OpenVPN 2.3.2 conflicts with tls-version-min

Started by XenFox, January 17, 2017, 12:21:48 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

XenFox

January 17, 2017, 12:21:48 AM
Hello!
After installing and configuring openvpn server by using this script
https://github.com/Angristan/OpenVPN-install
Can not connect via openvpn client because of an error

Code Select
Options error: Unrecognized option or missing parameter(s) in client.ovpn:13: tls-version-min (2.3.2)

File Contents client.ovpn

Code Select
client
proto udp
remote xxx.xxx.xxx.xx 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA256
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3
.....


openvpn --version

Code Select
OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014

Quote from: AngristanTLS version

OpenVPN uses TLS 1.0 by default, which is nearly 20 years old.

With tls-version-min 1.2 we use at least TLS 1.2, which the best protocol available currently. I could have used tls-version-min highest but this does not ensure we use TLS 1.2 which is the only secure protocol available.

OpenVPN documentation for tls-version-min

TLS 1.2 is only supported since OpenVPN 2.3.3. This is one of the reasons of the script uses third-party repositories, because some distributions have an older version of OpenVPN.

So my version openvpn does not support TLS 1.2 ? How to upgrade?

ZEROF

#1
January 17, 2017, 07:58:24 AM Last Edit: January 17, 2017, 09:19:06 AM by ZEROF
Hi,

This is not openvpn support forum, but pls check https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos. And If i remember well you will need to use 1 and not 1.2 (didn't try on up-line version) and if you install last version you will need to set ciphers as well, but check and keep us posted.

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

XenFox

#2
January 17, 2017, 09:08:58 PM Last Edit: January 17, 2017, 09:13:15 PM by XenFox
Quote from: ZEROFcheck https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
Strange. If you choose:
Quoterelease/2.3: OpenvPN 2.3 releases
trusty (Ubuntu 14.04)
it is set openvpn 2.3.14 and everything works. Ie there is no error when connecting.

If you select
Quoterelease/2.4: OpenVPN 2.4 releases, including alphas/betas/RCs
trusty (Ubuntu 14.04)
Also it works.

Quote from: ZEROFyou will need to set ciphers as well
What you have in mind?
I am from Russia and my english = Google Translate.
Thanks for the help!

ZEROF

#3
January 17, 2017, 11:33:00 PM
Hi,

You can grab some settings here https://gist.github.com/pwnsdx/8fc14ee1e9f561a0a5b8

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*
Print
Go Up Pages1
User actions