OpenVPN Support Forum

Posted: **Sat Mar 24, 2018 1:11 pm**

In January 2018 have set up an OpenVPN server on a Linux Ubuntu 16.04 machine at home.
Openvpn reports this version: OpenVPN 2.4.4 x86_64-pc-linux-gnu

It is used by family members to access the home network while traveling.

Now I inspected the logs and found a strange warning as follows:

Code: Select all

IV_GUI_VER=net.openvpn.connect.ios_1.2.7-4
peer info: IV_VER=3.1.2
peer info: IV_PLAT=ios
peer info: IV_NCP=2
info: IV_TCPNL=1
peer info: IV_PROTO=2
peer info: IV_LZO=1
peer info: IV_AUTO_SESS=1
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1525'
WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

Why does this happen and should I be worried?
This is not the case when I connect myself, the warnings come when my brother-in-law connects from an iPad.
I only use Windows and Android devices myself.

The server.conf file has this:

server.conf

port 1191
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0 'nopool'
ifconfig-pool 10.8.0.2 10.8.0.127 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.119.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
max-clients 20
#user openvpn
#group nogroup
persist-key
persist-tun
status /etc/openvpn/log/openvpn-status.log
log /etc/openvpn/log/openvpn.log
verb 4
mute 10
explicit-exit-notify 1
push "explicit-exit-notify 1"
#Testing to use larger buffers for tunnel
push "sndbuf 262144"
push "rcvbuf 262144"

And the client OVPN file has this:

xxx.ovpn

client
dev tun
proto udp
remote vpn.xxxx.com 1191
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
auth-nocache
remote-cert-tls server
key-direction 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
explicit-exit-notify 1

Posted: **Sat Mar 24, 2018 1:19 pm**

BobAGI wrote: ↑
Sat Mar 24, 2018 1:11 pm
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1525'
WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'

--link-mtu is a problem with the MTU code, it is not quite right ..
--cipher is due to negotiated cipher protocol and is a known bug
as openvpn works anyway it is not considered to be important currently.

BobAGI wrote: ↑
Sat Mar 24, 2018 1:11 pm
OpenVPN 2.4.4 x86_64-pc-linux-gnu

2.4.5 is now the official release.

Posted: **Sat Mar 24, 2018 1:35 pm**

TinCanTech wrote: ↑
Sat Mar 24, 2018 1:19 pm
--link-mtu is a problem with the MTU code, it is not quite right ..
--cipher is due to negotiated cipher protocol and is a known bug
as openvpn works anyway it is not considered to be important currently.

Is this a problem on the iOS client side, then?
It looks to come from the client...

TinCanTech wrote: ↑
Sat Mar 24, 2018 1:19 pm

BobAGI wrote: ↑
Sat Mar 24, 2018 1:11 pm
OpenVPN 2.4.4 x86_64-pc-linux-gnu
2.4.5 is now the official release.

I had to go through loops to get the 2.4.4 version on to the Ubuntu server, the official apt-get version was quite older.
I think I had to change server for apt-get if I remember correctly.
Should I try to upgrade?
And can I use apt-get install for that?
(I am currently overseas so I would need to use OpenVPN to access the server in that case)

OpenVPN Support Forum

WARNING: 'cipher' is used inconsistently,

WARNING: 'cipher' is used inconsistently,

Re: WARNING: 'cipher' is used inconsistently,

Re: WARNING: 'cipher' is used inconsistently,