The error is:
Code: Select all
ott 27 08:30:10 t470s-gio nm-openvpn[3235]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
ott 27 08:30:17 t470s-gio nm-openvpn[3235]: OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
And there are still some bad user experience problem:
- many firewalls, I'm using Watchguard Firebox, are still exporting .ovpn profiles that contains "cipher" and are not useable on OpenVPN
- frontend to OpenVPN configuration are still not supporting this, for example under KDE plasma 5.26 settings I cannot change data-ciphers field
Could someone point me to a document that explains what is deprecated and how to migrate?
Is the full "cipher" option deprecated, or, as the error log says, or only having "cipher" not being part of "data-ciphers" in the client config ?
Thank you.