Hi, On Sat, Aug 29, 2020 at 09:42:46PM -0300, Rafael Gava wrote: > Actually, I was testing Samuli's 2.5-beta2 installer from the link below: > Note sure if it's with the patch for data-ciphers but I guess so. > I'll pull the 2.5-beta2 code and build it in order to check if it's > working properly. > > https://build.openvpn.net/downloads/releases/OpenVPN-2.5-beta2-I601-amd64.msi
The installer has the right binary, *but* the binary has the same
"ingrained" windows version number, so when going from beta1 to beta2,
the .msi will just not upgrade openvpn.exe. Known bug (now), being
worked on.
[..]
> On Sat, Aug 29, 2020 at 4:47 PM Gert Doering <g...@greenie.muc.de> wrote:
> > Which combination of client/server is this exactly? 2.5-beta2 on
> > the client, what is on the server? Can we have some more log file,
> > including the "PUSH_REPLY", please?
>
> The server version is 2.3.18.
> The client:
>
> 2020-08-29 16:02:50 us=235805 OpenVPN 2.5_beta2 x86_64-w64-mingw32 [SSL
> (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Aug 27 2020
> 2020-08-29 16:02:50 us=235805 Windows version 10.0 (Windows 10 or greater)
> 64bit
> 2020-08-29 16:02:50 us=235805 library versions: OpenSSL 1.1.1g 21 Apr
> 2020, LZO 2.10
Mmmh. Now, 2.3.18 is just a little bit oldish. But still, 2.5_beta2
*should* work nicely with a 2.3 server, after adding "data-ciphers BF-CBC"
to your local config.
If it still doesn't do that, you found a new bug :-)
(Is the server compiled with --enable-small, which means "no OCC"?)
> I falled back to the 2.5-beta1 using the same configuration and it worked.
> Attached are both logs and the client config.
Uh.
So:
2.5-beta1 --> 2.3.18 *works*
2.5-beta2 --> 2.3.18 *fails*
is that correct? (Seems beta1 might have accidentially worked, while
a fallback code path for "no NCP, no OCC" was disallowed in beta2 and
might be breaking this)
Arne?
> 2020-08-29 16:02:50 us=235805 OpenVPN 2.5_beta2 x86_64-w64-mingw32 [SSL
> (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Aug 27 2020
[..]
> 2020-08-29 16:02:53 us=643016 OPTIONS ERROR: failed to negotiate cipher with
> server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently
> 'BF-CBC') if you want to connect to this server.
This is very clearly "beta2", and the error message looks most silly...
[..]
> 2020-08-29 21:08:10 us=91399 OpenVPN 2.5_beta1 x86_64-w64-mingw32 [SSL
> (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Aug 14 2020
[..]
> 2020-08-29 21:08:13 us=679932 PUSH: Received control message:
> 'PUSH_REPLY,route 194.145.17.0 255.255.255.0,route-gateway 20.20.0.1,topology
> subnet,ping 90,ping-restart 600,socket-flags TCP_NODELAY,ifconfig 20.20.0.2
> 255.255.0.0'
[..]
> 2020-08-29 21:08:13 us=679932 Outgoing Data Channel: Cipher 'BF-CBC'
> initialized with 128 bit key
So... something is still not right here.
And I need to extend my testbed with server configs that match this (2.3,
2.3-enable-small, 2.4).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
