iOS client | WARNING: 'link-mtu' is used inconsistently / WARNING: 'auth' is used inconsistently

coreybrett

When connecting to my OpenVPN server with iOS, I get the following lines in the router's logs.

Jan 14 11:26:03 	openvpn 	49007 	boylec/174.192.8.178:4783 MULTI_sva: pool returned IPv4=10.82.1.2, IPv6=(Not enabled)
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 [boylec] Peer Connection Initiated with [AF_INET]174.192.8.178:4783
Jan 14 11:26:03 	openvpn 		user 'boylec' authenticated
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1522'
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_COMP_STUBv2=1
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_COMP_STUB=1
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_LZO_STUB=1
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_PROTO=2
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_TCPNL=1
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_NCP=2
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_PLAT=ios
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_VER=3.2
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 peer info: IV_GUI_VER=net.openvpn.connect.ios_3.0.2-894

The two that I am concerned with are...

Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
Jan 14 11:26:03 	openvpn 	49007 	174.192.8.178:4783 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1522'

The connection does work, I just want to be sure my config is solid before I roll it out to a my users. On a side not, I had to disable compression on the server in order for iOS clients to work.

My server config is...

<openvpn>
	<openvpn-server>
		<vpnid>1</vpnid>
		<mode>server_tls_user</mode>
		<authmode>CB_DC_1</authmode>
		<protocol>UDP4</protocol>
		<dev_mode>tun</dev_mode>
		<interface>wan</interface>
		<ipaddr></ipaddr>
		<local_port>1194</local_port>
		<description><![CDATA[CBI-Employees]]></description>
		<custom_options></custom_options>
		<tls>xxx</tls>
		<tls_type>crypt</tls_type>
		<caref>5c2a240f49613</caref>
		<crlref>5c2a286415987</crlref>
		<certref>5c2a24ad8bccc</certref>
		<dh_length>2048</dh_length>
		<ecdh_curve>none</ecdh_curve>
		<cert_depth>1</cert_depth>
		<strictusercn>yes</strictusercn>
		<crypto>AES-128-GCM</crypto>
		<digest>SHA256</digest>
		<engine>none</engine>
		<tunnel_network>10.82.1.0/24</tunnel_network>
		<tunnel_networkv6></tunnel_networkv6>
		<remote_network></remote_network>
		<remote_networkv6></remote_networkv6>
		<gwredir></gwredir>
		<gwredir6></gwredir6>
		<local_network>10.0.0.0/8, 192.168.0.0/16</local_network>
		<local_networkv6></local_networkv6>
		<maxclients>50</maxclients>
		<compression>none</compression>
		<compression_push></compression_push>
		<passtos></passtos>
		<client2client></client2client>
		<dynamic_ip>yes</dynamic_ip>
		<topology>subnet</topology>
		<serverbridge_dhcp></serverbridge_dhcp>
		<serverbridge_interface>none</serverbridge_interface>
		<serverbridge_routegateway></serverbridge_routegateway>
		<serverbridge_dhcp_start></serverbridge_dhcp_start>
		<serverbridge_dhcp_end></serverbridge_dhcp_end>
		<dns_domain>xxx</dns_domain>
		<dns_server1>10.0.81.1</dns_server1>
		<dns_server2></dns_server2>
		<dns_server3></dns_server3>
		<dns_server4></dns_server4>
		<sndrcvbuf></sndrcvbuf>
		<netbios_enable></netbios_enable>
		<netbios_ntype>0</netbios_ntype>
		<netbios_scope></netbios_scope>
		<create_gw>v4only</create_gw>
		<verbosity_level>1</verbosity_level>
		<duplicate_cn></duplicate_cn>
		<ncp-ciphers>AES-128-GCM</ncp-ciphers>
		<ncp_enable>disabled</ncp_enable>
	</openvpn-server>
</openvpn>