Menu
What's new
By:
Filters Better Search

[SOLVED] Openvpn and Encryption cipher = None: Not working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

janosek

Regular Contributor
Hello,

I have an RT-AC66U and I am running 378.52_2

I was reading that Private Internet Access allows having no cipher. Since I am using openvpn for netflix and not security, I don't care if I have encryption enabled. However, when I attempt to turn it off, I get the following in my log and the VPN does not work

Code: 
Apr 16 18:37:57 rc_service: httpd 366:notify_rc stop_vpnclient1
Apr 16 18:38:07 rc_service: httpd 366:notify_rc start_vpnclient1
Apr 16 18:38:07 kernel: tun: Universal TUN/TAP device driver, 1.6
Apr 16 18:38:08 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Apr 16 18:38:08 openvpn[954]: OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Apr  5 2015
Apr 16 18:38:08 openvpn[954]: library versions: OpenSSL 1.0.0r 19 Mar 2015, LZO 2.08
Apr 16 18:38:08 openvpn[954]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Apr 16 18:38:08 openvpn[954]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Apr 16 18:38:08 openvpn[954]: ******* WARNING *******: null cipher specified, no encryption will be used
Apr 16 18:38:08 openvpn[954]: Socket Buffers: R=[118784->131072] S=[118784->131072]
Apr 16 18:38:08 openvpn[956]: UDPv4 link local: [undef]
Apr 16 18:38:08 openvpn[956]: UDPv4 link remote: [AF_INET]216.155.131.74:1194
Apr 16 18:38:08 openvpn[956]: TLS: Initial packet from [AF_INET]216.155.131.74:1194, sid=19ccf43c 250e70af
Apr 16 18:38:08 openvpn[956]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Apr 16 18:38:08 openvpn[956]: VERIFY OK: depth=1, C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, emailAddress=secure@privateinternetaccess.com
Apr 16 18:38:08 openvpn[956]: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
Apr 16 18:38:09 openvpn[956]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1526', remote='link-mtu 1542'
Apr 16 18:38:09 openvpn[956]: WARNING: 'cipher' is used inconsistently, local='cipher [null-cipher]', remote='cipher BF-CBC'
Apr 16 18:38:09 openvpn[956]: WARNING: 'keysize' is used inconsistently, local='keysize 0', remote='keysize 128'
Apr 16 18:38:09 openvpn[956]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 16 18:38:09 openvpn[956]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Apr 16 18:38:09 openvpn[956]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Apr 16 18:38:09 openvpn[956]: [Private Internet Access] Peer Connection Initiated with [AF_INET]216.155.131.74:1194
Apr 16 18:38:11 openvpn[956]: SENT CONTROL [Private Internet Access]: 'PUSH_REQUEST' (status=1)
Apr 16 18:38:11 openvpn[956]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.168.1.1,topology net30,ifconfig 10.168.1.6 10.168.1.5'
Apr 16 18:38:11 openvpn[956]: OPTIONS IMPORT: timers and/or timeouts modified
Apr 16 18:38:11 openvpn[956]: OPTIONS IMPORT: LZO parms modified
Apr 16 18:38:11 openvpn[956]: OPTIONS IMPORT: --ifconfig/up options modified
Apr 16 18:38:11 openvpn[956]: OPTIONS IMPORT: route options modified
Apr 16 18:38:11 openvpn[956]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Apr 16 18:38:11 openvpn[956]: TUN/TAP device tun11 opened
Apr 16 18:38:11 openvpn[956]: TUN/TAP TX queue length set to 100
Apr 16 18:38:11 openvpn[956]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Apr 16 18:38:11 openvpn[956]: /usr/sbin/ip link set dev tun11 up mtu 1500
Apr 16 18:38:11 openvpn[956]: /usr/sbin/ip addr add dev tun11 local 10.168.1.6 peer 10.168.1.5
Apr 16 18:38:11 openvpn[956]: updown.sh tun11 1500 1526 10.168.1.6 10.168.1.5 init
Apr 16 18:38:11 rc_service: service 998:notify_rc updateresolv
Apr 16 18:38:11 dnsmasq[788]: read /etc/hosts - 5 addresses
Apr 16 18:38:11 dnsmasq[788]: read /etc/hosts.dnsmasq - 0 addresses
Apr 16 18:38:11 dnsmasq-dhcp[788]: read /etc/ethers - 1 addresses
Apr 16 18:38:11 dnsmasq[788]: using nameserver 209.222.18.222#53
Apr 16 18:38:11 dnsmasq[788]: using nameserver 209.222.18.218#53
Apr 16 18:38:14 openvpn[956]: /usr/sbin/ip route add 216.155.131.74/32 via 24.52.233.65
Apr 16 18:38:14 openvpn[956]: /usr/sbin/ip route add 0.0.0.0/1 via 10.168.1.5
Apr 16 18:38:14 openvpn[956]: /usr/sbin/ip route add 128.0.0.0/1 via 10.168.1.5
Apr 16 18:38:14 openvpn[956]: /usr/sbin/ip route add 10.168.1.1/32 via 10.168.1.5
Apr 16 18:38:14 openvpn[956]: Initialization Sequence Completed

After this, the VPN does not work. If I go back to default encryption, it works fine.
 
PIA ties the encryption method to specific ports. For no encryption try using port 1195
 
yep, UDP port 1195, none for cipher, and "auth none" without quotation marks in the custom configuration.
 
Last edited:
janosek said:
Hello,

I have an RT-AC66U and I am running 378.52_2

I was reading that Private Internet Access allows having no cipher. Since I am using openvpn for netflix and not security, I don't care if I have encryption enabled. However, when I attempt to turn it off, I get the following in my log and the VPN does not work ...
Click to expand...

I don't know if this is a problem, but does not the encryption have to match the servers?
Apr 16 18:38:09 openvpn[956]: WARNING: 'cipher' is used inconsistently, local='cipher [null-cipher]', remote='cipher BF-CBC'

Also be aware of this thread about using VPN to a public server.

www.snbforums.com/threads/router-web-accessibility-from-wan-internet-when-an-openvpn-client-is-running.23743/
 
Thank you Cosmoxl and john9527! "auth none" (and earlier port 1195) was what I was missing!
 
Last edited:
Sorry to bump an old thread but this configuration no longer works for me, did it stop working for you using private internet access.com ?

Looking for anything to get it working again please.
 
You must log in or register to reply here.

Similar threads

Wishmaster1965
Solved OpenVPN Server Issue
Replies
5
Views
679
Wishmaster1965
Wishmaster1965
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
1K
pattox
P
N
Suspicious Activity?
Replies
6
Views
1K
L&LD
L&LD
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
879
ragtap
R
L
OpenVPN Question
Replies
5
Views
1K
Littlelight
L
Similar threads
Thread starter Title Forum Replies Date
B (solved) Dnscrypt blocked-names.txt automatically deleted upon modification Asuswrt-Merlin 4
G Miracast problems solved by router reboot -RT-AC86U 386.12_4 Asuswrt-Merlin 0
W Solved Solved (for me): WiFi issues and/or crashes with Merlin on RT-AC86U Asuswrt-Merlin 1
magicus [solved] More than 64 static DHCP addresses? Asuswrt-Merlin 3
J Solved *SOLVED* Asus RT-AX86U Pro on latest Merlin 3004.388.4, cannot get RT-AC68U (on any firmware) to connect as a AI Mesh Node Asuswrt-Merlin 3
M SOLVED: very asymmetric UL/DL speed on 2.5G line Asuswrt-Merlin 25
Calafax AX86U setup & ethernet-only access--solved Asuswrt-Merlin 13
M OpenVPN clients cannot connect to LAN computers. Asuswrt-Merlin 0
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
R OpenVPN keeps on turning itself off Asuswrt-Merlin 37

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 604 (members: 15, guests: 589)
Top