Control: tags -1 moreinfo
Hi Henrik,
The latest version of OpenVPN in Debian/SID repo '2.6.0~git20220518+dco-1'
won't connect due to TLS errors during connection attempts.
Only downgrade to version '2.5.6-1' solves the issue.
Have you followed up on the multiple warnings and notes from the log?
2022-05-29 19:07:47 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but
missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305).
OpenVPN ignores --cipher for cipher negotiations.
2022-05-29 19:08:08 TLS error: Unsupported protocol. This typically
indicates that client and server have no common TLS version enabled.
This can be caused by mismatched tls-version-min and tls-version-max
options on client and server. If your OpenVPN client is between v2.3.6
and v2.3.2 try adding tls-version-min 1.0 to the client configuration to
use TLS 1.0+ instead of TLS 1.0 only
2022-05-29 19:08:08 OpenSSL: error:0A000102:SSL routines::unsupported
protocol
Please also check up on all items in
https://github.com/OpenVPN/openvpn/blob/dco/Changes.rst .
From your working log
2022-05-29 19:14:10 Control Channel: TLSv1, cipher SSLv3
DHE-RSA-AES256-SHA, peer certificate: 2048 bit RSA, signature: RSA-SHA256
TLSv1 means TLSv1.0 means very very deprecated.
I had to blur some characters like IP adresses. Destination is Sophos UTM
Appliances.
Is that Sophos up to date?
Bernhard
