Autonegotiate connection settings

Got a problem with Viscosity or need help? Ask here!

ari

Posts: 3
Joined: Sat May 27, 2017 6:48 pm

Post by ari » Mon Jun 05, 2017 10:33 pm
The new 1.7.2 beta appears to solve many of my connection issues, thanks.

Unrelated to these issues I note that for my setup I need to add some custom advanced settings in Viscosity. This is despite the fact that it should be able to autonegotiate its connection:
Code: Select all
2017-06-05 22:29:13: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1544', remote='link-mtu 1604'
2017-06-05 22:29:13: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
2017-06-05 22:29:13: WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA512'
2017-06-05 22:29:13: WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
So it gets the remote settings, but ignores them and uses some local defaults instead. Surely Viscosity (or OpenSSL?) could do better?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Jun 08, 2017 7:10 pm
Hi ari,

This is normal OpenVPN behaviour. Basically it's stating that one or more of your settings set locally do not match what the server has set. For example, the cipher being used for encryption set in the client does not match what the server has set. These must match.

OpenVPN does support auto-configuration of many options. For example the OpenVPN server can be set up to "push" many commands to the client, and OpenVPN version 2.4 supports cipher negotiation (see the ncp-ciphers command). However the OpenVPN server must be set up appropriately (and be using the latest version for 2.4 features). If you want to support these types of things you should contact your VPN Provider or VPN Server Administrator.

Otherwise if you're not happy with some of OpenVPN's core behaviour I'm afraid that's something you'd have to bring up with the OpenVPN development team (such as on the openvpn-devel mailing list).

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1