Warning msgs in log file 380.66_2 Openvpn server

[eastavin]

Noticed the following warning messages coming up regularly with variations depending on what settings are used in the advanced settings screen on server1. In each case a matching OVPN file had been generated and used. Why would the OVPN file not match the server side settings exactly when generated by the system and no edits made?

I realize they are warnings only and a reasonable parameter was negotiated in the end (I checked) but how is it that the system proposes a BF-CBC cipher? This was broken back in the 1990s. It does not even appear in any of the settings screens on the advanced page. So I cant deselect anything.

There is also a mismatch between router and remote for link-mtu and auth. Could be a few more.

ex 1. OpenVPN server1
May 23 14:20:41 openvpn[1417]: 70.29.4.48 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1542', remote='link-mtu 1558'
May 23 14:20:41 openvpn[1417]: 70.29.4.48 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-128-CBC'

ex 2. Default settings for OpenVPN server1 except TLS control channel security set to ENCRYPT CHANNEL.
May 26 08:52:12 openvpn[28537]: 70.29.7.204 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1550'
May 26 08:52:12 openvpn[28537]: 70.29.7.204 WARNING: 'cipher' is used inconsistently, local='cipher AES-128-CBC', remote='cipher AES-128-GCM'
May 26 08:52:12 openvpn[28537]: 70.29.7.204 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
May 26 08:52:12 openvpn[28537]: 70.29.7.204 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 1024 bit RSA

Thoughts appreciated.

 

[RMerlin]

This usually happens if you have Negotiation enabled, but the remote end doesn't support it.