Jump to content
TorGuard
  • 0

Warnings About Inconsistently Used Options

Rate this question


Harry Muscle
 Share

Question

I'm using a standard configuration built with the web config generator:

client

dev tun

proto udp

remote ca.torguard.com 1195

remote-cert-tls server

auth SHA256

key-direction 1

setenv CLIENT_CERT 0

<tls-auth>

-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----

</tls-auth>

resolv-retry infinite

nobind

tls-version-min 1.2

cipher AES-128-GCM

auth-user-pass

compress

ncp-disable

tun-mtu-extra 32

<ca>

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

</ca>

 

However, my logs keep getting filled with the following warnings:

2021-08-26 15:04:53 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1582', remote='link-mtu 1569'

2021-08-26 15:04:53 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'

2021-08-26 15:04:53 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'

2021-08-26 15:04:53 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA256'

2021-08-26 15:04:53 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'

 

I can fix the tun-mtu warning by removing the tun-mtu-extra 32 entry and the keysize warning can be fixed by changing the cipher to AES-256-CGM.  The comp-lzo warning seems to be fixable by removing the compress entry.  However that still leaves the link-mtu warning and the auth warning.  I'm especially stumped on the link-mtu issue.  The tun and link mtu seems to be linked, however, locally they are 50 bytes apart while remotely they are 69 bytes apart.  How can I get the local settings to match the remote settings to get rid of this warning.

Link to comment
Share on other sites

1 answer to this question

Recommended Posts

  • 0

So the server for OpenVPN will try and match your configuration with the "most secure" alternative or "current compatibility". 

 

MTU will really only affect the size of packets and maybe overall speed but I wouldn't change the config that's generated. 

 

You can see on Torguard's servers page which protocols and encryption protocols are supported. If you have a preference or are particular about any settings just choose from that:

 

https://torguard.net/network/

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...