Unable to Connect Using Windows

Official client software for OpenVPN Access Server and OpenVPN Cloud.
Post Reply
wildhog
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 20, 2021 1:33 pm

Unable to Connect Using Windows

Post by wildhog » Mon Sep 20, 2021 1:38 pm

I have OpenVPN integrated with my Linksys WRT 1900AC wireless router. When I try to connect using Windows I keep getting errors and cannot connect. I am able to connect using iOS though.

I suspect the version of OpenVPN my router is using is too old or something like that.

Does anyone else have this problem and is there a solution?

Thanks,
Wildhog

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Unable to Connect Using Windows

Post by openvpn_inc » Mon Sep 20, 2021 3:13 pm

Hello wildhog,

Try using the open source OpenVPN GUI program. And post logs of the connection attempt that fails, suitably redacted. Otherwise it's pretty much impossible to say anything about the situation.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

wildhog
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 20, 2021 1:33 pm

Re: Unable to Connect Using Windows

Post by wildhog » Fri Sep 16, 2022 1:50 pm

I'm not sure what needs to be redacted. I get this error:

OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher XXX to --data-ciphers if you want to connect to this server.

So I changed the cipher in the ovpn file and eventually it did connect but with warnings that the cipher is insecure.

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Unable to Connect Using Windows

Post by openvpn_inc » Fri Sep 16, 2022 2:03 pm

Hi wildhog,

So most likely you're dealing with a situation where a cipher is needed by the server that is no longer considered secure. The server ultimately is in charge of this. On the client side in MOST cases it can solve things by itself by negotiating for an acceptable cipher, but if it's an insecure one, that is one that is generally not negotiated for unless you tell it to do so.

So consider this a situation where you are being warned that the cipher you're using is bad. The solution would be to look into the server side configuration and update things there. It may be possible for example that the cipher there is configured for BF-CBC, and if that is so, you may be able to switch it to AES-256-CBC.

I would actually like to recommend to use AES-256-GCM but I suspect that your server software may be too old to support that, and AES-256-CBC has been around for a long time so is probably available. With AES-256-CBC as supported cipher on the server side you shouldn't see that insecure message anymore, although you may need to update the client configuration again (perhaps only remove the cipher directive, perhaps to specifically tell it to use AES-256-CBC too - it all depends on what version of software you have running).

Good luck.
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

wildhog
OpenVpn Newbie
Posts: 3
Joined: Mon Sep 20, 2021 1:33 pm

Re: Unable to Connect Using Windows

Post by wildhog » Fri Sep 16, 2022 7:39 pm

What you’ve described seems to be exactly what is happening. I can’t make any changes to the VPN server as it is part of the router programming; so it looks like either I use it with the BF-CBC cipher or not at all.

It does seem strange that I can use the OpenVPN iOS app just fine and only have problems when I try to use OpenVPN with Windows.

Thanks for the help!

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 1332
Joined: Tue Feb 16, 2021 10:41 am

Re: Unable to Connect Using Windows

Post by openvpn_inc » Fri Sep 16, 2022 8:42 pm

Hi wildhog,

There's differences between different client programs of course, so without knowing more details I don't know what you're going to experience.

Anyway, hopefully the device manufacturer will consider updating the firmware to include more updated software so you can use a more secure cipher. Otherwise, well, you're just going to be using an insecure cipher. I guess it's better than nothing. But ideally you'd have something that meets today's security standards.

Have a nice day,

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply