Menu
What's new
By:
Filters Better Search

cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

atkinsom

Senior Member
I've just noticed this message showing up in my OpenVPN log "Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5)" and "--cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback" I looked around but I didn't see anything that could tell me why the client and server can't negotiate one of the default ciphers in the list that the router has automatically created.

See below....I'm running the latest Merlin on my AX86U Pro and generated new certs from the router but I keep getting this error in the logs. I know how to get around the issue by using the deprecated BF-CBC in the config file but why is the latest Merlin OpenVPN server generating those errors in the client log and not using the data ciphers already in the list.

Thanks for any guidance if I misunderstand the error.

Data ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
 
Last edited:
Those two messages are warnings, not errors. Just ignore them. The warnings are because for backward compatibility, the config file generated by the router uses backward compatible settings so it can run on 2.4, 2.5 or 2.6.
 
atkinsom said:
I've just noticed this message showing up in my OpenVPN log "Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5)" and "--cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback"
...
Data ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
Click to expand...

If you would like to get rid of those 2 warnings in the client log, you can make 2 simple changes in the OpenVPN Client configuration file:

1) Change "ncp-ciphers" to "data-ciphers" keyword
FROM:
Code: 
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
TO:
Code: 
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305

2) Add the following line after the "data-ciphers" line:
Code: 
cipher AES-256-GCM

That's all. No changes are needed in the router's OpenVPN Server.
 
You must log in or register to reply here.

Similar threads

D
ASUS RT-AX86U OpenVPN Server Error - Key Too Small
Replies
4
Views
205
Tech9
Tech9
G
Cannot connect to OpenVPN Server since upgrade of OpenVPN client on W10
Replies
2
Views
2K
GSpock
G
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
408
nino_070
N
I
One OpenVPN server and two clients with certificates
Replies
0
Views
534
Igor
I
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
893
ragtap
R
Similar threads
Thread starter Title Forum Replies Date
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
G Asus RT-AC87U VPN cipher AES-256-GCM Asuswrt-Merlin 10
skeal Attached drive not idling down as the firmware says and is set for Asuswrt-Merlin 6
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
C How to set upstream DNS but force clients to use the router for DNS? Asuswrt-Merlin 2
I Asus Merlin VLAN performance for TV Set-Top-Box Asuswrt-Merlin 0
128bit can VPN Director be set to automatically use the wan for youtubeTV? Asuswrt-Merlin 8
B Host name not being set in client Asuswrt-Merlin 1
H WireGuard Server Clients Allowed IPs Not Getting Set Asuswrt-Merlin 2
H AX86U on 3004.388.4 doesn't let set Wi-Fi channel after AX92U on 3.0.0.4.388_23630 is added as an AiMesh node using ethernet backhaul Asuswrt-Merlin 3

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 865 (members: 29, guests: 836)
Top