[Openvpn-users] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

I'm getting the message: Oct 29 14:57:17 vpn-zaki tcp[36376]: 109.41.1.45:9652 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256' on the server side log -- for all my clients. The server config (2.5.0) says: cipher AES-256-GCM data-ciphers AES-256-GCM:AES-2

Re: [Openvpn-users] [ext] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

* Ralf Hildebrandt : > As far as I can see "auth SHA256" is used consistently. > So why does it report "auth [null-digest]"? tl;dr: client and server negotiate a GCM (Galois/Counter Mode) cipher (AES-GCM), and those ciphers includes a HMAC, thus the specified AUTH isn't really being used. https

Re: [Openvpn-users] [ext] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

Hi, On Thu, Oct 29, 2020 at 03:21:54PM +0100, Ralf Hildebrandt wrote: > tl;dr: client and server negotiate a GCM (Galois/Counter Mode) cipher > (AES-GCM), and those ciphers includes a HMAC, thus the specified AUTH > isn't really being used. True, but this "config mismatch warning" stuff should a

Re: [Openvpn-users] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

Hi, On Thu, Oct 29, 2020 at 03:10:30PM +0100, Ralf Hildebrandt wrote: > on the server side log -- for all my clients. The server config (2.5.0) says: > > cipher AES-256-GCM > data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM:AES-128-CBC:BF-CBC > auth SHA256 > > and the client config says: > > ci

Re: [Openvpn-users] [ext] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

> True, but this "config mismatch warning" stuff should actually > be checked before GCM is negotiated, so there *should* not be a > mismatch if both sides have it in their config. Yes, it's ugly. The current windows GUI 11 is coloring the message red, personally I'd color warnings YELLOW and erro

Re: [Openvpn-users] [ext] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

Hi On Thu, Oct 29, 2020 at 10:55 AM Ralf Hildebrandt < ralf.hildebra...@charite.de> wrote: > > True, but this "config mismatch warning" stuff should actually > > be checked before GCM is negotiated, so there *should* not be a > > mismatch if both sides have it in their config. > > Yes, it's ugly.

Re: [Openvpn-users] [ext] WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

> That said, these kinds of false warnings need to be fixed. The whole idea > of warnings is to draw the user's attention to it and is predicated upon > these being indications of possible misconfiguration. Indeed :) Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abte