Page 1 of 1

Connection failed after upgrade to OpenVPN 2.6.0

Posted: Mon Jan 30, 2023 1:59 pm
by SomeoneElse
Upgrade process was via ... pn#install

A previously working client .ovpn file which contains "cipher BF-CBC" now fails to connect to an IPfire server. A different server still connects OK. The relevant error in the log is:

OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.

Over at github there is:

There a suggestion** is ... -856059530 :

Add "BF-CBC" to "data-ciphers", as in "put the following into your config":

But which config?
A configuration file on the server? Unlikely, as I actually want to tell a new client to work with an old server.
The per-connection configuration file on the client? Again unlikely, as it is already defined there.
Some other global config on the client? Maybe,but in the client "settings / about" suggests that "configuation files" are in "C:\Users\MyName\OpenVPN\config", which is empty. If I do need to create a file here, what should it be called.

Actual connection configuration files are in "C:\Program Files\OpenVPN\config". There are per-connection .ovpn and .p12 files (for IPfire connections) and .ovpn files (for non-IPfire connections.

** the other suggestion there is "upgrade the server". Good advice, but not possible at this time.