Hello, so I used the pfSense openVPN wizard to create a VPN server and export a client ovpn file. I can connect just fine on my phone's OpenVPN client so I know the server is set up okay, but the issue is trying to use the same ovpn profile on my Ubuntu 20.04 laptop.
When I try to connect using the OpenVPN client on Ubuntu, I get this:
I tried Googling this, and it seems like the issue here is that the ovpn profile might be using encryption ciphers that aren't compatible with OpenVPN version 2.4.7, and that the client export tool in pfSense is using OpenVPN 2.5.0.
Code: Select all
sudo openvpn client_profile.ovpn Options error: Unrecognized option or missing or extra parameter(s) in client_profile.ovpn:4: data-ciphers (2.4.7)
However, I'm not smart enough on how to set the server up to be compatible with 2.4.7, or edit the ovpn file to be compatible with 2.4.7. I saw a couple of random forum posts that talked about changing the "data-ciphers" line in the ovpn file to add ciphers that are compatible with 2.4.7, but it didn't work. I don't remember the site, and I've already deleted the file so I don't remember exactly what they suggested, but it was something along the lines of "data-ciphers AES-128-CBC:AES-128-GCM"
The ovpn file is below:
I've also tried to install 2.5.0 on my laptop, but I'm having several issues with that which I won't go into detail with unless someone thinks it'll help. The default openvpn version in the Ubuntu 20.04 repo is 2.4.7, so I'm stuck on this for the time being.
Code: Select all
dev tun persist-tun persist-key data-ciphers AES-128-GCM data-ciphers-fallback AES-128-CBC auth SHA256 tls-client client resolv-retry infinite remote <ip_address> <port> udp4 verify-x509-name "<server_name>" name remote-cert-tls server <ca> -----BEGIN CERTIFICATE----- <ca_cert_info> -----END CERTIFICATE----- </ca> <cert> -----BEGIN CERTIFICATE----- <client_cert_info> -----END CERTIFICATE----- </cert> <key> -----BEGIN PRIVATE KEY----- <key_info> -----END PRIVATE KEY----- </key> key-direction 1 <tls-auth> # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- <static_key_info> -----END OpenVPN Static key V1----- </tls-auth>
Anyone run into this before or know how to fix this?