[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] resolved: new openvpn problem

  • Subject: Re: [Openvpn-users] resolved: new openvpn problem
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Sun, 5 Dec 2004 17:21:41 -0700 (MST)

On Sun, 5 Dec 2004, Tibbs, Richard wrote:

> OK, what I had to do, since I had compiled in ip(2) support is get rid
> of the up script altogether and add a route command.
> I have now a working tun0 link. What works in openvpn.conf is shown
> below.
> I did a little documentation for my own sanity.
> I am still confused by one thing. In the openvpn 2.x readme (installed
> on my winXP wireless laptop) it says
> "
> * To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, put this in the
> 1.x
> config file:
>   tun-mtu 1500
>   tun-mtu-extra 32
>   mssfix 1450
>   key-method 2
> * For TLS usage, --key-method 2 is now the default.  Use --key-method 1
> to
> communicate with 1.x.
> "
> The last sentence seems to contradict the 1.x configs above it.
> I assume they mean to say key-method 1 the first time, Right??

No, both statements are correct.  The main point is that the --key-method 
parameter must be the same on both sides of the connection.

The best thing would be to add "key-method 2" to 1.x configs, to be 
compatible with the default 2.0 key method which is 2.

But you could also leave the 1.x key-method at 1 (the default) and then 
explicitly add "key-method 1" to the 2.0 config.  2.0 can use key-method 
1, but not in client/server mode.


Openvpn-users mailing list