I have a problem with OpenVPN version 2.4.7 in the Ubuntu 20.04 LTS operating environment.
Everything works when the client uses the default cipher but when the client uses the cipher AES-256-CBC, the clients connects but nothing works.
The server log records 'Authenticate/Decrypt packet error: cipher final failed'. I checked the servers' available ciphers and AES-256-CBC is available.
Does anyone know what's up?
Authenticate/Decrypt packet error: cipher final failed
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN User
- Posts: 20
- Joined: Tue Sep 05, 2023 9:18 am
- ordex
- OpenVPN Inc.
- Posts: 444
- Joined: Wed Dec 28, 2016 2:32 am
- Location: IRC #openvpn-devel @ libera.chat
Re: Authenticate/Decrypt packet error: cipher final failed
you may be ending up in some cipher mismatching scenario. More modern OpenVPN versions would negotiate the best available cipher and use that.
In your case I think something is breaking and the two endpoints end up using different ciphers.
You could post both client and server logs with --verb 4, but I'd strongly suggest to upgrade to 2.6.x.
In your case I think something is breaking and the two endpoints end up using different ciphers.
You could post both client and server logs with --verb 4, but I'd strongly suggest to upgrade to 2.6.x.
-
- OpenVPN User
- Posts: 20
- Joined: Tue Sep 05, 2023 9:18 am
Re: Authenticate/Decrypt packet error: cipher final failed
I think I already know what the problem is, I think the problem is GNOME's Network Manager. It is buggy. I have had problems with it in the past where could not authenticate using WPA3, unless I opened the terminal and entered 500 commands.
I will try the official OpenVPN client to confirm. I'll bet it works.
Thanks
I will try the official OpenVPN client to confirm. I'll bet it works.
Thanks
-
- OpenVPN User
- Posts: 20
- Joined: Tue Sep 05, 2023 9:18 am
Re: Authenticate/Decrypt packet error: cipher final failed
I was going to stop using OpenVPN but I decided I would keep using OpenVPN, but with IPv4 only.
The problem wasn't GNOME's Network Manager. The problem was me not understanding there is no cipher negotiation in static key mode because it wasn't covered by the Static Key Mini-HOWTO, and the 'ncp-disable' notice on startup isn't self-explanatory.
Well, now I know.
The problem wasn't GNOME's Network Manager. The problem was me not understanding there is no cipher negotiation in static key mode because it wasn't covered by the Static Key Mini-HOWTO, and the 'ncp-disable' notice on startup isn't self-explanatory.
Well, now I know.