On Mon, May 25, 2026 at 3:37 PM Antonio Quartulli <[email protected]> wrote: > > > Server I'm connecting with is OpenVPN 2.4.0 > > This looks like https://github.com/OpenVPN/openvpn/issues/422 > > Ah finally some info about the server :-)
Well, I asked specifically if the DCO is independent between the server and the client, and you assured me that: > They are fully independent. > > DCO just re-implements the data channel in kernel space, but it does not > change the protocol. > > Therefore DCO is fully transparent from a protocol perspective. Therefore, I focused on the client-side… > > Is the error in the log added in > > https://github.com/lstipakov/openvpn/commit/fa4083692fefb9c94ff9366cdabe56fa52c62b72 > > server side? > > I think the check should technically happen on both sides. > > > I guess it is, as it's not present in my logs. > > If this error were logged on the client side, the situation would be > > clear, and the reason the tunnel does not work would be obvious. > > > > Btw, when you were checking this on Fedora 44 on your side, you must > > have used at least version 2.4.5 of the server, and that's why it was > > working for you. > > > > To confirm this theory, just look at your traffic in wireshark. > The dissector will immediately tell you if packets are DATA_V1 or DATA_v2. Outgoing packets are DATA_V2, incoming packets are DATA_V1. > Although, if this is really your issue, I am not sure why it worked > before when using DCO. > You said before the upgrade your openvpn+dco client was working fine. > wasn't it? Yes, probably because before the upgrade, the OpenVPN kernel module was not present, which resulted in automatic switching DCO off, which hides the issue of DATA_V1 vs DATA_V2 mismatch. As more people try to connect to this server from systems with a new kernel (like Ubuntu 26.04) with the openvpn module included by default, they have the same problem as me. Now, the question is why the message added to the logs as a fix to https://github.com/OpenVPN/openvpn/issues/422 is not showing in the logs? And why isn't the connection aborted, which is suggested in this comment https://github.com/OpenVPN/openvpn/issues/422#issuecomment-1751655041 ? Regards, Piotr Dobrogost _______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
