Re: [Openvpn-users] easy-rsa

Mon, 01 Jan 2024 04:57:28 -0800 

Hi,

On 01/01/2024 00:58, Richard Couture wrote:

How do I get rid of these warnings?



as Gert suggested earlier, you are probably creating these warnings by 
messing up with data-ciphers.



Please ensure to have the same data-ciphers directive on both client and 
server. My recommendation would be to not have any data-ciphers* 
directive in any config, and let openvpn do the right thing.


Cheers,


I have not declared link-mtu in either server of client conf

I have not declared auth in either client or server

I have not declared keysize in either client or server

Is script-security 2 relevant in 2.5x?


inconsistently, local='link-mtu 1549', remote='link-mtu 1541'

2023-12-30 13:40:11 187.251.133.221:1194 WARNING: 'auth' is used 
inconsistently, local='auth [null-digest]', remote='auth SHA1'
2023-12-30 13:40:11 187.251.133.221:1194 WARNING: 'keysize' is used 
inconsistently, local='keysize 256', remote='keysize 128'


Client.conf

[root@Awyr openvpn]# cat rrc.ovpn
client
dev tun
proto udp
remote 187.251.133.222 1194
persist-key
persist-tun
route-delay 5
ping-restart 10
ping 60
persist-tun
verb 4
ca ca.crt
cert rrc.crt
key rrc.key
remote-cert-tls server
data-ciphers AES-256-GCM
#data-ciphers-fallback AES-128-GCM
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
mute 20
#script-security 2
#auth-user-pass

Server conf
[root@narciso openvpn]# cat server.conf
local 187.251.133.222
port 1194
proto udp
dev tun
ca ca.crt
cert narciso.moov.com.mx.crt
key narciso.moov.com.mx.key  # This file should be kept secret
crl-verify crl.pem
dh dh2048.pem
server 10.34.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir /etc/openvpn/ccd
topology subnet
keepalive 10 120
max-clients 50
user openvpn
group openvpn
verb 4
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
mute 20
#data-ciphers AES-256-GCM
data-ciphers-fallback AES-256-GCM
explicit-exit-notify 1
push "route 192.168.51.0 255.255.255.0"

#script-security 2
#comp-lzo
#data-ciphers AES_256_GCM:CHACHA20_POLY1305:AES_128_GCM:AES_128_CCM
#data-ciphers-fallback AES-128-GCM

Thanks


Richard


--
Antonio Quartulli


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users




























					Reply via email to