Connection failed after upgrade to OpenVPN 2.6.0
Posted: Mon Jan 30, 2023 1:59 pm
Upgrade process was via
https://community.chocolatey.org/packag ... pn#install
A previously working client .ovpn file which contains "cipher BF-CBC" now fails to connect to an IPfire server. A different server still connects OK. The relevant error in the log is:
OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
Over at github there is:
https://github.com/OpenVPN/openvpn-gui/issues/381
There a suggestion** is https://github.com/OpenVPN/openvpn-gui/ ... -856059530 :
Add "BF-CBC" to "data-ciphers", as in "put the following into your config":
But which config?
A configuration file on the server? Unlikely, as I actually want to tell a new client to work with an old server.
The per-connection configuration file on the client? Again unlikely, as it is already defined there.
Some other global config on the client? Maybe,but in the client "settings / about" suggests that "configuation files" are in "C:\Users\MyName\OpenVPN\config", which is empty. If I do need to create a file here, what should it be called.
Actual connection configuration files are in "C:\Program Files\OpenVPN\config". There are per-connection .ovpn and .p12 files (for IPfire connections) and .ovpn files (for non-IPfire connections.
** the other suggestion there is "upgrade the server". Good advice, but not possible at this time.
https://community.chocolatey.org/packag ... pn#install
A previously working client .ovpn file which contains "cipher BF-CBC" now fails to connect to an IPfire server. A different server still connects OK. The relevant error in the log is:
OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
Over at github there is:
https://github.com/OpenVPN/openvpn-gui/issues/381
There a suggestion** is https://github.com/OpenVPN/openvpn-gui/ ... -856059530 :
Add "BF-CBC" to "data-ciphers", as in "put the following into your config":
But which config?
A configuration file on the server? Unlikely, as I actually want to tell a new client to work with an old server.
The per-connection configuration file on the client? Again unlikely, as it is already defined there.
Some other global config on the client? Maybe,but in the client "settings / about" suggests that "configuation files" are in "C:\Users\MyName\OpenVPN\config", which is empty. If I do need to create a file here, what should it be called.
Actual connection configuration files are in "C:\Program Files\OpenVPN\config". There are per-connection .ovpn and .p12 files (for IPfire connections) and .ovpn files (for non-IPfire connections.
** the other suggestion there is "upgrade the server". Good advice, but not possible at this time.