From 64be4e9ad4b210483dd03191ab1317c99420ec70 Mon Sep 17 00:00:00 2001
From: Rotzbua <Rotzbua@users.noreply.github.com>
Date: Tue, 15 Aug 2023 22:11:52 +0200
Subject: [PATCH] fix(openvpn): update config for v2.5

Fixes warning:
* Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
* --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

Source: https://community.openvpn.net/openvpn/wiki/CipherNegotiation
---
 openvpn-server/conf/server.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openvpn-server/conf/server.conf b/openvpn-server/conf/server.conf
index 532aa2b9f..ee59ee741 100644
--- a/openvpn-server/conf/server.conf
+++ b/openvpn-server/conf/server.conf
@@ -10,7 +10,8 @@ key /etc/openvpn/secrets/server.key  # This file should be kept secret
 
 tls-version-min 1.3 or-highest
 tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
-ncp-ciphers AES-256-GCM
+data-ciphers AES-256-GCM
+data-ciphers-fallback -
 auth SHA256
 dh none
 ecdh-curve secp384r1