I have OpenVPN integrated with my Linksys WRT 1900AC wireless router. When I try to connect using Windows I keep getting errors and cannot connect. I am able to connect using iOS though.
I suspect the version of OpenVPN my router is using is too old or something like that.
Does anyone else have this problem and is there a solution?
Thanks,
Wildhog
Unable to Connect Using Windows
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Sep 20, 2021 1:33 pm
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Unable to Connect Using Windows
Hello wildhog,
Try using the open source OpenVPN GUI program. And post logs of the connection attempt that fails, suitably redacted. Otherwise it's pretty much impossible to say anything about the situation.
Kind regards,
Johan
Try using the open source OpenVPN GUI program. And post logs of the connection attempt that fails, suitably redacted. Otherwise it's pretty much impossible to say anything about the situation.
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Sep 20, 2021 1:33 pm
Re: Unable to Connect Using Windows
I'm not sure what needs to be redacted. I get this error:
OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher XXX to --data-ciphers if you want to connect to this server.
So I changed the cipher in the ovpn file and eventually it did connect but with warnings that the cipher is insecure.
OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher XXX to --data-ciphers if you want to connect to this server.
So I changed the cipher in the ovpn file and eventually it did connect but with warnings that the cipher is insecure.
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Unable to Connect Using Windows
Hi wildhog,
So most likely you're dealing with a situation where a cipher is needed by the server that is no longer considered secure. The server ultimately is in charge of this. On the client side in MOST cases it can solve things by itself by negotiating for an acceptable cipher, but if it's an insecure one, that is one that is generally not negotiated for unless you tell it to do so.
So consider this a situation where you are being warned that the cipher you're using is bad. The solution would be to look into the server side configuration and update things there. It may be possible for example that the cipher there is configured for BF-CBC, and if that is so, you may be able to switch it to AES-256-CBC.
I would actually like to recommend to use AES-256-GCM but I suspect that your server software may be too old to support that, and AES-256-CBC has been around for a long time so is probably available. With AES-256-CBC as supported cipher on the server side you shouldn't see that insecure message anymore, although you may need to update the client configuration again (perhaps only remove the cipher directive, perhaps to specifically tell it to use AES-256-CBC too - it all depends on what version of software you have running).
Good luck.
Johan
So most likely you're dealing with a situation where a cipher is needed by the server that is no longer considered secure. The server ultimately is in charge of this. On the client side in MOST cases it can solve things by itself by negotiating for an acceptable cipher, but if it's an insecure one, that is one that is generally not negotiated for unless you tell it to do so.
So consider this a situation where you are being warned that the cipher you're using is bad. The solution would be to look into the server side configuration and update things there. It may be possible for example that the cipher there is configured for BF-CBC, and if that is so, you may be able to switch it to AES-256-CBC.
I would actually like to recommend to use AES-256-GCM but I suspect that your server software may be too old to support that, and AES-256-CBC has been around for a long time so is probably available. With AES-256-CBC as supported cipher on the server side you shouldn't see that insecure message anymore, although you may need to update the client configuration again (perhaps only remove the cipher directive, perhaps to specifically tell it to use AES-256-CBC too - it all depends on what version of software you have running).
Good luck.
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Sep 20, 2021 1:33 pm
Re: Unable to Connect Using Windows
What you’ve described seems to be exactly what is happening. I can’t make any changes to the VPN server as it is part of the router programming; so it looks like either I use it with the BF-CBC cipher or not at all.
It does seem strange that I can use the OpenVPN iOS app just fine and only have problems when I try to use OpenVPN with Windows.
Thanks for the help!
It does seem strange that I can use the OpenVPN iOS app just fine and only have problems when I try to use OpenVPN with Windows.
Thanks for the help!
- openvpn_inc
- OpenVPN Inc.
- Posts: 1333
- Joined: Tue Feb 16, 2021 10:41 am
Re: Unable to Connect Using Windows
Hi wildhog,
There's differences between different client programs of course, so without knowing more details I don't know what you're going to experience.
Anyway, hopefully the device manufacturer will consider updating the firmware to include more updated software so you can use a more secure cipher. Otherwise, well, you're just going to be using an insecure cipher. I guess it's better than nothing. But ideally you'd have something that meets today's security standards.
Have a nice day,
Kind regards,
Johan
There's differences between different client programs of course, so without knowing more details I don't know what you're going to experience.
Anyway, hopefully the device manufacturer will consider updating the firmware to include more updated software so you can use a more secure cipher. Otherwise, well, you're just going to be using an insecure cipher. I guess it's better than nothing. But ideally you'd have something that meets today's security standards.
Have a nice day,
Kind regards,
Johan
OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support