Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    iOS client | WARNING: 'link-mtu' is used inconsistently / WARNING: 'auth' is used inconsistently

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 882 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coreybrett
      last edited by

      When connecting to my OpenVPN server with iOS, I get the following lines in the router's logs.

      Jan 14 11:26:03 	openvpn 	49007 	boylec/174.192.8.178:4783 MULTI_sva: pool returned IPv4=10.82.1.2, IPv6=(Not enabled)
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 [boylec] Peer Connection Initiated with [AF_INET]174.192.8.178:4783
      Jan 14 11:26:03 	openvpn 		user 'boylec' authenticated
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1522'
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_COMP_STUBv2=1
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_COMP_STUB=1
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_LZO_STUB=1
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_PROTO=2
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_TCPNL=1
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_NCP=2
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_PLAT=ios
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_VER=3.2
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894
      

      The two that I am concerned with are...

      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
      Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1522'
      

      The connection does work, I just want to be sure my config is solid before I roll it out to a my users. On a side not, I had to disable compression on the server in order for iOS clients to work.

      My server config is...

      
      <openvpn>
      	<openvpn-server>
      		<vpnid>1</vpnid>
      		<mode>server_tls_user</mode>
      		<authmode>CB_DC_1</authmode>
      		<protocol>UDP4</protocol>
      		<dev_mode>tun</dev_mode>
      		<interface>wan</interface>
      		<ipaddr></ipaddr>
      		<local_port>1194</local_port>
      		<description><![CDATA[CBI-Employees]]></description>
      		<custom_options></custom_options>
      		<tls>xxx</tls>
      		<tls_type>crypt</tls_type>
      		<caref>5c2a240f49613</caref>
      		<crlref>5c2a286415987</crlref>
      		<certref>5c2a24ad8bccc</certref>
      		<dh_length>2048</dh_length>
      		<ecdh_curve>none</ecdh_curve>
      		<cert_depth>1</cert_depth>
      		<strictusercn>yes</strictusercn>
      		<crypto>AES-128-GCM</crypto>
      		<digest>SHA256</digest>
      		<engine>none</engine>
      		<tunnel_network>10.82.1.0/24</tunnel_network>
      		<tunnel_networkv6></tunnel_networkv6>
      		<remote_network></remote_network>
      		<remote_networkv6></remote_networkv6>
      		<gwredir></gwredir>
      		<gwredir6></gwredir6>
      		<local_network>10.0.0.0/8, 192.168.0.0/16</local_network>
      		<local_networkv6></local_networkv6>
      		<maxclients>50</maxclients>
      		<compression>none</compression>
      		<compression_push></compression_push>
      		<passtos></passtos>
      		<client2client></client2client>
      		<dynamic_ip>yes</dynamic_ip>
      		<topology>subnet</topology>
      		<serverbridge_dhcp></serverbridge_dhcp>
      		<serverbridge_interface>none</serverbridge_interface>
      		<serverbridge_routegateway></serverbridge_routegateway>
      		<serverbridge_dhcp_start></serverbridge_dhcp_start>
      		<serverbridge_dhcp_end></serverbridge_dhcp_end>
      		<dns_domain>xxx</dns_domain>
      		<dns_server1>10.0.81.1</dns_server1>
      		<dns_server2></dns_server2>
      		<dns_server3></dns_server3>
      		<dns_server4></dns_server4>
      		<sndrcvbuf></sndrcvbuf>
      		<netbios_enable></netbios_enable>
      		<netbios_ntype>0</netbios_ntype>
      		<netbios_scope></netbios_scope>
      		<create_gw>v4only</create_gw>
      		<verbosity_level>1</verbosity_level>
      		<duplicate_cn></duplicate_cn>
      		<ncp-ciphers>AES-128-GCM</ncp-ciphers>
      		<ncp_enable>disabled</ncp_enable>
      	</openvpn-server>
      </openvpn>
      
      
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.