OpenVPN Support Forum

I just upgraded my kubuntu from 22.04 (OpenVPN 2.5.5) to 22.10 (OpenVPN 2.6), and some OpenVPN client connections stopped working. OpenVPN connections are handled via NetworkManager and configured in KDE GUI.
The error is: Is really "cipher" a deprecated option? Googling around I cannot find an official declaration of this, and an official way/how-to to migrate it to data-ciphers.

And there are still some bad user experience problem:

• many firewalls, I'm using Watchguard Firebox, are still exporting .ovpn profiles that contains "cipher" and are not useable on OpenVPN

• frontend to OpenVPN configuration are still not supporting this, for example under KDE plasma 5.26 settings I cannot change data-ciphers field

Could someone point me to a document that explains what is deprecated and how to migrate?
Is the full "cipher" option deprecated, or, as the error log says, or only having "cipher" not being part of "data-ciphers" in the client config ?

Thank you.

Is really "cipher" a deprecated option? Googling around I cannot find an official declaration of this, and an official way/how-to to migrate it to data-ciphers.

Maybe there's something in the code and its commentaries ?

many firewalls, I'm using Watchguard Firebox, are still exporting .ovpn profiles that contains "cipher" and are not useable on OpenVPN
frontend to OpenVPN configuration are still not supporting this, for example under KDE plasma 5.26 settings I cannot change data-ciphers field

Make your own .ovpn profile. It's a simple text file with the options and with :
* the certificate of the certificate authority incorporated with <ca> </ca>
* the certificate of the client with <cert> </cert>
* the private key of the client with <key> </key>
* an openvpn static key with <tls-crypt> </tls-crypt>

I'm a technician, and I'm able to change my own .ovpn profiles.
But an end user which is following a setup guide and downloading a pre-cooked .ovpn profile from one of our firewall, is NOT able to edit a .ovpn profile. Luckily they are using other openvpn compatible clients under mac & win that are a bit more careful to preserve backward compatibility, for example the watchguard vpn client itself or Viscosity.

My problem is still remaining with users using recent Ubuntu/Kubuntu distributions: an upgrade to Ubuntu 22.10 (OpenVPN 2.6) will make an .ovpn profile not work, breaking user workflow. It will cost money to create a separate .ovpn file, resend to all users, help them at the phone to fix it. Before investing money on this job, I would like to have a document from OpenVPN that explains what happened and why it happened.

Same here. network-manager-openvpn and network-manager-openvpn-gnome are out of date and need to support the newer "data-ciphers" option. Currently, when they import the ovpn profile with data-ciphers, the option is ignored. Manually setting your cipher sets the "cipher" option, which is no longer expected by openvpn-2.6.
Bug has been submitted: https://bugs.launchpad.net/ubuntu/+sour ... ug/1993634

Confirm that modifying /etc/NetworkManager/system-connections/foo.nmconnection and replacing "cipher" with "data-ciphers", and then logging out and back in (I can't figure out how to get NM to reload entirely), does hack around the issue.

Unfortunately several frontends are slow to upgrade. --data-ciphers has been around since a while...but always ignored..
However 2.6 was just released as beta and we hope frontends will now get up to pace.