>On Saturday, January 6th, 2024 at 12:27 PM, Gert Doering <g...@greenie.muc.de> >wrote:
> Hi, > > On Sat, Jan 06, 2024 at 07:03:37AM +0000, Peter Davis wrote: > > > 1- But I need to put the server and client keys in /etc/openvpn/server and > > /etc/openvpn/client directories. Am I wrong? > > > Server keys go to the server file system. > > Client keys go to the client file system. > > CA cert goes everywhere, as it's the binding part that permits either > side to verify each other. > > > 2- I used these lines in the server and client configuration files: > > > > data-ciphers AES-256-GCM > > cipher AES-256-GCM > > > Just... don't. --cipher is a no-op in 2.6.x, and data-ciphers already > contains AES-256-GCM, so setting these will just make your config file > longer, and do no good. > > gert > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh Mistress > > Gert Doering - Munich, Germany g...@greenie.muc.de Hi, Thanks again. I'm using OpenVPN 2.6.3 x86_64-pc-linux-gnu. I removed "cipher AES-256-GCM" from the configuration file and I see the following message in the log file: 2024-01-06 13:28:03 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers. 2024-01-06 13:28:03 --user specified but lacking CAP_SETPCAP. Cannot retain CAP_NET_ADMIN. Disabling data channel offload Why? Do you mean that in OpenVPN version 2.6, AES-256-GCM is enabled by default? _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
