Bernhard.Linz/openvpn-install
1
0
Fork 0
mirror of https://github.com/angristan/openvpn-install.git synced 2025-12-16 08:57:03 +01:00
Code Issues Projects Releases Wiki Activity

feat: use modern data-ciphers naming while maintaining 2.4 compatibility (#1363)

Browse Source 
## Summary

- Add `data-ciphers` directive alongside `ncp-ciphers` for
future-proofing
- Server config now emits both `data-ciphers` and `ncp-ciphers`
- Client config adds `ignore-unknown-option data-ciphers`,
`data-ciphers`, and `ncp-ciphers` for full backward compatibility with
OpenVPN 2.4 clients

## Context

The `ncp-ciphers` option is a legacy alias of `data-ciphers` that is
still accepted but deprecated in OpenVPN 2.5+. This change aligns with
modern naming conventions while maintaining compatibility with older 2.4
clients.
This commit is contained in:
Stanislas
2025-12-12 10:23:36 +01:00
committed by GitHub
parent 693b4c31fc
commit 3bc52d245b
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -309,7 +309,7 @@ The script supports the following ciphers:
And defaults to `AES-128-GCM`. And defaults to `AES-128-GCM`.
OpenVPN 2.4 added a feature called "NCP": _Negotiable Crypto Parameters_. It means you can provide a cipher suite like with HTTPS. It is set to `AES-256-GCM:AES-128-GCM` by default and overrides the `--cipher` parameter when used with an OpenVPN 2.4 client. For the sake of simplicity, the script set both the `--cipher` and `--ncp-cipher` to the cipher chosen above. OpenVPN 2.4 added a feature called "NCP": _Negotiable Crypto Parameters_. It means you can provide a cipher suite like with HTTPS. It is set to `AES-256-GCM:AES-128-GCM` by default and overrides the `--cipher` parameter when used with an OpenVPN 2.4 client. For the sake of simplicity, the script sets `--cipher` (fallback for non-NCP clients), `--data-ciphers` (modern OpenVPN 2.5+ naming), and `--ncp-ciphers` (legacy alias for OpenVPN 2.4 compatibility) to the cipher chosen above.
### Control channel ### Control channel

5
openvpn-install.sh
View File

@@ -1240,6 +1240,8 @@ cert $SERVER_NAME.crt
key $SERVER_NAME.key key $SERVER_NAME.key
auth $HMAC_ALG auth $HMAC_ALG
cipher $CIPHER cipher $CIPHER
ignore-unknown-option data-ciphers
data-ciphers $CIPHER
ncp-ciphers $CIPHER ncp-ciphers $CIPHER
tls-server tls-server
tls-version-min 1.2 tls-version-min 1.2
@@ -1389,6 +1391,9 @@ verify-x509-name $SERVER_NAME name
auth $HMAC_ALG auth $HMAC_ALG
auth-nocache auth-nocache
cipher $CIPHER cipher $CIPHER
ignore-unknown-option data-ciphers
data-ciphers $CIPHER
ncp-ciphers $CIPHER
tls-client tls-client
tls-version-min 1.2 tls-version-min 1.2
tls-cipher $CC_CIPHER tls-cipher $CC_CIPHER