Opened 2 years ago

Last modified 22 months ago

#1313 new Bug / Defect

OCC warnings about cipher and auth mismatch are misleading

Reported by: Gert Döring Owned by:
Priority: major Milestone: release 2.4.11
Component: Generic / unclassified Version: OpenVPN 2.4.9 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: NCP, cipher, OCC, warning
Cc: plaisthos, Steffan Karger


In a setup where NCP is active, a client might warn in its logfile about cipher mismatch (if it has a different cipher configured than the server), but it is of no consequences because NCP will do the right thing anyway.

I think this needs to be fixed - possibly by announcing NCP status in the OCC messages, and "if I have NCP and the other side has NCP, ignore mismatches in cipher and auth".

Or maybe "if I am NCP *capable* and the server has NCP *enabled*" (because 2.4 with --ncp-disable talking to a 2.5 server will still get a proper cipher back).

Change History (3)

comment:1 Changed 2 years ago by Gert Döring

Milestone: release 2.4.10
Version: OpenVPN git master branch (Community Ed)OpenVPN 2.4.9 (Community Ed)

I just learned that 2.5 will no longer print cipher warnings anyway (never, unconditionally). At least, as of today.

So 2.4 remains...

comment:2 Changed 2 years ago by tct

I am CC'ing myself but also want to add this link:

OpenVPN 2.4 vs 2.5 (and 2.2/2.3) do have some differences but the final outcome is as optimal as possible.

comment:3 Changed 22 months ago by Gert Döring

Milestone: release 2.4.10release 2.4.11

So is there anything left to do for 2.4.11? Or close for good - issue is documented, fixed for 2.5, and search engines will find this thread?

Note: See TracTickets for help on using tickets.