Probably nothing to do with your problem, but because Tunnelblick's copies
of OpenVPN are statically linked with their own copy of the OpenSSL
libraries, to get the ciphers you must use a command like:
$ cd /Applications/Tunnelblick.app/Contents/Resources/openvpn/openvpn-2.3.6
$ ./openvpn --show-ciphers
On Wed, Apr 15, 2015 at 10:29 AM, Chris Ross <cross+open...@distal.com>
wrote:
>
> > On Apr 15, 2015, at 09:34, Jan Just Keijser <janj...@nikhef.nl> wrote:
> > it's the line
> > SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
> >
> > which is "interesting" here: make sure you use the same set of
> tls-ciphers on both ends. What's in your server and client config ? If
> nothing is specified then it should "just work” .
>
> Right. That’s the line I was noting as well, of course. I followed the
> “openvpn --show-ciphers” advice, and see the same on both. I also tried a
> couple ciphers in both the client and server config files, with no change.
> But the above was with neither file specifying a cipher specifically, thus
> defaulting to BF-CBC.
>
> > Better yet, post your entire (sanitized) server config so we can take a
> look at it. That will help greatly in troubleshooting the issue.
>
> Can do. Hash comments and most of the semi-colon comments removed, my
> main server-side network obscured, this is the server-side config. Thanks
> for your help…
>
>
> - Chris
>
> ————
>
> ;local a.b.c.d
>
> port 1194
> proto tcp
> ;proto udp
>
> ;dev tap
> dev tun
>
> ca cert/distal-ca.crt
> cert cert/distalvpn.crt
> key private/distalvpn.key # This file should be kept secret
>
> dh cert/dh2048.pem
>
> server 10.8.0.0 255.255.255.0
>
> ifconfig-pool-persist ipp.txt
>
> ;push "route 192.168.10.0 255.255.255.0"
> ;push "route 192.168.20.0 255.255.255.0"
> push "route AA.BB.CC.0 255.255.255.0"
>
> keepalive 10 120
>
> ;tls-auth ta.key 0 # This file is secret
>
> ;cipher BF-CBC # Blowfish (default)
> ;cipher AES-128-CBC # AES
> ;cipher DES-EDE3-CBC # Triple-DES
>
> comp-lzo
>
> user nobody
> group nobody
>
> persist-key
> persist-tun
>
> status openvpn-status.log
>
>
>
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
