Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Getting openvpn warnings in the logs

    OpenVPN
    2
    5
    97
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techtester-m last edited by techtester-m

      Hi,

      I've noticed these warnings in the logs:
      Screen Shot 2019-12-04 at 13.36.56.png

      Now...I know that under my VPN provider settings of the servers *.ovpn it says "cipher AES-256-CBC
      auth SHA512", but I'm using GCM which is also supported by the server. If the warning is just because of that then I guess that's nothing but you tell me what should I do about these warnings.

      Perhaps add something in the custom options?

      Thank you,

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        The configured settings differ between the client and server. It's just a warning though. If it connects and passes traffic it's clearly negotiated a matching set of values there.

        Steve

        T 1 Reply Last reply Reply Quote 1
        • T
          techtester-m @stephenw10 last edited by techtester-m

          @stephenw10 Just what I thought...Thank you!
          Edit: Can I do something to come as close as possible to the server settings by adding custom options etc? Except for changing the encryption type haha, GCM is much better

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            You probably have Enable Negotiable Cryptographic Parameters set otherwise I would expect it to fail with those values mismatched. In which case you can set it to match the server values and it should still negotiate to aes-256-gcm.
            That will remove those warnings but not help in any other way. I would just ignore them if it's working OK.

            Steve

            T 1 Reply Last reply Reply Quote 0
            • T
              techtester-m @stephenw10 last edited by techtester-m

              @stephenw10 said in Getting openvpn warnings in the logs:

              You probably have Enable Negotiable Cryptographic Parameters set

              Actually not. I disabled it since it seemed to not respect my preference and just use CBC if I remember correctly so I said F it lol
              I'll live with those warnings.

              Thank you :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post