DaleTech DaleTech
Bookmark

VPN

Posted April 16th, 2021    1258   0   OpenVPN cipher vpn error

Hello, I'm trying to connect using the current release build of OpenVPN (OpenVPN GUI v11.23.0.0) unfortunately each time I'm receiving the following error message "OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-128-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.", I've tried multiple servers all receiving the same error, if the error message is correct diagnosing the above issue then it would appear you need to update the servers with the newer AES-GCM ciphers that became available from 2.4 onward if you would like newer versions of OpenVPN to work? This would be beneficial anyhow as they are more secure and less CPU hungry. I'm downgrading clients and checking to see if they are indeed compatible, If there error message is not correct please could you let me know? so I can instead try and diagnose to see if the problem is at my end. Thanks, Matt

Edit: I went ahead and downgraded the client version, this did indeed fix the error, so If anybody else has the same problem rollback pre 2.50 and you should be good to go. For reference the last compatible client version is openvpn-2.4.10, which can be found here "https://build.openvpn.net/downloads/releases/" with other archived builds. Apparently theres a work around but it will be removed soon, I never bothered with this but if your interested the details are here "https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst"

2 Replies

frank
frank

I think it would really help to get this upgraded sometime soon. I am having to edit every VPN config file now, to downgrade to this outdated cipher. Please update this soon.

Maadcity
Maadcity

I had this issue (since end 2021), client service could not find a solution. I'm glad your solution worked for me.

Thanks !