[Openvpn-users] Reneg-sec in peer-fingerprint mode

Sun, 16 May 2021 02:37:11 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

in peer-fingerprint mode during --reneg-sec cycle, there appears to be
an uneven round of TLS-Verify taking place.

On the server I see two rounds of verify, on the client I see three rounds.
The configs are more or less generic, the only exception being that the server
has a script configured for --tls-verify

I am only curious, if this is meant to be the case ?

Logs at verb 4:


* Server

2021-05-16 10:05:52 us=351436 arch/10.10.201.226:36798 TLS: soft reset 
sec=3517/3517 bytes=4666/-1 pkts=118/0

Ignoring unknown option: CN
<EXOK> * EasyTLS-verify  ==> Recognised Client cert serial
2021-05-16 10:05:52 us=381536 arch/10.10.201.226:36798 VERIFY SCRIPT OK: 
depth=0, CN=arch
2021-05-16 10:05:52 us=381629 arch/10.10.201.226:36798 VERIFY OK: depth=0, 
CN=arch

Ignoring unknown option: CN
<EXOK> * EasyTLS-verify  ==> Recognised Client cert serial
2021-05-16 10:05:52 us=388179 arch/10.10.201.226:36798 VERIFY SCRIPT OK: 
depth=0, CN=arch
2021-05-16 10:05:52 us=388260 arch/10.10.201.226:36798 VERIFY OK: depth=0, 
CN=arch
2021-05-16 10:05:52 us=388972 arch/10.10.201.226:36798 peer info: IV_VER=2.6_git


* Client

2021-05-16 10:05:52 us=286687 VERIFY OK: depth=0, CN=wiscii
2021-05-16 10:05:52 us=290195 VERIFY OK: depth=0, CN=wiscii
2021-05-16 10:05:52 us=291238 VERIFY OK: depth=0, CN=wiscii
2021-05-16 10:05:52 us=312385 WARNING: 'link-mtu' is used inconsistently, 
local='link-mtu 1557', remote='link-mtu 1558'


Thanks
R

-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJgoOdPACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ3uoggAtFQouClYwW8vhDIZTpAZWh+muJVlZfUNMK4NgOss17+hGuJF
yaK3yTOn0XIuHBnxb/c9wolzrWqWltp590nOUbn8uJOvJkZixVnnQ8hRxel6
/l2MSMZOEkpqdvnQDD7ahk0DCMTCx0bpTo3XgX+ULovyf/Y9G6u+D+FL/VWa
1PSBD+JcyNcHM0ija7Hynh43N+u3q1EB5mbOdQq7jgvQbb94mdrbgDtgTtrb
k1j52kYcDcDENskf1YoVmaR87prfeOvCRUCXjUGeQEg43+JmSgnqK9Rdjrus
zrT3lZpsJTqCTn3aiCXpcjT3rSZ5nBIveSlCW0tgz9TAcURJWV0k4w==
=CkwG
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to