Author Topic: OpenVPN 2.3.2 conflicts with tls-version-min  (Read 6517 times)

XenFox

  • Newbie
  • *
  • Posts: 10
    • View Profile
on: January 17, 2017, 12:21:48 AM
Hello!
After installing and configuring openvpn server by using this script
https://github.com/Angristan/OpenVPN-install
Can not connect via openvpn client because of an error

Code: [Select]
Options error: Unrecognized option or missing parameter(s) in client.ovpn:13: tls-version-min (2.3.2)
File Contents client.ovpn

Code: [Select]
client
proto udp
remote xxx.xxx.xxx.xx 1194
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA256
cipher AES-128-CBC
tls-client
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3
.....

openvpn --version

Code: [Select]
OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014
Quote from: Angristan
TLS version

OpenVPN uses TLS 1.0 by default, which is nearly 20 years old.

With tls-version-min 1.2 we use at least TLS 1.2, which the best protocol available currently. I could have used tls-version-min highest but this does not ensure we use TLS 1.2 which is the only secure protocol available.

OpenVPN documentation for tls-version-min

TLS 1.2 is only supported since OpenVPN 2.3.3. This is one of the reasons of the script uses third-party repositories, because some distributions have an older version of OpenVPN.

So my version openvpn does not support TLS 1.2 ? How to upgrade?



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #1 on: January 17, 2017, 07:58:24 AM
Hi,

This is not openvpn support forum, but pls check https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos. And If i remember well you will need to use 1 and not 1.2 (didn't try on up-line version) and if you install last version you will need to set ciphers as well, but check and keep us posted.
« Last Edit: January 17, 2017, 09:19:06 AM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


XenFox

  • Newbie
  • *
  • Posts: 10
    • View Profile
Reply #2 on: January 17, 2017, 09:08:58 PM
Quote from: ZEROF
check https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos
Strange. If you choose:
Quote
release/2.3: OpenvPN 2.3 releases
trusty (Ubuntu 14.04)
it is set openvpn 2.3.14 and everything works. Ie there is no error when connecting.

If you select
Quote
release/2.4: OpenVPN 2.4 releases, including alphas/betas/RCs
trusty (Ubuntu 14.04)
Also it works.

Quote from: ZEROF
you will need to set ciphers as well
What you have in mind?
I am from Russia and my english = Google Translate.
Thanks for the help!
« Last Edit: January 17, 2017, 09:13:15 PM by XenFox »



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #3 on: January 17, 2017, 11:33:00 PM
Hi,

You can grab some settings here https://gist.github.com/pwnsdx/8fc14ee1e9f561a0a5b8


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*