Hi, Makes sense, feature-ACK.
On Tue, Jul 12, 2016 at 11:14 AM, Arne Schwabe <[email protected]> wrote: > diff --git a/sample/sample-config-files/client.conf > b/sample/sample-config-files/client.conf > index fedcbd6..d8dfd96 100644 > --- a/sample/sample-config-files/client.conf > +++ b/sample/sample-config-files/client.conf > @@ -110,12 +110,16 @@ tls-auth ta.key 1 > # Select a cryptographic cipher. > # If the cipher option is used on the server > # then you must also specify it here. > -;cipher x > +# Note that 2.4 client/server will automatically > +# negoiate AES-256-GCM in TLS mode. > +# See also the ncp-cipher option in the manpage > +cipher AES-256-CBC > + > Typo in 'negotiate'. And was the extra newline on purpose? > # Enable compression on the VPN link. > # Don't enable this unless it is also > # enabled in the server config file. > -comp-lzo > +#comp-lzo Very good, let's disable compression 'by default' in de samples. > diff --git a/sample/sample-config-files/server.conf > b/sample/sample-config-files/server.conf > index c85ca0f..79e1234 100644 > --- a/sample/sample-config-files/server.conf > +++ b/sample/sample-config-files/server.conf > @@ -246,14 +246,21 @@ tls-auth ta.key 0 # This file is secret > # Select a cryptographic cipher. > # This config item must be copied to > # the client config file as well. > -;cipher BF-CBC # Blowfish (default) > -;cipher AES-128-CBC # AES > -;cipher DES-EDE3-CBC # Triple-DES > - > -# Enable compression on the VPN link. > +# Note that 2.4 client/server will automatically > +# negoiate AES-256-GCM in TLS mode. > +# See also the ncp-cipher option in the manpage > +cipher AES-256-CBC Same typo as above. Apart from the typo's, ACK. -Steffan
