OpenVPN Support Forum

I have a problem with OpenVPN version 2.4.7 in the Ubuntu 20.04 LTS operating environment.

Everything works when the client uses the default cipher but when the client uses the cipher AES-256-CBC, the clients connects but nothing works.

The server log records 'Authenticate/Decrypt packet error: cipher final failed'. I checked the servers' available ciphers and AES-256-CBC is available.

Does anyone know what's up?

you may be ending up in some cipher mismatching scenario. More modern OpenVPN versions would negotiate the best available cipher and use that.
In your case I think something is breaking and the two endpoints end up using different ciphers.

You could post both client and server logs with --verb 4, but I'd strongly suggest to upgrade to 2.6.x.

I think I already know what the problem is, I think the problem is GNOME's Network Manager. It is buggy. I have had problems with it in the past where could not authenticate using WPA3, unless I opened the terminal and entered 500 commands.

I will try the official OpenVPN client to confirm. I'll bet it works.

Thanks

I was going to stop using OpenVPN but I decided I would keep using OpenVPN, but with IPv4 only.

The problem wasn't GNOME's Network Manager. The problem was me not understanding there is no cipher negotiation in static key mode because it wasn't covered by the Static Key Mini-HOWTO, and the 'ncp-disable' notice on startup isn't self-explanatory.

Well, now I know.