search

wfg / docker-openvpn-client

OpenVPN client with killswitch and proxy servers; built on Alpine
MIT License
353 stars 107 forks source link

Deprecated openvpn option #94

Open pablos-here opened 1 year ago

pablos-here commented 1 year ago

As reported during startup ....

2023-01-25 21:37:54 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

wfg commented 1 year ago

I believe --cipher comes from the OpenVPN config supplied by the user. How do you propose to fix this one?

pablos-here commented 1 year ago

Hey @wfg,

I took the coward's approach and followed the recommendation from the chimp[1], adding the following to openvpn_args:

"--data-ciphers-fallback" "AES-256-CBC"

Reference

podman logs -f openvpn-client

... 2023-01-26 17:51:31 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. ...