My client log shows following warnings.
Code: Select all
Thu May 11 11:37:03 2023 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1554', remote='link-mtu 1550'
Thu May 11 11:37:03 2023 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth [null-digest]'
Thu May 11 11:37:03 2023 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Thu May 11 11:57:46 2023 AEAD Decrypt error: bad packet ID (may be a replay): [ #9124 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Code: Select all
port 3300
proto udp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
##dh /etc/openvpn/dh.pem # We are using ec algorithm so we do not need DH
dh none
server 10.10.10.0 255.255.255.0
mode server
push "redirect-gateway def1"
#push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
#push "dhcp-option DNS 8.8.4.4"
#push "dhcp-option DNS 8.8.8.8"
client-config-dir /etc/openvpn/ccd # for fixed ip assigning for client
ifconfig-pool-persist /etc/openvpn/ipp.txt #log previous ip of cliemt
##tls-auth ta.key 0 # This file is secret for tls-auth
##tls-crypt tc.key # This file is secret for tls-crypt=v1
tls-crypt-v2 /etc/openvpn/server/tc.pem # This file is secret for tls-crypt=v2
auth sha256
##key-direction 0 <== bidirection traffic and this parameter does not required if using tlc-crypt
#cipher AES-256-CBC
tls-server
data-ciphers AES-256-GCM:AES-256-CBC
client-to-client # if you would like connecting clients to be able to reach each other over the VPN
#duplicate-cn # disble it if we are using one config for one client
keepalive 10 120
comp-lzo no
compress
user nobody
group nobody # old_version_ubuntu and latest redhat
#group nogroup #latest version ubuntu
persist-key
persist-tun
tun-mtu 1500
mtu-disc yes
crl-verify crl.pem # if using revoke cert
explicit-exit-notify 1 # if using UDP protocol use 1 or for tcp use 0 tcp does not need to be notify for restart
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 4
mute 20
Code: Select all
client
dev tun
proto udp
remote x.x.x.x 3300 #This is serve IP
resolv-retry infinite
nobind
persist-key
persist-tun
#cipher cipher AES-256-GCM
data-ciphers AES-256-GCM:AES-256-CBC
auth sha256
remote-cert-tls server
##key-direction 1 <== bidirection traffic and this parameter does not requied if using tlc-crypt
#comp-lzo
comp-lzo no
compress
auth-nocache
verb 4