It’s a minor thing, not really a bug, but with the original config-file downloaded from roadwarrior accounts, this messages appears in openvpn log:
WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
When I manually add cipher BF-CBC to the config file, the message disappers. No warning anymore.
To harden openvpn and to avoid this warning, I think the cipher should be automatically added to the openvpn-config-file.
My package is 1.6.15, but I can’t find something about a cipher to choose in roadwarrior config.
I now use tls-version-min 1.2 and cipher AES-256-GCM via template-custom.