Hello,
This is a new setup where I CANNOT connect on "OpenVPN Connect" ver. 3.4.2, but I CAN connect thru "OpenVPN GUI" ver. 2.6.6 (both on Windows 11). My OVPN server is configured on Mikrotik RouterOS RB2011iL v.7.11.2.
When I connect thru "OpenVPN Connect" client, Mikrotik logs show me connect then disconnect with a message saying "Unsupported Cipher".
Here's the .ovpn config file:
******************************************
client
dev tun
proto tcp-client
remote <my public IP>
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
mute 10
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC
data-ciphers-fallback AES-256-CBC
#auth SHA1
auth-user-pass secret
auth-nocache
route <my private network>
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
Gibberish
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Gibberish
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
Gibberish
-----END ENCRYPTED PRIVATE KEY-----
</key>
******************************************
Do I Need to add/remove/edit a line from the .ovpn config file (so it can work on both windows clients and eventually Android/iOS clients) or is there a setting that I need to change on the OVPN server on the Mikrotik?
Thank you for your assistance!
"Unsupported Cipher" - OpenVPN Connect 3.4.2
-
artbybart
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Jan 08, 2022 6:11 am
-
artbybart
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Jan 08, 2022 6:11 am
Re: "Unsupported Cipher" - OpenVPN Connect 3.4.2
Any thoughts?
Thank you!
Thank you!
-
artbybart
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Jan 08, 2022 6:11 am
Re: "Unsupported Cipher" - OpenVPN Connect 3.4.2
I finally got it working!!
Bottom line:
"OpenVPN Connect" ver. 3.4.2 (for Windows) does NOT support AES-CBC and ONLY supports AES-GCM.
"OpenVPN GUI" ver. 2.6.6 (for Windows) does support BOTH AES-CBC and AES-GCM.
This is what my .ovpn config file looks like now, which works on both OpenVPN Windows clients:
***************************************
client
dev tun
proto tcp-client
remote <my public IP>
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
mute 10
cipher AES-256-GCM
auth-user-pass secret
auth-nocache
route <my private network>
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
Gibberish
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Gibberish
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
Gibberish
-----END ENCRYPTED PRIVATE KEY-----
</key>
***************************************
Remember to enable "AES 256 GCM" cipher in the OpenVPN server (in my case, it's the Mikrotik). Hope this helps!!
Bottom line:
"OpenVPN Connect" ver. 3.4.2 (for Windows) does NOT support AES-CBC and ONLY supports AES-GCM.
"OpenVPN GUI" ver. 2.6.6 (for Windows) does support BOTH AES-CBC and AES-GCM.
This is what my .ovpn config file looks like now, which works on both OpenVPN Windows clients:
***************************************
client
dev tun
proto tcp-client
remote <my public IP>
port 1194
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
verb 4
mute 10
cipher AES-256-GCM
auth-user-pass secret
auth-nocache
route <my private network>
redirect-gateway def1
<ca>
-----BEGIN CERTIFICATE-----
Gibberish
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Gibberish
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
Gibberish
-----END ENCRYPTED PRIVATE KEY-----
</key>
***************************************
Remember to enable "AES 256 GCM" cipher in the OpenVPN server (in my case, it's the Mikrotik). Hope this helps!!