Not signed in (Sign In)

Welcome, Guest

Want to take part in these discussions? Sign in if you have an account, or apply for one below

Vanilla 1.1.10 is a product of Lussumo. More Information: Documentation, Community Support.

    • CommentAuthorwognath
    • CommentTimeOct 19th 2016 edited
     
    vpn connects without problem and works perfectly. Should I be concerned about these warnings during startup?

    # openvpn --config alwaysvpn-compatible
    Wed Oct 19 15:04:30 2016 DEPRECATED OPTION: --tls-remote, please update your configuration
    Wed Oct 19 15:04:30 2016 OpenVPN 2.3.10 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jan 13 2016
    Wed Oct 19 15:04:30 2016 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
    Enter Auth Username:xxxxxxxx
    Enter Auth Password:
    Wed Oct 19 15:04:47 2016 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
    ....


    Config file (alwaysvpn_config-2.1_linux.zip downloaded 10/16/2016) contains the lines
    ...
    tls-remote alwaysvpn_s
    tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA
    ...


    Thanks
    • CommentAuthoradmin
    • CommentTimeOct 19th 2016
     
    This isn't anything you need to worry about.

    If you don't want to see the warning anymore you could update your configuration files to use the line

    verify-x509-name alwaysvpn_s name-prefix

    instead of tls-remote alwaysvpn_s

    and use

    tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA

    instead of tls-cipher DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA