Thanx Gert.
Just put --ncp-disable on client side and server seems to respect the
cipher defined on ccd.
I will be following up on devel for such type of issues.
Thanx,
Alex
On Fri, Sep 15, 2017 at 6:35 PM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> (taking this over to openvpn-devel, as this is not so much a "user"
> question if it concerns ongoing development patches :) )
>
> On Fri, Sep 15, 2017 at 06:04:27PM +0300, Alex K wrote:
> > I built openvpn 2.4.3-1 on server using patch also to allow for per
> client
> > cipher through ccd file.
> > I took the patch from https://community.openvpn.net/openvpn/ticket/845.
> [..]
> > When connecting with clients having the same openvpn version as the
> server
> > (2.4.3-1) and using the same configs, it seems that the server ignores
> the
> > "cipher none" at ccd file and logs the following:
>
> Seems NCP ("per-client cipher negotiation") trumps ccd/ here.
>
> If you configure "--disable-ncp" on the client side, it should work.
>
> [..]
> > Is there something that is causing this behavior?
>
> Cipher negotiation :-)
>
> Thanks for testing the per-client ccd cipher patch - this is definitely
> useful. Interaction with NCP needs a bit more thought, it seems.
>
> gert
>
> --
> USENET is *not* the non-clickable part of WWW!
> //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025 g...@net.informatik.tu-
> muenchen.de
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
