Jump to content
Not connected, Your IP: 3.135.201.101
AirVPN
zombie1982

ANSWERED New link-mtu & keysize Warnings with Cipher 'CHACHA20-POLY1305'

By zombie1982, ... in Troubleshooting and Problems

Recommended Posts

zombie1982    5

zombie1982
Posted ...

Hi
I switched to Cipher 'CHACHA20-POLY1305' and get those warnings now:

openvpn --mssfix 1300 --config errai.ovpn


2020-11-09 14:55:08 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Errai, emailAddress=info@airvpn.org
2020-11-09 14:55:08 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
2020-11-09 14:55:08 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
2020-11-09 14:55:08 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-09 14:55:08 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-09 14:55:08 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA

Here my conf:

client
dev tun1
remote 2001:ac8:20:2a:fa58:8bc5:ea41:6ecc 41185
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
#cipher AES-256-GCM
data-ciphers CHACHA20-POLY1305:AES-256-GCM
#data-ciphers-fallback AES-256-CBC
comp-lzo no
proto udp6
key-direction 1
.....
log-append /var/log/openvpn.log
script-security 2
up   /etc/vpn-up.sh
down /etc/vpn-down.sh

Share this post

Link to post

zombie1982    5

zombie1982
Posted ...

OK I changed my conf to
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC
and the warnings dissapeared.

Share this post

Link to post

OpenSourcerer    1441

OpenSourcerer
Posted ...

Out of curiosity, which cipher is OpenVPN using on the data channel if you do it like in your last post?

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post

Link to post

zombie1982    5

zombie1982
Posted ...

2020-11-11 20:37:17 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Errai, emailAddress=info@airvpn.org
2020-11-11 20:37:17 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-11 20:37:17 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-11 20:37:17 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA

Yeah, still the same but without warnings... 🤷‍♂️

OpenSourcerer reacted to this

Share this post

Link to post
Guest
This topic is now closed to further replies.
Go To Topic Listing
×
×
  • Create New...