[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

RE: [Openvpn-users] resolved: new openvpn problem

  • Subject: RE: [Openvpn-users] resolved: new openvpn problem
  • From: "Tibbs, Richard" <rwtibbs@xxxxxxxxxxx>
  • Date: Sun, 5 Dec 2004 19:40:17 -0500

Thanks very much, Jim.
If you don't mind I have a few additional questions.
1) If I recall correctly the mode command (mode server, mode client)
came in with 2.0, right?  Does this relate to the openvpn.conf directive
"tls-server"? IAW, is mode server the same as tls-server, or a different

2) When you say client/server mode below -- do you mean in either client
or server mode?  I am a bit confused here.

3) As I mentioned, someone from leaf-user compiled in ip(2) support
using the 1.6 tarball. Is the same true of the openvpn 1.6 pre-compiled
binaries from openvpn.sourceforge.net? 


-----Original Message-----
From: James Yonan [mailto:jim@xxxxxxxxx] 
Sent: Sunday, December 05, 2004 7:22 PM
To: Tibbs, Richard
Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [Openvpn-users] resolved: new openvpn problem

On Sun, 5 Dec 2004, Tibbs, Richard wrote:

> OK, what I had to do, since I had compiled in ip(2) support is get rid
> of the up script altogether and add a route command.
> I have now a working tun0 link. What works in openvpn.conf is shown
> below.
> I did a little documentation for my own sanity.
> I am still confused by one thing. In the openvpn 2.x readme (installed
> on my winXP wireless laptop) it says
> "
> * To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, put this in
> 1.x
> config file:
>   tun-mtu 1500
>   tun-mtu-extra 32
>   mssfix 1450
>   key-method 2
> * For TLS usage, --key-method 2 is now the default.  Use --key-method
> to
> communicate with 1.x.
> "
> The last sentence seems to contradict the 1.x configs above it.
> I assume they mean to say key-method 1 the first time, Right??

No, both statements are correct.  The main point is that the
parameter must be the same on both sides of the connection.

The best thing would be to add "key-method 2" to 1.x configs, to be 
compatible with the default 2.0 key method which is 2.

But you could also leave the 1.x key-method at 1 (the default) and then 
explicitly add "key-method 1" to the 2.0 config.  2.0 can use key-method

1, but not in client/server mode.