Jump to content
TorGuard
  • 0

OpenVPN Warning: tun-mtu and link-mtu used inconsistently

Rate this question


nosuchthing
 Share

Question

When I launch my .ovpn configuration with:

 

"sudo openvpn --config TorGuard.TCP.ovpn"

 

I receive three warnings that I am having trouble fixing. Although I do have a connection that seems to work well.  I rather not have any warnings.

 

WARNING:  'link-mtu' is used inconsistently, local='link-mtu 1560', remote='link-mtu 1592'

WARNING:  'tun-mtu' is used inconsistently, local='tun-mtu 1500', remote='tun-mtu 1532'

 

and

 

WARNING: file 'auth.txt' is group or others accessible

 

Here is my TorGuard.TCP.ovpn file contents.

 

client

dev tun

redirect-gateway def1

 

proto tcp

# The xxxx are replaced with whichever country

remote xxxxx.torguardvpnaccess.com 995

 

resolv-retry infinite

nobind

persist-key

persist-tun

 

ca ca.crt

remote-cert-tls server

cipher AES-256-CBC

 

auth-user-pass auth.txt

comp-lzo

verb 1

reneg-sec 0

auth-nocache

 

;link-mtu 1592

;tun-mtu 1532

 

user nobody

group nobody

 

dhcp-option DNS 10.23.0.1

 

To address the first two warnings, I though to add the link-mtu 1592 and tun-mtu 1532 to match the remote server, but recieved an error that I can't specify both.  So I kept the link-mtu 1592 and took out the tun-mtu 1532.  This configuration seemed to work the best because I no longer have the first two warnings, but a new one:

 

WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1532)

 

How should I configure my link-mtu and tun-mtu with warnings and what would be a good way to secure my auth.txt file to remove the the group accessibility?

 

Thank you for your time.

 

 

 

 

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • 0

I followed the instructions at:

 

https://torguard.net/knowledgebase.php?action=displayarticle&id=32

 

I used the TorGuardPro config files linked to from the link above and TCP generated config files.  I changed the .ovpn to .conf and ran it.  I was able to get a connection, but it was no better than the customized connection I did above.

 

I still receive the link-mtu and tun-mtu warnings, but also securities warnings that the ciphers in the config file is 64 bits and vulnerable to attacks.  So right now the configuration I provided above is better than the instructions provided by the link.

Link to comment
Share on other sites

  • 0

I followed the instructions at:

 

https://torguard.net/knowledgebase.php?action=displayarticle&id=32

 

I used the TorGuardPro config files linked to from the link above and TCP generated config files.  I changed the .ovpn to .conf and ran it.  I was able to get a connection, but it was no better than the customized connection I did above.

 

I still receive the link-mtu and tun-mtu warnings, but also securities warnings that the ciphers in the config file is 64 bits and vulnerable to attacks.  So right now the configuration I provided above is better than the instructions provided by the link.

 

Hi -  it may also be pushed from server side - please test the following IP: 96.47.237.170 using the same cipher and config in your initial post - remove the link-mtu 1592 line you added and use below - let me know if you receive any warnings now.

 

         client

dev tun

redirect-gateway def1

 

proto tcp

# The xxxx are replaced with whichever country

remote 96.47.237.170 995

 

resolv-retry infinite

nobind

persist-key

persist-tun

 

ca ca.crt

remote-cert-tls server

cipher AES-256-CBC

 

auth-user-pass auth.txt

comp-lzo

verb 1

reneg-sec 0

auth-nocache

 

user nobody

group nobody

 

dhcp-option DNS 10.23.0.1

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...