Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
DannyBoyGunner
Posts: 0
Joined: Wed Feb 01, 2023 3:22 pm

Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by DannyBoyGunner » Wed Feb 01, 2023 3:24 pm

Hi,

Does anyone know if why i would be able to connect via 2.5.8 but then get errors on the latest version 2.6.0? I read somewhere it fails to auth on TLS if the certificate last longer than 400 odd days, is that correct as our cert is valid for another 3 or 4 years which might explain it.

I've had to ask all our users to manually uninstall and install the 2.5.8 version to get it working again.

TIA

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1333
Joined: Tue Feb 16, 2021 10:41 am

Re: Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by openvpn_inc » Fri Feb 03, 2023 12:32 pm

Hello TIA,

I think this idea of certificates being valid for longer than 400 days is something that only applies to web certificates, as there are some fairly recent rules that state that certificates for websites should not be valid for longer than that period. I am certain that this does not apply to OpenVPN certificates used for VPN server and client identity verification. So you can put that concern aside.

To understand what is going wrong, we would need to see some logs of a failed connection on OpenVPN 2.6.0. It is most likely something expected due to change introduced in OpenVPN 2.6.0. But we can't know what is going on until we see some logs that show the problem.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

carlov
OpenVpn Newbie
Posts: 3
Joined: Sat Feb 25, 2023 11:12 am

Re: Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by carlov » Sat Feb 25, 2023 11:12 am

I have the same problem, how can I send you the logs?

carlov
OpenVpn Newbie
Posts: 3
Joined: Sat Feb 25, 2023 11:12 am

Re: Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by carlov » Sat Feb 25, 2023 11:18 am

2023-02-20 19:30:06 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2023-02-20 19:30:06 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 15 2023
2023-02-20 19:30:06 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-02-20 19:30:06 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-02-20 19:30:20 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-02-20 19:30:20 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-02-20 19:30:21 ovpn-dco device [OpenVPN Data Channel Offload] opened
2023-02-20 19:30:21 TCP_CLIENT link local: (not bound)
2023-02-20 19:30:21 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-02-20 19:30:21 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-02-20 19:30:21 TLS ERROR: Unknown key_method/flags=95 received from remote host
2023-02-20 19:30:21 TLS Error: TLS handshake failed
2023-02-20 19:30:21 Fatal TLS error (check_tls_errors_co), restarting
2023-02-20 19:30:21 SIGUSR1[soft,tls-error] received, process restarting
2023-02-20 19:30:22 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

carlov
OpenVpn Newbie
Posts: 3
Joined: Sat Feb 25, 2023 11:12 am

Re: Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by carlov » Sun Feb 26, 2023 2:01 pm

OpenVPN 2.5.9 work fine

JettCon
OpenVpn Newbie
Posts: 2
Joined: Fri Mar 03, 2023 5:23 pm

Re: Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by JettCon » Fri Mar 03, 2023 5:25 pm

Hello,

Has there been any resolution or "idea" as to why 2.6 will not work? I am experiencing the same issues 2.6 will not connect but all other previous versions work fine. The main issue I am running into at this point is that I can not stop the older version from updating to 2.6, even after reinstall. Does anyone have any suggestions?

AndreL
OpenVpn Newbie
Posts: 3
Joined: Sun May 07, 2023 6:59 pm

Re: Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by AndreL » Tue May 09, 2023 6:58 am

Hello,

Same issue here.
see : https://forums.openvpn.net/viewtopic.php?t=35697

Working fine on 2.5.9 but not on 2.6.3

AndreL
OpenVpn Newbie
Posts: 3
Joined: Sun May 07, 2023 6:59 pm

Re: Errors on OpenVPN 2.6.0 but working fine on 2.5.8

Post by AndreL » Sat May 27, 2023 9:38 am

Hi,

Some progress with version 2.6.4.

updated in the config file :

cipher AES-256-CBC
data-ciphers 'AES-256-CBC'
data-ciphers-fallback 'AES-256-CBC'

comp-lzo adaptive
allow-compression yes

mssfix
#fragment 0

with that the connection is ok.

Post Reply