
proto udp
3
dev tun
4
ca /etc/pki/CA/ca-cert.pem
5
cert /etc/pki/CA/sys-0-cert.pem
6
key /etc/pki/CA/private/sys-0-key.pem
7
dh /etc/openvpn/ssl/dh1024.pem
8
server 172.17.0.0 255.255.255.0
9
keepalive 10 120
10
compress stub-v2
11
push "compress stub-v2"
12
user nobody
13
group nobody
14
multihome
15
persist-key
16
persist-tun
17
ifconfig-pool-persist /var/lib/openvpn/ipp.txt 120
18
status /var/lib/openvpn/openvpn-status.log
19
verb 3
20
push "dhcp-option DNS 172.17.2.1"
21
push "dhcp-option DOMAIN example.com"
22
management 127.0.0.1 5555
23
log-append /var/log/openvpn
24
crl-verify /etc/pki/CA/crl/crl.pem
25
route 172.17.3.0 255.255.255.0
26
client-config-dir ccd
27
client-to-client
28
push "dhcp-option WINS 172.17.2.1"
29
push "route 172.17.2.0 255.255.255.0"
30
push "route 172.17.3.0 255.255.255.0"


I also note I still get the warning:

Code: Select all

WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
I thought --ns-cert-type was going to be removed in 2.5 (but I am very glad it has not been)
Last edited by Pippin on Tue Oct 20, 2020 4:49 pm, edited 1 time in total.
Reason: Formatting

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bug with Windows v2.5 rc3 client

Post by TinCanTech » Tue Oct 20, 2020 5:04 pm

nickh wrote:
Tue Oct 20, 2020 4:38 pm
OpenVPN server using openvpn-2.4.9-1.el7.x86_64. On the server logs I am now seeing:

Code: Select all

Tue Oct 20 17:21:55 2020 172.17.2.123:49159 WARNING: 'cipher' is present in local config but missing in remote config, local='cipher BF-CBC'
BF-CBC is the default --cipher in 2.4 and --cipher has been replaced with --data-ciphers in 2.5 .. So the message is actually correct .. The plan is to have everybody move to 2.5 for the new features.

nickh
OpenVPN User
Posts: 29
Joined: Sun Mar 02, 2014 1:25 pm

Re: Bug with Windows v2.5 rc3 client

Post by nickh » Tue Oct 20, 2020 5:17 pm

I am confused. Doesn't it autonogotiate? Mine goes to:

Code: Select all

Tue Oct 20 17:21:56 2020 ourfamily/172.17.2.123:49159 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Oct 20 17:21:56 2020 ourfamily/172.17.2.123:49159 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
What then is there to upgrade?

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Bug with Windows v2.5 rc3 client

Post by TinCanTech » Tue Oct 20, 2020 5:48 pm

nickh wrote:
Tue Oct 20, 2020 5:17 pm
I am confused. Doesn't it autonogotiate?
Yes it does.
nickh wrote:
Tue Oct 20, 2020 5:17 pm
What then is there to upgrade?
Your server, when 2.5 is officially released.

Post Reply