Re: [Openvpn-devel] [Openvpn-users] OpenVPN per client cipher
Thanx Gert.
Just put --ncp-disable on client side and server seems to respect the
cipher defined on ccd.
I will be following up on devel for such type of issues.
Thanx,
Alex
On Fri, Sep 15, 2017 at 6:35 PM, Gert Doering <g...@greenie.muc.de> wrote:
> Hi,
>
> (taking this over to openvpn-devel, as this is not so much a "user"
> question if it concerns ongoing development patches :) )
>
> On Fri, Sep 15, 2017 at 06:04:27PM +0300, Alex K wrote:
> > I built openvpn 2.4.3-1 on server using patch also to allow for per
> client
> > cipher through ccd file.
> > I took the patch from https://community.openvpn.net/openvpn/ticket/845.
> [..]
> > When connecting with clients having the same openvpn version as the
> server
> > (2.4.3-1) and using the same configs, it seems that the server ignores
> the
> > "cipher none" at ccd file and logs the following:
>
> Seems NCP ("per-client cipher negotiation") trumps ccd/ here.
>
> If you configure "--disable-ncp" on the client side, it should work.
>
> [..]
> > Is there something that is causing this behavior?
>
> Cipher negotiation :-)
>
> Thanks for testing the per-client ccd cipher patch - this is definitely
> useful. Interaction with NCP needs a bit more thought, it seems.
>
> gert
>
> --
> USENET is *not* the non-clickable part of WWW!
>//
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025g...@net.informatik.tu-
> muenchen.de
>
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] Per client cipher
Sory, just found out from man openvpn and the option is --ncp-disable. Thanx, Alex On Fri, Sep 15, 2017 at 7:23 PM, Alex K <rightkickt...@gmail.com> wrote: > Hi All, > > I am testing per client cipher with 2.4.3-1 and patch from > https://community.openvpn.net/openvpn/ticket/845. > > As per Gert feedback, seems that when the client has same openvpn version > 2.4.3-1, > I have to disable ncp (using --disable-ncp). > > Do I need to apply additional patch to support --disable-ncp? When trying > with current build the client complains that it does not recognize the > option. > > Options error: Unrecognized option or missing or extra parameter(s) in > /etc/openvpn/client.conf:42: disable-ncp (2.4.3) > > > Thanx, > Alex > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] Per client cipher
Hi All, I am testing per client cipher with 2.4.3-1 and patch from https://community.openvpn.net/openvpn/ticket/845. As per Gert feedback, seems that when the client has same openvpn version 2.4.3-1, I have to disable ncp (using --disable-ncp). Do I need to apply additional patch to support --disable-ncp? When trying with current build the client complains that it does not recognize the option. Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client.conf:42: disable-ncp (2.4.3) Thanx, Alex -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
