Jump to content
Not connected, Your IP: 3.87.209.162
zombie1982

ANSWERED New link-mtu & keysize Warnings with Cipher 'CHACHA20-POLY1305'

Recommended Posts

Hi
I switched to Cipher 'CHACHA20-POLY1305' and get those warnings now:

openvpn --mssfix 1300 --config errai.ovpn


2020-11-09 14:55:08 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Errai, emailAddress=info@airvpn.org
2020-11-09 14:55:08 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
2020-11-09 14:55:08 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
2020-11-09 14:55:08 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-09 14:55:08 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-09 14:55:08 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA

Here my conf:

client
dev tun1
remote 2001:ac8:20:2a:fa58:8bc5:ea41:6ecc 41185
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
#cipher AES-256-GCM
data-ciphers CHACHA20-POLY1305:AES-256-GCM
#data-ciphers-fallback AES-256-CBC
comp-lzo no
proto udp6
key-direction 1
.....
log-append /var/log/openvpn.log
script-security 2
up   /etc/vpn-up.sh
down /etc/vpn-down.sh

Share this post


Link to post

OK I changed my conf to
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC

and the warnings dissapeared.

Share this post


Link to post

Out of curiosity, which cipher is OpenVPN using on the data channel if you do it like in your last post?


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

2020-11-11 20:37:17 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Errai, emailAddress=info@airvpn.org
2020-11-11 20:37:17 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-11 20:37:17 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-11 20:37:17 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA

Yeah, still the same but without warnings... 🤷‍♂️

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...