<![CDATA[Some warnings on OpenVPN client connections]]>Hi all, I am using pfSENSE CE 2.6.0 in which I configured an OpenVPN server to which several clients connect using OpenVPN Connect V3 (Windows).
The server works fine and the clients connect without problems with cipher AES-256-GCM. But there are some warnings in the OpenVPN server log that I would like to know what they are due to.

May 30 15:37:26	openvpn	24642	152.171.135.2:26292 WARNING: 'keysize' is used inconsistently, local='keysize 192', remote='keysize 128'
May 30 15:37:26	openvpn	24642	152.171.135.2:26292 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'
May 30 15:37:26	openvpn	24642	152.171.135.2:26292 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1549', remote='link-mtu 1553'

This is the server and client configuration I am using.

server:

<openvpn>
<openvpn-server>
<vpnid>1</vpnid>
<mode>server_tls</mode>
<protocol>UDP4</protocol>
<dev_mode>tun</dev_mode>
<interface>wan</interface>
<ipaddr></ipaddr>
<local_port>1194</local_port>
<description><![CDATA[OpenVPN-TSA]]></description>
<custom_options>reneg-sec 0
push "dhcp-option ADAPTER_DOMAIN_SUFFIX domain.local"</custom_options>
<tls>blablabla</tls>
<tls_type>crypt</tls_type>
<tlsauth_keydir>0</tlsauth_keydir>
<caref>628bd437b8d94</caref>
<crlref>628bd47295128</crlref>
<ocspurl></ocspurl>
<certref>628bef8b0b14e</certref>
<dh_length>none</dh_length>
<ecdh_curve>none</ecdh_curve>
<cert_depth>1</cert_depth>
<remote_cert_tls>yes</remote_cert_tls>
<data_ciphers_fallback>AES-192-GCM</data_ciphers_fallback>
<digest>SHA256</digest>
<engine>rdrand</engine>
<tunnel_network>192.168.21.0/24</tunnel_network>
<tunnel_networkv6></tunnel_networkv6>
<remote_network></remote_network>
<remote_networkv6></remote_networkv6>
<gwredir></gwredir>
<gwredir6></gwredir6>
<local_network>10.10.8.0/22,192.168.20.0/27,192.168.119.0/24</local_network>
<local_networkv6></local_networkv6>
<maxclients>50</maxclients>
<allow_compression>no</allow_compression>
<compression></compression>
<compression_push></compression_push>
<passtos></passtos>
<client2client></client2client>
<dynamic_ip>yes</dynamic_ip>
<topology>subnet</topology>
<serverbridge_dhcp></serverbridge_dhcp>
<serverbridge_interface>none</serverbridge_interface>
<serverbridge_routegateway></serverbridge_routegateway>
<serverbridge_dhcp_start></serverbridge_dhcp_start>
<serverbridge_dhcp_end></serverbridge_dhcp_end>
<dns_domain>domain.local</dns_domain>
<dns_server1>10.10.8.3</dns_server1>
<dns_server2>10.10.8.2</dns_server2>
<dns_server3></dns_server3>
<dns_server4></dns_server4>
<username_as_common_name><![CDATA[disabled]]></username_as_common_name>
<exit_notify>1</exit_notify>
<sndrcvbuf></sndrcvbuf>
<push_register_dns>yes</push_register_dns>
<netbios_enable></netbios_enable>
<netbios_ntype>0</netbios_ntype>
<netbios_scope></netbios_scope>
<create_gw>v4only</create_gw>
<verbosity_level>1</verbosity_level>
<data_ciphers>AES-256-GCM</data_ciphers>
<ncp_enable>enabled</ncp_enable>
<ping_method>keepalive</ping_method>
<keepalive_interval>10</keepalive_interval>
<keepalive_timeout>60</keepalive_timeout>
<ping_seconds>10</ping_seconds>
<ping_push></ping_push>
<ping_action>ping_restart</ping_action>
<ping_action_seconds>60</ping_action_seconds>
<ping_action_push></ping_action_push>
<inactive_seconds>300</inactive_seconds>
</openvpn-server>

client:

dev tun
persist-tun
persist-key
data-ciphers AES-256-GCM:AES-192-GCM
data-ciphers-fallback AES-192-GCM
auth SHA256
tls-client
client
resolv-retry infinite

lport 0
verify-x509-name "www.somedomain.com" name
remote-cert-tls server
explicit-exit-notify
key-direction 1
<connection>
remote openvpn1.somedomain.com 1194 udp
</connection>
<connection>
remote openvpn2.somedomain.com 1194 udp
</connection>

<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>

2048 bit OpenVPN static key

-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>

Any hints as to what these warnings are due to would be more than appreciated.

Thanks
Gabriel

]]>https://forum.netgate.com/topic/172532/some-warnings-on-openvpn-client-connectionsRSS for NodeFri, 12 Jun 2026 02:40:48 GMTMon, 30 May 2022 19:15:31 GMT60