Config error: "4: cipher (2.5.8)"

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
CK
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 23, 2022 9:58 am

Config error: "4: cipher (2.5.8)"

Post by CK » Thu Nov 24, 2022 7:11 am

Hello,

currently I am stuck setting up OpenVPN on a pfSense in a test environment. Test environment because the company required a proof-of-concept before ordering the hardware. Unfortunately, this causes a lot of problems. The pfSenses are of necessity both installed on workstations and connected to a VLAN, which at least allows them to make calls to the outside world. In the VLAN assigned to me there are a few hundred other devices and I can't set up a static route or forwarding there. Of course, access via DynDNS is not possible. The dial-in should be done exclusively via OpenVPN and the authentication only via a PSK. An (additional) User-Auth is not desired.

So I try to establish an OpenVPN tunnel to pfSense and the OpenVPN server running there with a client hanging in the same VLAN network.

Since this is my first time working with pfSense and also my first time setting up an OpenVPN server, I am now facing a problem where I would really appreciate some experienced eyes. I can't ask anyone at my company about this, since they don't seem to have any experience regarding this matter.

The OpenVPN server and the clients were configured with this tutorial, which is - actually - straight forward: https://technium.ch/pfsense-openvpn-ser ... -tutorial/ . For the connection, this configuration is exported on the client side:

Image

However, as a result, I end up in this error every time I try to connect:

Image

The log says
Image

while the config looks like this
Image

and the service is active for this connection:
Image

Even if I allow the tunnel setup as ANY-ANY on and over any interface, I end up in the same error with the same log entry:
Image

I post here the screenshots of the entire pfSense config and it would really be a help if someone could look over it. U.U. I just do not see the forest for the trees and do not want to completely exclude that I have may be made a major mistake somewhere, which I simply have overlooked now for days.

CA:
Image

CA of the OpenVPN-Server:
Image

Certificates:
Image

Firewall-Rules:
Image

Image

Image

Image

OpenVPN-Server:
Image

pfSynch runs, failover works, only the VPN connection I just cannot get working. As being still-a-noobish-amateur on pfSense and OpenVPN, now I am at the end with my Latin. Would be happy if someone could help me a little further and help back on the path of virtue, otherwisie probably more mice have to die due to suddenly and unexpectedly occuring impacts in the wall behind my screen :roll: .

I´m not quite sure why it seems to be that the encryption negotiation is the problem. The used imported configuration is created by the OpenVPN-Server, with his CA and certificates in place and generated by him. Is it possible, that the client config should specify a certain algorythm on line 4 (Cipher)? I am just running out of ideas here..

If someone could lend me hand on this, that would be really awesome and much appreciated.

Regards,
Chris.

User avatar
Pippin
Forum Team
Posts: 1200
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: Config error: "4: cipher (2.5.8)"

Post by Pippin » Thu Nov 24, 2022 11:21 am

Hi,

You might have more luck here:
https://forum.netgate.com/

Shared key is deprecated:
https://docs.netgate.com/pfsense/en/lat ... -mode.html

You can look into SSL/TLS which is certificate based without user auth:
https://docs.netgate.com/pfsense/en/lat ... s-tls.html
.
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp

Post Reply