48 lines
1.1 KiB
Plaintext
48 lines
1.1 KiB
Plaintext
# ---
|
|
# Error: Option conflict: 'build-client-full' does not support setting an external commonName
|
|
# ---
|
|
|
|
# workarround:
|
|
#
|
|
# see: https://github.com/OpenVPN/easy-rsa/issues/717
|
|
#
|
|
# EASYRSA_REQ_CN should probably be removed from vars.example.
|
|
|
|
fqp_path_to_vars="/etc/openvpn/server/gw-ckubu/easy-rsa/vars"
|
|
|
|
perl -i -n -p -e "s/^\s*(set_var\s+EASYRSA_REQ_CN.*)/#####\1/g" ${fqp_path_to_vars}
|
|
|
|
# ---
|
|
# Error: AEAD Decrypt error: bad packet ID
|
|
# ---
|
|
|
|
# see also:
|
|
# https://askubuntu.com/questions/1136003/aead-decrypt-error-bad-packet-id-on-openvpn-using-udp
|
|
|
|
# Adjust MTU settings
|
|
#
|
|
# Note:
|
|
# =====
|
|
#
|
|
# With a TUN-style tunnel over UDP using the default TLS options,
|
|
# the per-packet overhead is:
|
|
#
|
|
# - 41 bytes security layer overhead (includes packet tag (1),
|
|
# HMAC-SHA1 signature (20), initialization vector (16),
|
|
sequence number (4))
|
|
#
|
|
# - 28 bytes tunneling overhead (includes IP + UDP header)
|
|
#
|
|
# - Total: 69 bytes per packet
|
|
#
|
|
# => maybe 'mssfix 1431' is sufficient
|
|
#
|
|
tun-mtu 1500
|
|
mssfix 1300
|
|
push "tun-mtu 1500"
|
|
|
|
# ---
|
|
# End: Error: AEAD Decrypt error: bad packet ID
|
|
# ---
|
|
|