Results 1 to 4 of 4

Thread: Error from openvpn option

  1. #1
    Join Date
    Aug 2008
    Location
    Mexico and Sweden
    Posts
    1,288

    Default Error from openvpn option

    Invoking
    Code:
    /usr/sbin/openvpn --help
    indicates an option
    Code:
    --cipher alg    : Encrypt packets with cipher algorithm alg
                      (default=BF-CBC).
                      Set alg=none to disable encryption.
    and
    Code:
    openvpn --show-ciphers
    tells me
    Code:
    AES-256-CBC  (256 bit key, 128 bit block)
    is one of the algorithms. But when I invoke
    Code:
    /usr/sbin/openvpn --cipher AES-256-CBC Ireland.ovpn
    Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: cipher (2.4.3)
    Use --help for more information.
    or
    Code:
    /usr/sbin/openvpn --cipher=AES-256-CBC Ireland.ovpnOptions error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: cipher=AES-256-CBC (2.4.3)
    Use --help for more information.
    ...it errors out. What am I doing wrong? Thanks in advance.

  2. #2
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,641
    Blog Entries
    3

    Default Re: Error from openvpn option

    Quote Originally Posted by ionmich View Post
    What am I doing wrong?
    Well, I don't know. And I don't use openvpn.

    When I look at the man page, it tells me to use:
    Code:
    openvpn [ options ... ]
    On your command line, the "Ireland.ovpn" part does not look like an option.

    Is that the name of a config file? If so, then shouldn't it be "--config Ireland.opvn"?
    openSUSE Leap 15.1; KDE Plasma 5;
    testing Leap 15.2Alpha

  3. #3
    Join Date
    Aug 2008
    Location
    Mexico and Sweden
    Posts
    1,288

    Default Re: Error from openvpn option

    Quote Originally Posted by nrickert View Post
    Well, I don't know. And I don't use openvpn.

    When I look at the man page, it tells me to use:
    Code:
    openvpn [ options ... ]
    On your command line, the "Ireland.ovpn" part does not look like an option.

    Is that the name of a config file? If so, then shouldn't it be "--config Ireland.opvn"?
    Ireland.opvn is a config file but as the following shows it works without --config. But I will test using your suggestion.

    Code:
    linux-i1f2:/etc/openvpn # /usr/sbin/openvpn Ireland.ovpn
    Sat Apr 27 21:58:18 2019 WARNING: file 'pass.txt' is group or others accessible
    Sat Apr 27 21:58:18 2019 OpenVPN 2.4.3 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017
    Sat Apr 27 21:58:18 2019 library versions: OpenSSL 1.1.0i-fips  14 Aug 2018, LZO 2.10
    Sat Apr 27 21:58:18 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]23.92.127.2:1194
    Sat Apr 27 21:58:18 2019 UDP link local: (not bound)
    Sat Apr 27 21:58:18 2019 UDP link remote: [AF_INET]23.92.127.2:1194
    Sat Apr 27 21:58:18 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Sat Apr 27 21:58:19 2019 [180cbd4dde946350e690d0f40070d450] Peer Connection Initiated with [AF_INET]23.92.127.2:1194
    Sat Apr 27 21:58:25 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Sat Apr 27 21:58:25 2019 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Sat Apr 27 21:58:25 2019 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
    Sat Apr 27 21:58:25 2019 TUN/TAP device tun0 opened
    Sat Apr 27 21:58:25 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
    Sat Apr 27 21:58:25 2019 /bin/ip link set dev tun0 up mtu 1500
    Sat Apr 27 21:58:25 2019 /bin/ip addr add dev tun0 local 10.16.10.10 peer 10.16.10.9
    Sat Apr 27 21:58:25 2019 Initialization Sequence Completed

  4. #4
    Join Date
    Aug 2008
    Location
    Mexico and Sweden
    Posts
    1,288

    Default Re: Error from openvpn option

    You are correct. Even though
    Code:
    /usr/sbin/openvpn Ireland.ovpn
    works. When another option is used it does not work. So the correct syntax is
    Code:
    /usr/sbin/openvpn --cipher AES-256-CBC --config Ireland.ovpn
    Many thanks for pointing that out.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •