What's new

Cannot connect to OpenVPN Server since upgrade of OpenVPN client on W10

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

GSpock

Senior Member
Hi all,
I upgraded this morning my W10 PC to OpenVPN 2.6.0 (https://openvpn.net/community-downloads/)
Since then I get this error message when trying to connect to Server on my RT-AX86U:

Code:
2023-02-02 12:21:45 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2023-02-02 12:21:45 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-02-02 12:21:45 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023
2023-02-02 12:21:45 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-02-02 12:21:45 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-02-02 12:22:10 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2023-02-02 12:22:10 Cannot load inline certificate file
2023-02-02 12:22:10 Exiting due to fatal error

Any idea on how to resolve this other than downgrading client?
Thx,
GS
 
Hi all,
I upgraded this morning my W10 PC to OpenVPN 2.6.0 (https://openvpn.net/community-downloads/)
Since then I get this error message when trying to connect to Server on my RT-AX86U:

Code:
2023-02-02 12:21:45 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2023-02-02 12:21:45 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2023-02-02 12:21:45 OpenVPN 2.6.0 [git:v2.6.0/b999466418dddb89] Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Jan 25 2023
2023-02-02 12:21:45 Windows version 10.0 (Windows 10 or greater), amd64 executable
2023-02-02 12:21:45 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2023-02-02 12:22:10 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2023-02-02 12:22:10 Cannot load inline certificate file
2023-02-02 12:22:10 Exiting due to fatal error

Any idea on how to resolve this other than downgrading client?
Thx,
GS
It looks like some server-side things need to change to comport with 2.6. Really interested to see the new commit in Merlin, too. But the ciphers are down to two, compression is gone, including framing for compression, and it looks like you need to generate stronger certificates. Haven't played with it myself.
 
it looks like you need to generate stronger certificates.
Thanks, indeed regenerating the ovpn file on the server and re-applying on the client side made the job.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top