Would be really thankful if anyone could help. My OpenVPN version is 2.2.1-8 according to
apt-cache show openvpn
According to numerous sources you have to use -ncp-disable in order to turn off encryption on your server side. Now I have tried all of the following (separately and one by one of course):
ncp-disable
-ncp-disable
--ncp-disable
ncp-disable-
-ncp-disable-
--ncp-disable--
--ncp-disable-
ncp disable
disable ncp
cipher none
but none of them works after I restart my openvpn. It always says, "starting VPN failed". Now what are the correct lines and where do I have to put them in my vpn.conf in order for them to work? Perhaps it should be something totally different in my openvpn version? I would be really grateful for any suggestions as I am totally clueless now.
P.S. It's working perfectly fine without any of these lines at all.
P.S.S. Here are my config files as asked by Nikita:
Server:
daemon
port 1194
proto udp
dev tun0
ca /etc/openvpn/easy-rsa-first/keys/ca.crt
cert /etc/openvpn/easy-rsa-first/keys/name.com.crt
key /etc/openvpn/easy-rsa-first/keys/name.com.key
dh /etc/openvpn/easy-rsa-first/keys/dh2048.pem
server 1.2.3.4 255.255.255.0
ifconfig-pool-persist openvpn.dhcp
push "redirect-gateway"
push "dhcp-option DNS 1.2.3.4"
push "dhcp-option DNS 208.67.222.222"
push "route 1.2.3.4 255.255.255.0"
keepalive 10 120
comp-lzo
user myvpn
group myvpn
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 7
mute 20
#;push "route 192.168.0.0 255.255.255.0"
#;push "route 192.168.173.0 255.255.255.0"
#;client-config-dir ccd
#;route 192.168.40.128 255.255.255.248
#;client-to-client
#;max-clients 3
============================
Client:
float
client
dev tun0
proto udp
remote 1.2.3.4 1194
;redirect-gateway
resolv-retry infinite
nobind
persist-key
persist-tun
ca "ca.crt"
cert "Certificate.crt"
key "Key.key"
auth-nocache
ns-cert-type server
comp-lzo
verb 7
mute 20
Your OpenVPN is quite old. And
ncp-disabledoes not disable encryption. Official OpenVPN manual says:OpenVPN introduced a cipher negotiation in version 2.4, and this directive is meant as a debug aid to disable negotiation and to work like previous versions, which just used whatever is configured with
cipheroption in them, defaulting toBF-CBCif that option is missing. Versions 2.3 and below don't support NCP and therefore don't have this directive and its use should result in an error. Also, this directive is deprecated in OpenVPN 2.5 and 2.6 and will be removed in, I think, in 2.7.There is also a part in manual just near that, which directly says how to disable encryption:
You write in the config file:
to disable encryption. You still might need to use this
ncp-disableoption on systems where OpenVPN 2.4 to 2.6 is installed and intended to connect to this server. I believe it isn't possbile to setncp-ciphers none, but I didn't checked it.Also note. Trying random strings as options never helps, and can even cause harm if you accidentally hit something meaningful. Manual lists all available directives, and also there is specified that you write them with with two dashes (like
--ncp-disable) on the command line, but without leading dashes (likencp-disable) in the config file.I strongly suggest to always consult with official manuals first, and only if it isn't clear enough to look for additional third-party information. And always check that information agianst official manual which is available on Unix-like systems as
man openvpnand corresponds to the used version.Gee.. boy my stupid. There was nothing to it when you do it the other way around. I simply added another cipher instead of turning encryption off. It looks like it's impossible to turn it off at all in these old versions. I couldn't find it how anyway..
So what did the trick for me was adding those two in my openvpn.vpn config file server side like this:
The front door was closed but the back door was opened so I entered there and it worked.