Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM)

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
agnelli
OpenVpn Newbie
Posts: 6
Joined: Tue Jan 04, 2022 7:56 pm

Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM)

Post by agnelli » Tue Jan 04, 2022 8:00 pm

When using a .ovpn client profile on a GL.iNet GL-MT1300 router, I get the following error when attempting to connect the router to my OpenVPN server on Google Cloud:
SIGHUP[soft,connection-reset] received, process restarting

DEPRECATED OPTION: --cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add ‘AES-256-CBC’ to --data-ciphers or change --cipher ‘AES-256-CBC’ to --data-ciphers-fallback ‘AES-256-CBC’ to silence this warning.

OpenVPN 2.5.0 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]

library versions: OpenSSL 1.1.1d 10 Sep 2019

Restart pause, 2 second(s)
I can, however, connect from my computer using the same .ovpn client profile, so I tend to think the problem has to do with the router's environment.

Is there perhaps a change I can make to the .ovpn file or my OpenVPN server on Google Cloud? Thank you!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by TinCanTech » Tue Jan 04, 2022 9:27 pm

Use --data-ciphers instead of --cipher

agnelli
OpenVpn Newbie
Posts: 6
Joined: Tue Jan 04, 2022 7:56 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by agnelli » Tue Jan 04, 2022 10:46 pm

TinCanTech wrote:
Tue Jan 04, 2022 9:27 pm
Use --data-ciphers instead of --cipher
Thank you! So then in my `.ovpn` client file I should therefore change

Code: Select all

# Generated on Tue Jan  4 07:22:36 2022 by openvpn-access-server-1-vm

# Default Cipher
cipher AES-256-CBC
From "cipher AES-256-CBC" to "data-ciphers cipher AES-256-CBC" ?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by TinCanTech » Wed Jan 05, 2022 12:10 am

agnelli wrote:
Tue Jan 04, 2022 10:46 pm
From "cipher AES-256-CBC" to "data-ciphers cipher AES-256-CBC" ?
Yeah .. that looks about right .. and that is clearly what I said above :roll:

agnelli
OpenVpn Newbie
Posts: 6
Joined: Tue Jan 04, 2022 7:56 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by agnelli » Wed Jan 05, 2022 5:53 am

TinCanTech wrote:
Wed Jan 05, 2022 12:10 am
Yeah .. that looks about right .. and that is clearly what I said above :roll:
If I add the following manually to my .ovpn client file (but not to the server)
cipher AES-256-CBC
data-ciphers-fallback 'AES-256-CBC'
I get a different error (the connection subsequently resets and retries) when adding the .ovpn file to my router's configuration (to connect to the OpenVPN server on Google Cloud):
Socket Buffers: R=[87380->87380] S=[16384->16384]
Attempting to establish TCP connection with [AF_INET]7.7.7.7:443 [nonblock]
TCP connection established with [AF_INET]7.7.7.7:443
TCP_CLIENT link local: (not bound)
TCP_CLIENT link remote: [AF_INET]7.7.7.7:443
Where 7.7.7.7 is the censored static IP of my OpenVPN Access Server on Google Cloud. This seems significant to me.

I have also tried many permutations of the following on my OpenVPN Access Server to no luck: https://openvpn.net/vpn-server-resource ... ss-server/ .

I have also deleted everything, then relaunched everything on Google Cloud to no luck as well.

agnelli
OpenVpn Newbie
Posts: 6
Joined: Tue Jan 04, 2022 7:56 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by agnelli » Wed Jan 05, 2022 6:03 am

Editing the .ovpn file to try different permutations on the client side, such as:
cipher AES-256-CBC
data-ciphers AES-256-CBC
data-ciphers-fallback AES-256-CBC
Results in a similar error. The same for the permutation:
cipher AES-256-CBC
data-ciphers 'AES-256-CBC'
data-ciphers-fallback 'AES-256-CBC'

agnelli
OpenVpn Newbie
Posts: 6
Joined: Tue Jan 04, 2022 7:56 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by agnelli » Wed Jan 05, 2022 6:32 am

I've also tried upgrading my OpenVPN Access Server to v2.10.0, using the following commands on Google Cloud:
sudo passwd
su

apt-get update
apt-get upgrade

apt-get install openvpn-as
I then downloaded the new .ovpn file from the OpenVPN Access Sever, and then uploaded it to my router. The same issue persists:
SIGHUP[soft,connection-reset] received, process restarting
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
OpenVPN 2.5.0 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.1.1d 10 Sep 2019

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by openvpn_inc » Wed Jan 05, 2022 11:40 am

Hello agnelli,

This message is only a warning. Warnings are not breaking. They are just warnings. Errors are breaking.

For compatibility reasons with older versions, the connection profile will still have cipher directive in it. That is normal and expected. The deprecation warning is also expected on newer versions of OpenVPN.

You should look further for more log messages, particularly ones that are an error message or an authentication failure or such. The messages you have pasted so far are normal and do not stop the connection from establishing. If the connection is not establishing, there is another reason for it. And you should try to find that reason.

Perhaps a more complete log file would reveal something.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by TinCanTech » Wed Jan 05, 2022 3:17 pm

agnelli wrote:
Wed Jan 05, 2022 6:32 am
I then downloaded the new .ovpn file from the OpenVPN Access Sever, and then uploaded it to my router. The same issue persists

agnelli
OpenVpn Newbie
Posts: 6
Joined: Tue Jan 04, 2022 7:56 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by agnelli » Thu Jan 06, 2022 8:53 am

To avoid confusion about the settings of the .ovpn file, I have created another OpenVPN Access Server on the platform Vultr using their 'One Click' install. The .ovpn file works from my computer, but not from my router level.

Here are the logs from my router via the tool LUCI:
Thu Jan 6 00:47:00 2022 user.info : 1246: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn1, serverfile=vultr-los-angeles.ovpn
Thu Jan 6 00:47:00 2022 user.debug : ------ss-redir is not running!------
Thu Jan 6 00:47:00 2022 user.info : 1323: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn1/vultr-los-angeles.ovpn, glconfig.openvpn.clientid=ovpn1
Thu Jan 6 00:47:02 2022 daemon.info dnsmasq[4425]: exiting on receipt of SIGTERM
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: started, version 2.80 cachesize 150
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: DNS service limited to local subnets
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth nettlehash DNSSEC no-ID loop-detect inotify dumpfile
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq-dhcp[11756]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain test
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain onion
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain localhost
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain local
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain invalid
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain bind
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain lan
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: reading /tmp/resolv.conf.auto
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain test
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain onion
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain localhost
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain local
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain invalid
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain bind
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using local addresses only for domain lan
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using nameserver 8.8.8.8#53
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: using nameserver 1.1.1.1#53
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: read /etc/hosts - 4 addresses
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq[11756]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Thu Jan 6 00:47:03 2022 daemon.info dnsmasq-dhcp[11756]: read /etc/ethers - 0 addresses
Thu Jan 6 00:47:05 2022 daemon.warn openvpn[12065]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12065]: OpenVPN 2.5.0 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12065]: library versions: OpenSSL 1.1.1d 10 Sep 2019
Thu Jan 6 00:47:05 2022 daemon.warn openvpn[12076]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: TCP/UDP: Preserving recently used remote address: [AF_INET]45.32.65.61:1194
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: UDP link local: (not bound)
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: UDP link remote: [AF_INET]45.32.65.61:1194
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: TLS: Initial packet from [AF_INET]45.32.65.61:1194, sid=a2b415e4 e6bf9fa7
Thu Jan 6 00:47:05 2022 daemon.warn openvpn[12076]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: net_route_v4_best_gw query: dst 0.0.0.0
Thu Jan 6 00:47:05 2022 daemon.notice openvpn[12076]: net_route_v4_best_gw result: via 172.18.111.254 dev apclix0
Thu Jan 6 00:48:05 2022 daemon.err openvpn[12076]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Jan 6 00:48:05 2022 daemon.err openvpn[12076]: TLS Error: TLS handshake failed
Thu Jan 6 00:48:05 2022 daemon.notice openvpn[12076]: SIGHUP[soft,tls-error] received, process restarting
Thu Jan 6 00:48:05 2022 daemon.warn openvpn[12076]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
Thu Jan 6 00:48:05 2022 daemon.notice openvpn[12076]: OpenVPN 2.5.0 mipsel-openwrt-linux-gnu [SSL (OpenSSL)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Thu Jan 6 00:48:05 2022 daemon.notice openvpn[12076]: library versions: OpenSSL 1.1.1d 10 Sep 2019
Thu Jan 6 00:48:05 2022 daemon.notice openvpn[12076]: Restart pause, 5 second(s)
Thu Jan 6 00:48:10 2022 daemon.warn openvpn[12076]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: TCP/UDP: Preserving recently used remote address: [AF_INET]45.32.65.61:1194
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: Socket Buffers: R=[163840->163840] S=[163840->163840]
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: UDP link local: (not bound)
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: UDP link remote: [AF_INET]45.32.65.61:1194
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: TLS: Initial packet from [AF_INET]45.32.65.61:1194, sid=5b1a8638 230364ef
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: net_route_v4_best_gw query: dst 0.0.0.0
Thu Jan 6 00:48:10 2022 daemon.notice openvpn[12076]: net_route_v4_best_gw result: via 172.18.111.254 dev apclix0
What stands out is the error:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
This leads me to the resource: https://openvpn.net/faq/tls-error-tls-k ... nectivity/.

However, none of the advice there seems applicable -- as I can otherwise connect to the OpenVPN server using the .ovpn file from my computer. The error is only seen when trying to get the router to connect to the specified OpenVPN server. The router is able to connect to NordVPN servers using their .ovpn files, which makes the issue more puzzling.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by openvpn_inc » Thu Jan 06, 2022 1:26 pm

Hello agnelli,

Unfortunately I do not know the exact capabilities of your router. Often we see that routers have their own config parser. So instead of taking the config file and passing it to the OpenVPN process like for example;
openvpn --config bla.ovpn

...we see some routers tearing the configuration apart into separate parameters and feeding it to the OpenVPN process like so;
openvpn --directive1 boop --directive2 beep --remote bla.com etcetc

It is possible that this is occurring in your situation too, and that some directives are simply not passed along to the OpenVPN process. This can lead to an incomplete configuration which could make the TLS handshake impossible. Either that or... there is still something blocking access, somehow, like is written on our website page that you linked to. It's a little hard to be exact without really digging into it further.

What I would suggest is to try to SSH into this router and obtain root privileges. Then try connecting as I wrote earlier;
openvpn --config client.ovpn

And see if that works correctly. If it does, but through the web interface it doesn't, it does seem like it's a config parser issue. And if that's the case, then it would need to be solved by the manufacturer of the router.

I see here a page that indicates how to get access to your router;
https://docs.gl-inet.com/en/2/app/ssh/

Good luck,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by TinCanTech » Thu Jan 06, 2022 2:12 pm

Without the server log this is all speculation at best.

allrounder55
OpenVpn Newbie
Posts: 1
Joined: Thu Feb 17, 2022 9:27 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by allrounder55 » Thu Feb 17, 2022 9:34 pm

I had the same error ive fixed it by editing the client config file and the server.conf file i changed AES-256-CBC to AES-256-GCM on both configs, saved the client file then ran this /etc/init.d/openvpn restart as im running open vpn access server on Ubuntu 18.04 LTS. Client is running windows 10
Heres the initial logfile on connection as you can see no errors at all now.

2022-02-17 21:23:08 OpenVPN 2.5.5 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 15 2021
2022-02-17 21:23:08 Windows version 10.0 (Windows 10 or greater) 64bit
2022-02-17 21:23:08 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-02-17 21:23:08 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
2022-02-17 21:23:08 Need hold release from management interface, waiting...
2022-02-17 21:23:09 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
2022-02-17 21:23:09 MANAGEMENT: CMD 'state on'
2022-02-17 21:23:09 MANAGEMENT: CMD 'log all on'
2022-02-17 21:23:09 MANAGEMENT: CMD 'echo all on'
2022-02-17 21:23:09 MANAGEMENT: CMD 'bytecount 5'
2022-02-17 21:23:09 MANAGEMENT: CMD 'hold off'
2022-02-17 21:23:09 MANAGEMENT: CMD 'hold release'
2022-02-17 21:23:09 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-02-17 21:23:09 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2022-02-17 21:23:09 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2022-02-17 21:23:09 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
After this it shows my server ip etc but no errors, also using 256 bit encryption which is good, also ran dns leaks all secure no leaks at all, hope this helps.

CyberzaCN
OpenVpn Newbie
Posts: 2
Joined: Sat Dec 10, 2022 4:40 pm

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by CyberzaCN » Sun Dec 11, 2022 9:36 am

TinCanTech wrote:
Wed Jan 05, 2022 3:17 pm
agnelli wrote:
Wed Jan 05, 2022 6:32 am
I then downloaded the new .ovpn file from the OpenVPN Access Sever, and then uploaded it to my router. The same issue persists
How do you download a .ovpn file from the OpenVPN Access Sever?

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Error with .ovpnf file on router: cipher set to ‘AES-256-CBC’ but missing in --data-ciphers (AES-256-GCM:AES-128-GCM

Post by openvpn_inc » Tue Dec 20, 2022 9:51 pm

Hello CyberzaCN,

OpenVPN Access Server is a self-hosted VPN server solution with a web interface. You can go to that web interface and log in as a user or admin and download connection profiles. They should be offered unless the admin decided to turn this feature off. A connection profile is a file like client.ovpn that will contain everything needed for an OpenVPN client to establish a connection to this server.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply