Unrecognized option or missing or extra parameter(s) in data-ciphers (2.4.7)

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
jmovpn
OpenVpn Newbie
Posts: 1
Joined: Tue Dec 22, 2020 4:08 am

Unrecognized option or missing or extra parameter(s) in data-ciphers (2.4.7)

Post by jmovpn » Tue Dec 22, 2020 4:12 am

Edit: First off, I just realized this is the wrong forum for this post, but I don't see how to delete it...so I apologize up front for the incorrect post location.

Hello, so I used the pfSense openVPN wizard to create a VPN server and export a client ovpn file. I can connect just fine on my phone's OpenVPN client so I know the server is set up okay, but the issue is trying to use the same ovpn profile on my Ubuntu 20.04 laptop.

When I try to connect using the OpenVPN client on Ubuntu, I get this:

Code: Select all

    sudo openvpn client_profile.ovpn
    Options error: Unrecognized option or missing or extra parameter(s) in client_profile.ovpn:4: data-ciphers (2.4.7)
I tried Googling this, and it seems like the issue here is that the ovpn profile might be using encryption ciphers that aren't compatible with OpenVPN version 2.4.7, and that the client export tool in pfSense is using OpenVPN 2.5.0.

However, I'm not smart enough on how to set the server up to be compatible with 2.4.7, or edit the ovpn file to be compatible with 2.4.7. I saw a couple of random forum posts that talked about changing the "data-ciphers" line in the ovpn file to add ciphers that are compatible with 2.4.7, but it didn't work. I don't remember the site, and I've already deleted the file so I don't remember exactly what they suggested, but it was something along the lines of "data-ciphers AES-128-CBC:AES-128-GCM"

The ovpn file is below:

Code: Select all

    dev tun
    persist-tun
    persist-key
    data-ciphers AES-128-GCM
    data-ciphers-fallback AES-128-CBC
    auth SHA256
    tls-client
    client
    resolv-retry infinite
    remote <ip_address> <port> udp4
    verify-x509-name "<server_name>" name
    remote-cert-tls server

    <ca>
    -----BEGIN CERTIFICATE-----
    <ca_cert_info>
    -----END CERTIFICATE-----
    </ca>
    <cert>
    -----BEGIN CERTIFICATE-----
    <client_cert_info>
    -----END CERTIFICATE-----
    </cert>
    <key>
    -----BEGIN PRIVATE KEY-----
    <key_info>
    -----END PRIVATE KEY-----
    </key>
    key-direction 1
    <tls-auth>
    #
    # 2048 bit OpenVPN static key
    #
    -----BEGIN OpenVPN Static key V1-----
    <static_key_info>
    -----END OpenVPN Static key V1-----
    </tls-auth>
I've also tried to install 2.5.0 on my laptop, but I'm having several issues with that which I won't go into detail with unless someone thinks it'll help. The default openvpn version in the Ubuntu 20.04 repo is 2.4.7, so I'm stuck on this for the time being.

Anyone run into this before or know how to fix this?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unrecognized option or missing or extra parameter(s) in data-ciphers (2.4.7)

Post by TinCanTech » Tue Dec 22, 2020 2:56 pm

Simply comment out --data-ciphers and -fallback

gigel
OpenVpn Newbie
Posts: 1
Joined: Sun Feb 05, 2023 3:58 pm

Re: Unrecognized option or missing or extra parameter(s) in data-ciphers (2.4.7)

Post by gigel » Sun Feb 05, 2023 4:00 pm

this is happening in openvpn for windows/linux version 2.6 but not in version 2.5, so my deduction is they removed support for the AES-128-CBC in version 2.6

by the way, the correct syntax in ovpn config file is simply:
cipher AES-128-CBC

Post Reply