Re: [Openvpn-devel] [Openvpn-users] OpenVPN per client cipher
Thanx Gert. Just put --ncp-disable on client side and server seems to respect the cipher defined on ccd. I will be following up on devel for such type of issues. Thanx, Alex On Fri, Sep 15, 2017 at 6:35 PM, Gert Doering <g...@greenie.muc.de> wrote: > Hi, > > (taking this over to openvpn-devel, as this is not so much a "user" > question if it concerns ongoing development patches :) ) > > On Fri, Sep 15, 2017 at 06:04:27PM +0300, Alex K wrote: > > I built openvpn 2.4.3-1 on server using patch also to allow for per > client > > cipher through ccd file. > > I took the patch from https://community.openvpn.net/openvpn/ticket/845. > [..] > > When connecting with clients having the same openvpn version as the > server > > (2.4.3-1) and using the same configs, it seems that the server ignores > the > > "cipher none" at ccd file and logs the following: > > Seems NCP ("per-client cipher negotiation") trumps ccd/ here. > > If you configure "--disable-ncp" on the client side, it should work. > > [..] > > Is there something that is causing this behavior? > > Cipher negotiation :-) > > Thanks for testing the per-client ccd cipher patch - this is definitely > useful. Interaction with NCP needs a bit more thought, it seems. > > gert > > -- > USENET is *not* the non-clickable part of WWW! >// > www.muc.de/~gert/ > Gert Doering - Munich, Germany > g...@greenie.muc.de > fax: +49-89-35655025g...@net.informatik.tu- > muenchen.de > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] Per client cipher
Sory, just found out from man openvpn and the option is --ncp-disable. Thanx, Alex On Fri, Sep 15, 2017 at 7:23 PM, Alex K <rightkickt...@gmail.com> wrote: > Hi All, > > I am testing per client cipher with 2.4.3-1 and patch from > https://community.openvpn.net/openvpn/ticket/845. > > As per Gert feedback, seems that when the client has same openvpn version > 2.4.3-1, > I have to disable ncp (using --disable-ncp). > > Do I need to apply additional patch to support --disable-ncp? When trying > with current build the client complains that it does not recognize the > option. > > Options error: Unrecognized option or missing or extra parameter(s) in > /etc/openvpn/client.conf:42: disable-ncp (2.4.3) > > > Thanx, > Alex > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] Per client cipher
Hi All, I am testing per client cipher with 2.4.3-1 and patch from https://community.openvpn.net/openvpn/ticket/845. As per Gert feedback, seems that when the client has same openvpn version 2.4.3-1, I have to disable ncp (using --disable-ncp). Do I need to apply additional patch to support --disable-ncp? When trying with current build the client complains that it does not recognize the option. Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/client.conf:42: disable-ncp (2.4.3) Thanx, Alex -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel