I am running an OpenVPN 2.4.0 network with TCP protocol and 443 port to mimic https stream (server software installation in a Raspberry pi3 has been done using pivpn )
After connection, I have random "AEAD Decrypt error: cipher final failed" message every 5 ti 10 minutes when receiving from Raspbian openvpn client thru a firewall . After each software reset the Raspbian client succeed to reconnect but again 5 to 10 minutes later another "AEAD Decrypt error: cipher final failed" .
( The openvpn server is running in a Raspberry 3 and working well with others clients ( Windows, Android) but another network without firewall in this case)
Is anybody an idea how to correct these random "AEAD Decrypt error: cipher final failed" ?
Daniel
Jan 13 08:37:11 raspberrypi ovpn-server[395]: E/xx.xx.xx.xx.:13885 AEAD Decrypt error: cipher final failed
Jan 13 08:37:11 raspberrypi ovpn-server[395]: E/xx.xx.xx.xx:13885 Fatal decryption error (process_incoming_link), restarting
Jan 13 08:37:11 raspberrypi ovpn-server[395]: E/xx.xx.xx.xx:13885 SIGUSR1[soft,decryption-error] received, client-instance restarting
AEAD Decrypt error: cipher final failed
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Dec 05, 2018 4:14 pm
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Apr 17, 2019 1:13 pm
Re: AEAD Decrypt error: cipher final failed
Hello,
I have the same issue. In server logs there are plenty of ERRORS like:
Restarting server works for quite some time, but after this time a client attempts to connect and I still receive those errors.
My configuration:
System: Debian 4.9.0-3-amd64 #1 SMP
OpenVPN version: 2.4.0-6
server configuration:
Client configuration
This happens randomly and only after some time (more than 10 hours of uptime) and when 20 or more clients are connected.
I have the same issue. In server logs there are plenty of ERRORS like:
Code: Select all
ovpn-vpn-udp[11613]: some.guy/123.231.132.33:2371 AEAD Decrypt error: cipher final failed
My configuration:
System: Debian 4.9.0-3-amd64 #1 SMP
OpenVPN version: 2.4.0-6
server configuration:
Code: Select all
port 3434
proto udp
dev udp-tun
dev-type tun
topology subnet
persist-tun
persist-key
user nobody
group nogroup
server 172.17.1.0 255.255.255
ca ca_file.pem
cert cert_file.pem
key key_file.pem
dh dh.pem
crl-verify crl_file.pem
tls-auth ta.key 0
client-config-dir udp-tun.d
ifconfig-pool-persist udp-tun.pool
keepalive 10 120
compress lzo
log-append /var/log/openvpn/udp-tun.log
verb 3
auth SHA1
push "dhcp-option DNS 172.17.1.2"
push "route 172.17.1.0 255.255.0.0"
push "route 172.17.2.0 255.255.0.0"
push "route 172.17.3.0 255.255.0.0"
Code: Select all
client
dev tun
proto udp
remote my.remote.server.com 3434
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
auth-nocache
comp-lzo
keepalive 10 120
verb 4
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm
Re: AEAD Decrypt error: cipher final failed
Try removing --persist-* from your client config.
I do not know if this is a fix but it may help.
Also, you may want to use 2.4.7 from here:
https://openvpn.net/community-downloads/
I do not know if this is a fix but it may help.
Also, you may want to use 2.4.7 from here:
https://openvpn.net/community-downloads/
-
- OpenVpn Newbie
- Posts: 2
- Joined: Wed Apr 17, 2019 1:13 pm
Re: AEAD Decrypt error: cipher final failed
Thanks for the reply!
I just commented out those options from server configuration only. Why?
In my case changing configuration for clients is a bit of trouble since not all users or endpoints can adapt to changes...
I just commented out those options from server configuration only. Why?
In my case changing configuration for clients is a bit of trouble since not all users or endpoints can adapt to changes...
-
- OpenVPN Protagonist
- Posts: 11136
- Joined: Fri Jun 03, 2016 1:17 pm