Hi, On Sat, Jan 06, 2024 at 10:05:50AM +0000, Peter Davis wrote: > I'm using OpenVPN 2.6.3 x86_64-pc-linux-gnu. > > I removed "cipher AES-256-GCM" from the configuration file and I see the > following message in the log file: > > 2024-01-06 13:28:03 Note: --cipher is not set. OpenVPN versions before 2.5 > defaulted to BF-CBC as fallback when cipher negotiation failed in this case. > If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your > configuration and/or add BF-CBC to --data-ciphers.
This is informational, for users migrating from earlier versions that
defaulted to BF-CBC, which is no longer a valid cipher in the default
config of 2.6 (and it might be relevant for compatibility with clients
older than 2.4.0). You can just ignore it.
> 2024-01-06 13:28:03 --user specified but lacking CAP_SETPCAP. Cannot retain
> CAP_NET_ADMIN. Disabling data channel offload
This is a different warning, and hints at running OpenVPN from a systemd
config which removes capabilities that OpenVPN would like to keep.
Googling for that message + openvpn-users should find a few threads with
answers how to deal with systemd.
> Do you mean that in OpenVPN version 2.6, AES-256-GCM is enabled by default?
Since 2.4, OpenVPN will auto-negotiate AES-256-GCM if both sides support it.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
