OpenVPN < 2.4 incompatible with default config of OpenVPN servers >=2.4
OpenVPN added tls-crypt functionality in version 2.4+.
The default install of the server version enables "tls-crypt", but older clients cannot use it.
This has been causing a few problems where clients trying to connect to such servers fail with:
Options error: Unrecognized option or missing parameter(s) in <client.ovpn>:<line>: tls-crypt
The solution is either to upgrade the client to OpenVPN>=2.4 or setup/reconfigure the server to be backwards compatible (but less secure/resilient to censorship through packet sniffing, if I understand it correctly).
"the client and server to use either tls-crypt or tls-auth exclusively, and in both places." - https://stackoverflow.com/a/62661021
As of today (2023-01-15) on Xenial 2022-W47 (rc branch) the OpenVPN client here is OpenVPN 2.3.10
.
I have been able to compile v2.5.8
from source to replace replace it fine, but the UI does not allow to import an ovpn
file or set up tls-crypt
manually.
Using openvpn -conf <client.ovpn>
does works fine now though.