Just the nasty folks on the internet trying to break in.....
To be safe, I'd do as
@L&LD suggested and change your username/password. In addition, use a non-standard port (make yourself hidden a bit better
)
Thanks john and L&LD.
I did a 1194 port scan from internet and it appears closed. There is no log seen. I suppose when I see TLS handshake error is a security concern. I have change username/password and port as suggested. I have also try to change the cipher key from aes-128-cbc to aes-256-gcm.
What I noticed is with aes-256-cbc, sha is used.
Dec 6 13:04:33 openvpn[21189]: xx:27955 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1602'
Dec 6 13:04:33 openvpn[21189]: xx:27955 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
Dec 6 13:04:33 openvpn[21189]: xx:27955 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Dec 6 13:04:33 openvpn[21189]: xx:27955 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Dec 6 13:04:33 openvpn[21189]: xx:27955 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
However, with aes-256-gcm, sha key is not used by the router even it is configured.
Dec 6 13:24:27 openvpn[25156]: xx:49561 WARNING: 'link-mtu' is present in local config but missing in remote config, local='link-mtu 1550'
Dec 6 13:24:27 openvpn[25156]: xx:49561 WARNING: 'tun-mtu' is present in local config but missing in remote config, local='tun-mtu 1500'
Dec 6 13:24:27 openvpn[25156]: xx:49561 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
Dec 6 13:24:27 openvpn[25156]: xx:49561 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 6 13:24:27 openvpn[25156]: xx:49561 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Dec 6 13:24:27 openvpn[25156]: xx:49561 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 1024 bit RSA
Is this normal? Which one do you recommend to use? My device can connect with both configuration. Also, is there any text I can manually add in the client file regarding link and tun mtu size?