On 13/08/2023 10:58, Martin wrote:
On 2023-08-13 08:52, Gert Doering wrote:
Run the client with --verb 3 or 4, have a close look at the logfile.
If there is nothing obvious to you, show us the log.
/var/log/openvpn/ is empty.
Probably I need to use journalctl <something>?
If the server runs 2.3.10 (which is, like, "ancient") then my guess is
that the server also runs "cipher BF-CBC", which is not considere a secure
cipher anymore - so 2.6 will not use that by default.
In this case, try adding
cipher BF-CBC
compat-mode 2.3.10
Adding
cipher=BF-CBC
compat-mode=2.3.10
to the [vpn] section of
/etc/NetworkManager/system-connections/MyConnection
did not help. Maybe this should go in my .opvn file.
Yes, this must go into the .ovpn file. And it might very much be that
the NetworkManager-openvpn does not grok the compat-mode option - so you
can't run it via NetworkManager.
Now I try to use `openvpn` at the shell, and it complains about:
Options error: Unrecognized option or missing or extra parameter(s) in
u...@myconnection.ovpn:47: tls-remote (2.6.3)
The --tls-remote option was removed in OpenVPN 2.4.
<https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Option:--tls-remoteStatus:RemovedinOpenVPNv2.4>
to your client config (... and get company to upgrade to at least 2.5.x
as soon as possible).
Thanks for the headsup! I'll push them to do so as hard as I can :-)
Tell your IT folks about this page:
<https://community.openvpn.net/openvpn/wiki/SupportedVersions>
Make some fuzz about the the "End of life" date for OpenVPN 2.3.
No Linux/*BSD distribution which is valid (supported by the vendor)
ships with OpenVPN 2.3. RHEL/CentOS 7 + RHEL-8 are those shipping with
OpenVPN 2.4.12 (via Fedora EPEL) - which are the oldest releases I'm
aware of. For RHEL/CentOS we also have separate Fedora Copr repos which
ships both OpenVPN 2.5 [1] and OpenVPN 2.6 [2].
Even though OpenVPN 2.4 is from the OpenVPN community perspective EOL, I
do support this release for the lifetime of RHEL-7 and RHEL-8 (I am the
official Fedora/EPEL package manager for OpenVPN). When needed security
fixes are required - the OpenVPN 2.4 releaes will be updated as needed.
But only highly critical issues are being considered.
[1] <https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/>
[2] <https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/>
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
