link-mtu' is used inconsistently, local='link-mtu 1554

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
scorpoin
OpenVpn Newbie
Posts: 17
Joined: Thu Jan 03, 2019 8:27 am

link-mtu' is used inconsistently, local='link-mtu 1554

Post by scorpoin » Thu May 11, 2023 6:55 am

I having a strange warning messages when I connect ot my openvpn server.

My client log shows following warnings.

Code: Select all

Thu May 11 11:37:03 2023 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1554', remote='link-mtu 1550'
Thu May 11 11:37:03 2023 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth [null-digest]'
Thu May 11 11:37:03 2023 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
Thu May 11 11:57:46 2023 AEAD Decrypt error: bad packet ID (may be a replay): [ #9124 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings

Server_Cofing

Code: Select all

port 3300
proto udp
dev tun
ca  /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
##dh /etc/openvpn/dh.pem # We are using ec algorithm so we do not need DH
dh none
server 10.10.10.0 255.255.255.0
mode server
push "redirect-gateway def1"
#push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.220.220"
push "dhcp-option DNS 208.67.222.222"
#push "dhcp-option DNS 8.8.4.4"
#push "dhcp-option DNS 8.8.8.8"
client-config-dir /etc/openvpn/ccd # for fixed ip assigning for client
ifconfig-pool-persist /etc/openvpn/ipp.txt #log previous ip of cliemt
##tls-auth ta.key 0 # This file is secret for tls-auth
##tls-crypt tc.key # This file is secret for tls-crypt=v1
tls-crypt-v2 /etc/openvpn/server/tc.pem # This file is secret for tls-crypt=v2
auth sha256 
##key-direction 0 <== bidirection traffic and  this parameter does not required if using tlc-crypt
#cipher AES-256-CBC
tls-server
data-ciphers AES-256-GCM:AES-256-CBC
client-to-client # if you would like connecting clients to be able to reach each other over the VPN
#duplicate-cn # disble it if we are using one config for one client
keepalive 10 120
comp-lzo no
compress
user nobody
group nobody # old_version_ubuntu and latest redhat
#group nogroup #latest version ubuntu
persist-key
persist-tun
tun-mtu 1500
mtu-disc yes
crl-verify crl.pem # if using revoke cert
explicit-exit-notify 1 # if using UDP protocol use 1 or for tcp use 0 tcp does not need to be notify for restart
status /var/log/openvpn-status.log
log /var/log/openvpn.log
verb 4
mute 20
Client_Config

Code: Select all

client
dev tun
proto udp
remote x.x.x.x 3300 #This is serve IP
resolv-retry infinite
nobind
persist-key
persist-tun
#cipher cipher AES-256-GCM
data-ciphers AES-256-GCM:AES-256-CBC
auth sha256
remote-cert-tls server
##key-direction 1 <== bidirection traffic and  this parameter does not requied if using tlc-crypt
#comp-lzo
comp-lzo no
compress
auth-nocache
verb 4

zxcgn
OpenVpn Newbie
Posts: 1
Joined: Fri Jun 30, 2023 10:50 am

Re: link-mtu' is used inconsistently, local='link-mtu 1554

Post by zxcgn » Fri Jun 30, 2023 10:33 pm

I had probably same problem. My configuration is different, i am not using compression, i am not setting mtu or auth, it is all default. But when i specified cipher AES-256-GCM on both sides, error messages vanished.
Fri Jun 30 23:47:30 2023 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1420'
Fri Jun 30 23:47:30 2023 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
Fri Jun 30 23:47:30 2023 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'

Post Reply