From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.1 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject; bh=0FMOql8vAb8RLNBo8MrqK7bl5Vajc2sB4Ez1zrzmeIU=; b=qqnoCnuvu/Fwx4IQcRXvtdB2+XMyhaMGdCo1pfEfpwHnk63/lvfetvEkGq7gvEKXb3XkG33+Rg1IARZyA7/YBgHoWzr9o4uiRtzPVPP4TVxZ8Z1FelT9v+y/biF9Vdg5WUHss7mHbdcYO2OOAu5kC25tQ7Ry+88kOwQaw5f8hkQ=; To: sysadmins@lists.altlinux.org References: <40808878-0e05-c465-f9f5-cb28d0e0598d@mail.ru> <20190904073644.GA32096@lks.home> <5e0e3e21-06db-7abe-22ff-e7ff13d73b27@mail.ru> <20190904091455.GA16790@lks.home> From: Vladimir Karpinsky Message-ID: <65dccceb-68be-559d-9246-80c6db9bd799@mail.ru> Date: Wed, 4 Sep 2019 14:25:14 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190904091455.GA16790@lks.home> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Language: ru-English Content-Transfer-Encoding: 8bit Authentication-Results: smtp48.i.mail.ru; auth=pass smtp.auth=vkarpinsky@mail.ru smtp.mailfrom=vkarpinsky@mail.ru X-77F55803: 689590B63E0A4B015A78504BD2AC29415E7F7F64BD502CF8A7F3C592FE170ABB6700ECD7D3129EA2CCE90CC72EEB21B4 X-7FA49CB5: 0D63561A33F958A54F11CD5AF2E07FFA445406752AE8C5536E43FFF965882C028941B15DA834481FA18204E546F3947C2FFDA4F57982C5F4F6B57BC7E64490618DEB871D839B7333395957E7521B51C2545D4CF71C94A83E9FA2833FD35BB23D27C277FBC8AE2E8BF1175FABE1C0F9B6A471835C12D1D977C4224003CC8364767815B9869FA544D8D32BA5DBAC0009BE9E8FC8737B5C2249F9238D9F5226D9303AA81AA40904B5D9CF19DD082D7633A093541453170D46FCD81D268191BDAD3D78DA827A17800CE7DDDE6F507EF0BBA3EC76A7562686271ED187B4DA314F1B5535872C767BF85DA227C277FBC8AE2E8BD59356A84A1D4201492209DFC1D2378235872C767BF85DA2F004C906525384306FED454B719173D6462275124DF8B9C99B0B8D173C204012BD9CCCA9EDD067B1EDA766A37F9254B7 X-Mailru-Sender: 47CC51BD8988F12311C17B824601663DA151B5A225E8932D9DE2D80CFE41C3DDBB59C3DA11509993189086648D43AF80C77752E0C033A69E9629CB05D30F4213116F0678BC710751AE208404248635DF X-Mras: OK Subject: Re: [Sysadmins] p8 -> p9 X-BeenThere: sysadmins@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux sysadmins' discussion List-Id: ALT Linux sysadmins' discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Sep 2019 11:25:18 -0000 Archived-At: List-Archive: 04.09.2019 12:14, Konstantin Lepikhov пишет: > Hi Vladimir! > > On 09/04/2019, at 10:57:13 AM you wrote: > > >> Эту опцию куда надо прикручивать? Я пытался в конфиг клиента, поскольку >> именно он ругается на слабость сертификата, но он ругается и вообще не >> запускается. > как ругается? с каким конфигом запускаете клиента? Ругань: 2019-09-03T21:09:11.463616+03:00 pullet openvpn[8005]: OpenSSL: error:140E6118:SSL routines:ssl_cipher_process_rulestr:invalid command 2019-09-03T21:09:11.463896+03:00 pullet openvpn[8005]: Failed to set restricted TLS cipher list: “DEFAULT:@SECLEVEL=0” Конфиг: client tls-cipher “DEFAULT:@SECLEVEL=0” dev tun proto udp remote server.ru 1194 resolv-retry infinite nobind user openvpn group openvpn persist-key persist-tun keepalive 10 120 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/Pullet.cert key /etc/openvpn/keys/Pullet.key comp-lzo verb 3 mute 20 -- VK.