Although the subject was already mentioned the post
> https://forums.openvpn.net/viewtopic.php?t=23864
There was no conclusion and I am still facing the below errors in server, so creating a new topic
Server log:
>>>>>>
Mon Jul 31 10:31:12 2017 us=200609 client/173.200.6.25:1156 AEAD Decrypt error: cipher final failed
Mon Jul 31 10:31:12 2017 us=200625 client/173.200.6.25:1156 Fatal decryption error (process_incoming_link), restarting
Mon Jul 31 10:31:12 2017 us=200639 client/173.200.6.25:1156 SIGUSR1[soft,decryption-error] received, client-instance restarting
Mon Jul 31 10:31:12 2017 us=200799 TCP/UDP: Closing socket
<<<<<<
I am testing my client (VxWorks node) with a ping -f from the server to my TUN IP address and intermittently I am getting the errors in the server after which the ping stops till the server re-establishes connectivity.
As per the blog,
> http://matthewcasperson.blogspot.com/2015/03/fixing-openvpn-authenticatedecrypt.html
the decrypt errors were solved with AES-256-CBC cipher, my Server and client are running with cipher AES-256-CBC and i am still facing the issue.
Client config:
>>>>>>
client
dev tap
dev tun
proto tcp
remote <ip> <port>
resolv-retry infinite
nobind
persist-key
persist-tun
ca /flash/switch/ca.crt
cert /flash/switch/client.crt
key /flash/switch/client.key
remote-cert-tls server
cipher AES-256-CBC
auth none
verb 2
ns-cert-type server
<<<<<<
Server config:
>>>>>>
local <ip>
port 443
port-share localhost 4430
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
topology subnet
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
push "route 10.135.91.0 255.255.255.0"
duplicate-cn
keepalive 10 120
cipher AES-256-CBC # AES
max-clients 5000
persist-key
persist-tun
status openvpn-status.log
verb 6
<<<<<<
Can someone please help?
Thanks !