Legacy VPN (aka RED): difficulty using via Tunnelblick (OSX)

Natefranco@Riseup.Net wrote...
I'm running the latest version of Tunnelblick and tried to follow all updated instructions on Riseup help pages (2017-3-2 updates: https://www.riseup.net/en/vpn/legacy), but keep getting errors when attempting connection to Legacy VPN (RED) service. How do i fix this?

These are some of the errors that come up in the Tunnelblick log:

2017-03-09 21:11:42 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2017-03-09 21:11:42 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

...

2017-03-09 21:11:46 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1543', remote='link-mtu 1571'
2017-03-09 21:11:46 WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'
2017-03-09 21:11:46 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth SHA256'
2017-03-09 21:11:46 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
2017-03-09 21:11:46 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-09 21:11:46 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
2017-03-09 21:11:46 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
2017-03-09 21:11:46 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
2017-03-09 21:11:46 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Upvote | 0
Flag for Review
Computeruser replied...
I'm running macOS Sierra, and receive the exact same warnings when trying to connect to the RED VPN.

Tunnelblick will connect to the VPN for an instant, and then disconnect. The log yields the same lines posted above.

I'm using the Tunnelblick profile provided from Risup, and am running the newest beta.
Upvote | 0
Flag for Review
Cedarwaxwing
Cedar Waxwing replied...
The configuration requires for "VPN red" have changed.

Please read riseup.net/vpn-red and change your configuration accordingly.
Upvote | 0
Flag for Review
Soulscape replied...
Do Mac users ever get to use the "new" VPN black?
Upvote | 0
Flag for Review
Soulscape replied...
It's been at least 2 years since I've been able to use the red, despite following all directions for updated configurations.
Upvote | 0
Flag for Review