OpenVPN 2.3.2 conflicts with tls-version-min

Started by XenFox, January 17, 2017, 12:21:48 AM

Previous topic - Next topic


After installing and configuring openvpn server by using this script
Can not connect via openvpn client because of an error

Options error: Unrecognized option or missing parameter(s) in client.ovpn:13: tls-version-min (2.3.2)

File Contents client.ovpn

proto udp
remote 1194
dev tun
resolv-retry infinite
remote-cert-tls server
auth SHA256
cipher AES-128-CBC
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-128-GCM-SHA256
setenv opt block-outside-dns
verb 3

openvpn --version

OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014

Quote from: AngristanTLS version

OpenVPN uses TLS 1.0 by default, which is nearly 20 years old.

With tls-version-min 1.2 we use at least TLS 1.2, which the best protocol available currently. I could have used tls-version-min highest but this does not ensure we use TLS 1.2 which is the only secure protocol available.

OpenVPN documentation for tls-version-min

TLS 1.2 is only supported since OpenVPN 2.3.3. This is one of the reasons of the script uses third-party repositories, because some distributions have an older version of OpenVPN.

So my version openvpn does not support TLS 1.2 ? How to upgrade?



This is not openvpn support forum, but pls check And If i remember well you will need to use 1 and not 1.2 (didn't try on up-line version) and if you install last version you will need to set ciphers as well, but check and keep us posted.

Don't ask, read :
or just run sudo rm -rf /*


Quote from: ZEROFcheck
Strange. If you choose:
Quoterelease/2.3: OpenvPN 2.3 releases
trusty (Ubuntu 14.04)
it is set openvpn 2.3.14 and everything works. Ie there is no error when connecting.

If you select
Quoterelease/2.4: OpenVPN 2.4 releases, including alphas/betas/RCs
trusty (Ubuntu 14.04)
Also it works.

Quote from: ZEROFyou will need to set ciphers as well
What you have in mind?
I am from Russia and my english = Google Translate.
Thanks for the help!


Don't ask, read :
or just run sudo rm -rf /*