[2.6 beta1 w/ dco]Remove link-mtu warning.

[Originalimoc]

Identical --cipher/--data-cipher AES-128-GCM/--auth SHA256/--data-cipher-fallback/compression no setting among server and clients, no link-mtu config.

Client still log:
WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1516', remote='link-mtu 1513'

Lack of documentation on how it's computed, and no real effect, DEPRECATED anyway, just remove it.

[Originalimoc]

Looks like it's internally auto-generated [src/openvpn/options.c]. I think the solution is removing this option as soon as possible as 2.6 is still in early beta?

[Originalimoc]

It's directly affecting 7 src files... Wonder what's the point of this at the beginning

[schwabe]

We need more information of your configuration. Normally if all is identical we should have not have these warnings.

Btw: Just because you do not see point or where the warning come from, does not mean that they are/were pointless. Your wording feels extremely agressive/insulting to me.

[Originalimoc]

yes weird indeed, wait.

I didn't say they are/were pointless, where the impression comes from
extremely agressive/insulting?
????????
better?

[Originalimoc]

client:

daemon
dev tun11
persist-tun
proto udp
tun-mtu 1428
remote 127.0.0.1 1080
nobind
explicit-exit-notify 2
connect-retry 1 3
client
allow-compression no
data-ciphers AES-128-GCM
auth SHA512
auth-nocache
script-security 2
remote-cert-tls server
tls-crypt tlscrypt.key
ca ca.crt
cert main1.crt
key main1.key
reneg-sec 10000
hand-window 5
tran-window 86000
persist-key
ping 0
ping-restart 3600
replay-window 5000 3
mute 20
mlock

[Originalimoc]

server:

daemon
port 1080
proto udp
float
explicit-exit-notify 1
tun-mtu 1428
dev tun21
txqueuelen 1000
client-config-dir /etc/openvpn/ccd1
persist-tun
persist-key
data-ciphers AES-128-GCM
auth SHA512
auth-nocache
allow-compression no
tls-crypt tlscrypt.key
ca ca.crt
cert server.crt
key server.key
dh dh.pem
remote-cert-eku "TLS Web Client Authentication"
reneg-sec 10000
hand-window 5
tran-window 86000
server 10.0.0.0 255.255.255.0
block-ipv6
topology subnet
client-to-client
replay-window 5000 3
connect-retry 3 15
ping 0
ping-restart 3600
sndbuf 11796480
rcvbuf 11796480
mlock
push "sndbuf 11796480"
push "rcvbuf 11796480"

[Originalimoc]

where's that 3 bytes discrepancy coming from...

[schwabe]

Please don't use the bug tracker like a chat. There is no need to split your one message into four individual ones. Also please provide a verb 4 log from both client and server as that will show the computation. This is probably triggered by persist-key or persist-tun but I would like to see complete logs from client and server to test my theory

[Originalimoc]

Probably, I'll test it later.
Yeah. You just reminded me Github bug tracker will send an email every time, maybe that's annoying to some people?
How about opening the discussion section on this repo?

[schwabe]

This repository is only for reporting bug. If you want to discuss, there is http://forum.openvpn.net

[schwabe]

@Originalimoc I am still waiting for your log files.

[Originalimoc]

Next workday.

[schwabe]

Closing this issue as the submitter is unwilling to cooperate and providing logfiles. If someone can provide log files for this issue I am happy to reopen to investigate this ticket.

[cron2]

I'm reopening this, as we are still interested to find a good solution for the link-mtu is used inconsistently warnings.

With the new code, this is easily triggered by having identical tun-mtu on both sides, but different overhead calculation (due to config settings that get later replaced by pushed values from the server anyway, like cipher), and also due to 2.5 and earlier sending bogus values due to incorrect calculations. We don't actually need the original poster's log file for this, I have tons of examples :-)

("Just remove the warning" would fix things for 2.6, but clients connecting with an older version would still print the warning, but maybe there is no way we can make this work in a satisfying way. We could remove the warning from the 2.5 codebase as well, of course...)

[cron2]

The warning was effectively removed from 2.6 by changing the log level so it only appears if you really want to see it (via commit bfd0ef3). 2.5 to 2.6 will still log this on the 2.5 side.