Jump to content
Not connected, Your IP: 18.234.255.5
zombie1982

ANSWERED New link-mtu & keysize Warnings with Cipher 'CHACHA20-POLY1305'

Recommended Posts

Hi
I switched to Cipher 'CHACHA20-POLY1305' and get those warnings now:

openvpn --mssfix 1300 --config errai.ovpn


2020-11-09 14:55:08 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Errai, emailAddress=info@airvpn.org
2020-11-09 14:55:08 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
2020-11-09 14:55:08 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
2020-11-09 14:55:08 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-09 14:55:08 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-09 14:55:08 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA

Here my conf:

client
dev tun1
remote 2001:ac8:20:2a:fa58:8bc5:ea41:6ecc 41185
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
route-delay 5
verb 3
explicit-exit-notify 5
push-peer-info
setenv UV_IPV6 yes
remote-cert-tls server
#cipher AES-256-GCM
data-ciphers CHACHA20-POLY1305:AES-256-GCM
#data-ciphers-fallback AES-256-CBC
comp-lzo no
proto udp6
key-direction 1
.....
log-append /var/log/openvpn.log
script-security 2
up   /etc/vpn-up.sh
down /etc/vpn-down.sh

Share this post


Link to post

OK I changed my conf to
data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-192-GCM:AES-192-CBC:AES-128-GCM:AES-128-CBC
data-ciphers-fallback AES-256-CBC

and the warnings dissapeared.

Share this post


Link to post

Out of curiosity, which cipher is OpenVPN using on the data channel if you do it like in your last post?


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

2020-11-11 20:37:17 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Errai, emailAddress=info@airvpn.org
2020-11-11 20:37:17 Outgoing Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-11 20:37:17 Incoming Data Channel: Cipher 'CHACHA20-POLY1305' initialized with 256 bit key
2020-11-11 20:37:17 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA

Yeah, still the same but without warnings... 🤷‍♂️

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...