>On 16/08/2023 15:05, Jason Long via Openvpn-users wrote: > On 16.08.23 12:23, Jason Long via Openvpn-users wrote: >>> On Wed, Aug 16, 2023 at 06:35:01AM +0000, Jason Long wrote: [...snip...]
> Hello, > I used > "https://www.howtoforge.com/how-to-install-and-configure-openvpn-server-on-debian-10/"; > tutorial to create my OpenVPN server. >*sigh* Never use a random blog post on "how to do XYZ" when the project >itself has its own set of documentation. No matter which project it is. >I've read enough of those random "OpenVPN how-tos" over the last 15+ >years and the vast majority of them are not up-to-date, tricks you into >using insecure settings, being overly complicated or simply leads you to >misery. >Doing networking isn't really suitable as a "click-this-type-that" type >of how-to, because you *really* need to understand how these things >works and impacts your configuration and setup. >This guides you through the most important steps and should be >reasonably up-to-date (I spot a few things which could be improved, but >shouldn't stop you from getting a functional tun based OpenVPN tunnel >running). This documentation is provided by the official OpenVPN >project and this project is responsible for keeping the documentation in >reasonable shape. ><https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN> >Read this, read the man page entries for options used and try to >understand it. Read the pointers to the related documentation in that >wiki page. Try to understand all the information provided there. Then >you can ask questions and get sensible replies back. >If you need more documentation, buy your own copy of the OpenVPN >Cookbook by Jan Just Keijser. He is a well-trusted OpenVPN community >member and knows this stuff very well. ><https://www.packtpub.com/product/openvpn-cookbook-second-edition/9781786463128> > Gert tole me about the multihome statement and I added it. >When Gert tells you to look at multihome, he has very good reasons for >doing that (I know him too, he is also really trustworthy - in >particular with networking and OpenVPN). But it ALSO means you should >read the documentation for suggested options too. >[...snip...] > # cat /var/log/openvpn/virt1.log > 2023-08-16 06:23:18 WARNING: --topology net30 support for server configs with > IPv4 pools will be removed in a future release. Please migrate to --topology > subnet as soon as possible. > 2023-08-16 06:23:18 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but > missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). > OpenVPN ignores --cipher for cipher negotiations. >Those two lines tells you something important. You should fix this. >I'm not going to tell you how; read the documentation. It is fully >explained in the man page. >[...snip...] > 2023-08-16 06:23:18 Listening for incoming TCP connection on > [AF_INET][undef]:2000 > 2023-08-16 06:23:18 TCPv4_SERVER link local (bound): [AF_INET][undef]:2000 > 2023-08-16 06:23:18 TCPv4_SERVER link remote: [AF_UNSPEC] >I suspect this if from a server configuration (also an important detail >to tell). And it tells you your VPN server is listening TCP port 2000. >[...snip...] > 2023-08-16 06:23:18 Initialization Sequence Completed >This line means that the OpenVPN tunnel is up an running. So that means >this tunnel instance is ready to see clients connecting to it. >And finally. Learn yourself some mailing list netiquette. Inline >replies and replies at the bottom are very fine. But keep the indenting >marks (>) on the original text so it's easier to understand who is >writing what and what you are responding to. >A reasonably good summary of most common mailing list netiquette rules >used in open source (and this is the official recommendation from an >open source project; not a random blog post) ><https://wiki.openstack.org/wiki/MailingListEtiquette> Hello, Thanks again. I can solve those two line with change the --data-ciphers algorithm. Please tell me what is the main problem. If the problem is that my OpenVPN server has an Internal NIC and a NAT NIC, then I'm sure such a scenario exists in the real world. I added all statements that Gert said, but problem is exists. -- kind regards, David Sommerseth OpenVPN Inc _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
