OpenVPN troubleshooting: Client wont connect to server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

OpenVPN troubleshooting: Client wont connect to server

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
OpenVPN troubleshooting: Client wont connect to server
OpenVPN troubleshooting: Client wont connect to server
2024-01-07 12:57:20
Tags: #VPN
Model: Archer AX50  
Hardware Version: V1
Firmware Version: 1.0.13 Build 20230906 rel.40682(4555)

Hi,

I have configured the openVPN server on my Archer AX50 router before and I was able to connect with OpenVPN client without problems.

At one point the connection couldnt be established anymore. I generated new certificate and downloaded new openVPN config file but it doesn't work. Here are my settings:

-Enable VPN server: checked

-Service type: UDP

-Service port: 1194

-VPN subnet: 10.8.0.0 (255.255.255.0)

-Internet and Home Network.

My ISP modem is in bridge mode and I am using DDNS. I change the public IP address in .opvn config file to DDNS address.

 

I tried changing many things including the subnet mask and service type to UDP but the connection wont go through. I am trying connect to server with client command line interface on my linux (Ubuntu) machine with: openvpn3 session-start --config  OpenVPN-Config.ovpn.

If I print the log when connecting (openvpn3 log --log-level 6 --config OpenVPN-Config.ovpn) I get the error: Client DEBUG: Client exception in transport_recv: crypto_alg: AES-128-CBC: bad cipher for data channel use.

Does anyone know where is the problem?

Thanks for help

  0      
  0      
#1
Options
3 Reply
Re:OpenVPN troubleshooting: Client wont connect to server
2024-01-07 16:56:51

  @darkoS 

 

Hi,

 

Do you know if the OpenVPN client on your Linux machine got updated recently?

 

The Archer AX50 uses a quite old version of OpenVPN and newer versions of OpenVPN have been dropping support for backward compatibility with certain older versions of OpenVPN. I know such issues have been reported previously by Windows users who tried to use the newest version of the OpenVPN client. 

 

  0  
  0  
#2
Options
Re:OpenVPN troubleshooting: Client wont connect to server
2024-01-09 17:55:45

  @darkoS 

Hi, thanks for pointing that out.

Yes I just recently reinstalled it so I have the newest verison of Linux client I guess (v3.8.2). But I do not think that is the problem because I tried with newset install of openVPN client on Windows machine and it worked. So te problem is just on Linux machines.

 

 

  0  
  0  
#3
Options
Re:OpenVPN troubleshooting: Client wont connect to server
2024-01-13 19:36:10

  @darkoS 

 

Sure, no problem, it's everyone's freedom.

 

Today I had some spare time to dig into this.
I installed the OpenVPN 3 Client for Linux on my Linux Mint. There is also an older openvpn 2.5.9 installed.
Well, openvpn 2.5.9 connects just fine to my Archer AX50, but openvpn3 v3.8.2 throws the same error that you reported and no working connection is established.

 

Then I also found this https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst
If you scroll down to the section "OpenVPN 3 clients" it says right there that the old CBC ciphers (which are used by the OpenVPN server of the AX50) have been disabled in newer versions of the OpenVPN 3.x library.

 

Now you might ask why the Windows Connect client v3.x works. Well, I don't know. Explanations I can think of are that the developers of the Windows client either use an older OpenVPN 3.x library that still had the CBC ciphers enabled or that they re-enabled the old ciphers in the newer source code. After all, OpenVPN Inc., the company who makes the OpenVPN Connect client for Windows, is a commercial entity, so they will want their stuff to work conveniently for as many users as possible, and not cause lots of support requests.

 

 

 

 

  0  
  0  
#4
Options