Getting openvpn warnings in the logs



  • Hi,

    I've noticed these warnings in the logs:
    Screen Shot 2019-12-04 at 13.36.56.png

    Now...I know that under my VPN provider settings of the servers *.ovpn it says "cipher AES-256-CBC
    auth SHA512", but I'm using GCM which is also supported by the server. If the warning is just because of that then I guess that's nothing but you tell me what should I do about these warnings.

    Perhaps add something in the custom options?

    Thank you,


  • Netgate Administrator

    The configured settings differ between the client and server. It's just a warning though. If it connects and passes traffic it's clearly negotiated a matching set of values there.

    Steve



  • @stephenw10 Just what I thought...Thank you!
    Edit: Can I do something to come as close as possible to the server settings by adding custom options etc? Except for changing the encryption type haha, GCM is much better


  • Netgate Administrator

    You probably have Enable Negotiable Cryptographic Parameters set otherwise I would expect it to fail with those values mismatched. In which case you can set it to match the server values and it should still negotiate to aes-256-gcm.
    That will remove those warnings but not help in any other way. I would just ignore them if it's working OK.

    Steve



  • @stephenw10 said in Getting openvpn warnings in the logs:

    You probably have Enable Negotiable Cryptographic Parameters set

    Actually not. I disabled it since it seemed to not respect my preference and just use CBC if I remember correctly so I said F it lol
    I'll live with those warnings.

    Thank you :)


Log in to reply