Ok, thank you for the info. We're currently provisioning a new server anyway with an updated OS and OpenVPN version so that should resolve the issue.
Guy On Tue, 22 Dec 2020 at 13:11, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > On Tue, Dec 22, 2020 at 11:20:08AM -0800, Guy Knights wrote: > > The error messages are logged every 5 - 10 minutes for each connected > user > > like so: > > These are not "error" messages. Those would start with "error" :-) > > > Mon Dec 14 06:27:59 2020 user.name/user.ip TLS: Username/Password > > authentication succeeded for username 'user.name' [CN > > SET] > > This is the cyclic cipher renegotiation (which includes a full reauth). > > > Mon Dec 14 06:27:59 2020 user.name/user.ip Data Channel Encrypt: Cipher > > 'BF-CBC' initialized with 128 bit key > > Mon Dec 14 06:27:59 2020 user.name/user.ip WARNING: this cipher's block > > size is less than 128 bit (64 bit). Consider using a --cipher with a > > larger block size. > > It is happening quite often because your setup is using a cipher that > is not considered very secure by today's standards - which this message > is telling you. So the renegotiation timers (option "reneg-sec") are > set to fairly short values. > > I'd strongly recommend to upgrade the server to 2.4.x or 2.5.x, and > get automatic cipher upgrades to AES-GCM as soon as a 2.4/2.5 client > connects. Faster, more secure. > > gert > > -- > "If was one thing all people took for granted, was conviction that if you > feed honest figures into a computer, honest figures come out. Never > doubted > it myself till I met a computer with a sense of humor." > Robert A. Heinlein, The Moon is a Harsh > Mistress > > Gert Doering - Munich, Germany > g...@greenie.muc.de > -- <http://www.bluebatgames.com> Guy Knights • Senior Systems Engineer c: 778-996-2687p: 778-379-5120 <https://www.facebook.com/BlueBatGames/> <https://www.linkedin.com/company/bluebat-games> <https://twitter.com/BlueBatGames> <http://www.bluebatgames.com>
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
