Unable to connect to self-hosted vpn

OPTIONS ERROR: failed to negotiate cipher with server. Configure --data-ciphers-fallback if you want to connect to this server.

This seems to be something that needs to be configured on the server, but I have no access to the server config because router vendors are absolute garbage.

Nope. you can configure your client config. Just add or modify cipher line to:

cipher AES-128-CBC

That should work or move to other errors caused by ancient openvpn server (which most likely also have switches in client config).
You can also add verb 3 to client config for easier debugging – logs should be more descriptive :wink:

It’s logically to make cheanges like that in the config of the VPN software used to connect with (client) eg openvpn like @Tomek said :wink:

As you see, problem solving has nothing todo with blaming anyone, its all about following pure logic :wink:

My guy, Network Manager is the client and the UI doesn’t expose all possible settings, hence having to edit the config. @Tomek is referring to client vs server. And what’s the last line about?

For the record, the problem is still not solved. I can’t seem to do anything to get a connection.

cipher AES-128-CBC is in the config already, as that is selected (properly) as the cipher via the UI.
data-ciper AES-128-CBC in the config file doesn’t work
data-cipher-fallback AES-128-CBC in the config also does not work.

The NM openvpn config uses sometimes different option names than Openvpn.

Currently NM openvpn does not support data-cipher-fallback . But the Openvpn data-ciper is supported, but NM calls it data-ciphers

Add support for OpenVPN’s --data-ciphers (963b71a8) · Commits · GNOME / NetworkManager-openvpn · GitLab

I don’t know if data-ciphers can be set via the GUI. You might need to use nmcli or edit the config file directly.

Did you check logs? Still are the same? Did you increase log verbosity? Can you share logs?

Of course, change only ciphers may be not enough. I recently successfully set up connection between openvpn 2.3 and 2.6 and there were more problems than just cipher – after solving one another appeared, but every one have different logs, so I applied solutions according to logs and after several iterations at the end I received working connection, so don’t give up :wink:

I fixed this by getting a new router with a proper openvpn implementation

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.