When using a manual OpenVPN configuration, some users may see the following warnings upon connecting:
Fri Jul 15 19:06:53 2016 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC' Fri Jul 15 19:06:53 2016 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1' Fri Jul 15 19:06:53 2016 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
These warnings indicate that there is a difference between the expected options on your client and the gateway. Because OpenVPN forces the encryption cipher and authentication hash specified by your client, this does not pose any security issues and is not anything to worry about. Using our default OpenVPN configuration files also prevents these warnings.
If you wish to confirm the encryption and authentication settings that your connection is brought up with, you can increase the verbosity of your logs. To do this, add ‘- verb 4’ to your OpenVPN configuration file. Afterward, you will be able to see lines similar to the following while connecting, specifying the exact security your connection is brought up with:
Fri Jul 15 19:06:53 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Fri Jul 15 19:06:53 2016 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication Fri Jul 15 19:06:53 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key Fri Jul 15 19:06:53 2016 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
In this case, we can see that the connection is brought up using the AES-256-CBC encryption cipher and the SHA256 authentication hash.