iOS client | WARNING: 'link-mtu' is used inconsistently / WARNING: 'auth' is used inconsistently



  • When connecting to my OpenVPN server with iOS, I get the following lines in the router's logs.

    Jan 14 11:26:03 	openvpn 	49007 	boylec/174.192.8.178:4783 MULTI_sva: pool returned IPv4=10.82.1.2, IPv6=(Not enabled)
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 [boylec] Peer Connection Initiated with [AF_INET]174.192.8.178:4783
    Jan 14 11:26:03 	openvpn 		user 'boylec' authenticated
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1522'
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_COMP_STUBv2=1
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_COMP_STUB=1
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_LZO_STUB=1
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_PROTO=2
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_TCPNL=1
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_NCP=2
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_PLAT=ios
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_VER=3.2
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894
    

    The two that I am concerned with are...

    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
    Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1522'
    

    The connection does work, I just want to be sure my config is solid before I roll it out to a my users. On a side not, I had to disable compression on the server in order for iOS clients to work.

    My server config is...

    
    <openvpn>
    	<openvpn-server>
    		<vpnid>1</vpnid>
    		<mode>server_tls_user</mode>
    		<authmode>CB_DC_1</authmode>
    		<protocol>UDP4</protocol>
    		<dev_mode>tun</dev_mode>
    		<interface>wan</interface>
    		<ipaddr></ipaddr>
    		<local_port>1194</local_port>
    		<description><![CDATA[CBI-Employees]]></description>
    		<custom_options></custom_options>
    		<tls>xxx</tls>
    		<tls_type>crypt</tls_type>
    		<caref>5c2a240f49613</caref>
    		<crlref>5c2a286415987</crlref>
    		<certref>5c2a24ad8bccc</certref>
    		<dh_length>2048</dh_length>
    		<ecdh_curve>none</ecdh_curve>
    		<cert_depth>1</cert_depth>
    		<strictusercn>yes</strictusercn>
    		<crypto>AES-128-GCM</crypto>
    		<digest>SHA256</digest>
    		<engine>none</engine>
    		<tunnel_network>10.82.1.0/24</tunnel_network>
    		<tunnel_networkv6></tunnel_networkv6>
    		<remote_network></remote_network>
    		<remote_networkv6></remote_networkv6>
    		<gwredir></gwredir>
    		<gwredir6></gwredir6>
    		<local_network>10.0.0.0/8, 192.168.0.0/16</local_network>
    		<local_networkv6></local_networkv6>
    		<maxclients>50</maxclients>
    		<compression>none</compression>
    		<compression_push></compression_push>
    		<passtos></passtos>
    		<client2client></client2client>
    		<dynamic_ip>yes</dynamic_ip>
    		<topology>subnet</topology>
    		<serverbridge_dhcp></serverbridge_dhcp>
    		<serverbridge_interface>none</serverbridge_interface>
    		<serverbridge_routegateway></serverbridge_routegateway>
    		<serverbridge_dhcp_start></serverbridge_dhcp_start>
    		<serverbridge_dhcp_end></serverbridge_dhcp_end>
    		<dns_domain>xxx</dns_domain>
    		<dns_server1>10.0.81.1</dns_server1>
    		<dns_server2></dns_server2>
    		<dns_server3></dns_server3>
    		<dns_server4></dns_server4>
    		<sndrcvbuf></sndrcvbuf>
    		<netbios_enable></netbios_enable>
    		<netbios_ntype>0</netbios_ntype>
    		<netbios_scope></netbios_scope>
    		<create_gw>v4only</create_gw>
    		<verbosity_level>1</verbosity_level>
    		<duplicate_cn></duplicate_cn>
    		<ncp-ciphers>AES-128-GCM</ncp-ciphers>
    		<ncp_enable>disabled</ncp_enable>
    	</openvpn-server>
    </openvpn>
    
    

Log in to reply