OpenVPN Support Forum

Hi,

Does anyone know if why i would be able to connect via 2.5.8 but then get errors on the latest version 2.6.0? I read somewhere it fails to auth on TLS if the certificate last longer than 400 odd days, is that correct as our cert is valid for another 3 or 4 years which might explain it.

I've had to ask all our users to manually uninstall and install the 2.5.8 version to get it working again.

TIA

Hello TIA,

I think this idea of certificates being valid for longer than 400 days is something that only applies to web certificates, as there are some fairly recent rules that state that certificates for websites should not be valid for longer than that period. I am certain that this does not apply to OpenVPN certificates used for VPN server and client identity verification. So you can put that concern aside.

To understand what is going wrong, we would need to see some logs of a failed connection on OpenVPN 2.6.0. It is most likely something expected due to change introduced in OpenVPN 2.6.0. But we can't know what is going on until we see some logs that show the problem.

Kind regards,
Johan

I have the same problem, how can I send you the logs?

2023-02-20 19:30:06 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). OpenVPN ignores --cipher for cipher negotiations.
2023-02-20 19:30:06 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 15 2023
2023-02-20 19:30:06 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-02-20 19:30:06 library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-02-20 19:30:20 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-02-20 19:30:20 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-02-20 19:30:21 ovpn-dco device [OpenVPN Data Channel Offload] opened
2023-02-20 19:30:21 TCP_CLIENT link local: (not bound)
2023-02-20 19:30:21 TCP_CLIENT link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
2023-02-20 19:30:21 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-02-20 19:30:21 TLS ERROR: Unknown key_method/flags=95 received from remote host
2023-02-20 19:30:21 TLS Error: TLS handshake failed
2023-02-20 19:30:21 Fatal TLS error (check_tls_errors_co), restarting
2023-02-20 19:30:21 SIGUSR1[soft,tls-error] received, process restarting
2023-02-20 19:30:22 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

OpenVPN 2.5.9 work fine

Hello,

Has there been any resolution or "idea" as to why 2.6 will not work? I am experiencing the same issues 2.6 will not connect but all other previous versions work fine. The main issue I am running into at this point is that I can not stop the older version from updating to 2.6, even after reinstall. Does anyone have any suggestions?

Hello,

Same issue here.
see : https://forums.openvpn.net/viewtopic.php?t=35697

Working fine on 2.5.9 but not on 2.6.3

Hi,

Some progress with version 2.6.4.

updated in the config file :

cipher AES-256-CBC
data-ciphers 'AES-256-CBC'
data-ciphers-fallback 'AES-256-CBC'

comp-lzo adaptive
allow-compression yes

mssfix
#fragment 0

with that the connection is ok.