Hi, On Tue, Jan 24, 2017 at 04:09:29PM +0400, Dmitry Melekhov wrote: > >> and found that servers successfully uses blowfish for some old clients, > >> but for others not: > > It depends on whether the client sends OCC info about its config - if it > > doesn't send that (like "because it was compiled with --disable-occ") > > the server will have to use what is configured. > > I see, it's very pity :-( > Because, it means that there is no cipher info on server on such > clients, server will use default, > i.e. I can't run some of this old clients with blowfish and others with aes.
Well. If you *know* which of the old clients have been upgraded to AES,
you should be able to put "cipher AES..." into a ccd/ file for that client
(I haven't tested it with 2.4.0-final - it worked for a hacked-together
variant I did that later become the much more cleaned-up official version of
poor man's NCP by Steffan). Technically it should work...
> >> But, according to man servers has to choose blowfish:
> > Default is blowfish, so that's OK. Just do configure the same "cipher"
> > on both old-clients-without-OCC and new-server.
> >
> This ruins my plans to change ciphers on clients one by one, i.e.
> we need to change it on clients and the same time and on server,
> this is almost impossible :-(
>
> Well, I just need another plan .... ;-)
Try ccd/ :-) - if that doesn't work, the plan will have to be "upgrade
the clients to something that sends OCC info, and bug the router vendor
in question not to use --enable-small and/or upgrade to 2.4.0"...
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
