Page 1 of 1

failed to negotiate cipher with server

Posted: Tue Jun 06, 2023 8:17 am
by VOSKAYY
HI,

I work for 1 month on an entreprise and I have to do a vpn with pfsense and oVPN but when I finished, I have this error message on the openVPN-GUI (failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-128-GCM') if you want to connect to this server.) and Idk how resolve this problem.

thanks if you reply.

(And sorry for my english, I'm french and I have difficult on english..)

Re: failed to negotiate cipher with server

Posted: Tue Jun 06, 2023 8:35 am
by Fadim
No worries about your English! I understand the struggle. Regarding the error message you're encountering, it seems to be related to a cipher mismatch between the server and your OpenVPN client. To resolve this, you can try adding the server's cipher ('AES-128-CBC') to the --data-ciphers option in your OpenVPN configuration file. This should align the cipher settings and allow you to connect successfully.

Also, I think you might find more useful info in this GitHub thread: https://github.com/OpenVPN/openvpn-gui/issues/381

Re: failed to negotiate cipher with server

Posted: Tue Jun 06, 2023 9:29 am
by VOSKAYY
okay thanks I tried and It's work,
thanks you !

Re: failed to negotiate cipher with server

Posted: Fri Jan 26, 2024 5:55 pm
by altevir
HI,
I have the same problem, in my case I receive the error message below on openvpn clients, but this only occurs on computers running Windows 11, on computers with Windows 10 it connects normally without error.

If you could help me I would be very grateful.

Below is the error message that occurs on Windows 11 computers:

OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

Below is an excerpt from the configuration file that mentions the "ciphers" settings on clients.

# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
;cipher x

cipher AES-128-CBC
auth SHA256