CU 178 - Error: negotiated cipher not allowed - AES-256-CBC

it seems this is the latest thread on this subject:
To day I am using IPFire 2.27 (x86_64) - Mise à jour du noyau 178
I have just upgraded the client openvpn to 2.6.6 and I have the same error

2023-08-21 08:25:23 Error: negotiated cipher not allowed - AES-256-CBC not in AES-256-GCM:AES-128-GCM
2023-08-21 08:25:23 OPTIONS ERROR: failed to import crypto options
2023-08-21 08:25:23 Failed to open tun/tap interface

I am under windows 10 and have in the config

providers legacy default

any suggestions please ?

thanks in advance !

I think that in your case you can try

  1. on IPFire WUI->Services->OpenVPN
    change Encryption: to AES-GCM(256 bit)

  1. then on the client
    in the .ovpn configuration file
    change the cipher AES-256-CBC to cipher AES-256-GCM


1 Like

thanks but when I change this config, it allways go back to its default
AES-CBC (256 bit)
did I miss something please ?

You need to stop the vpn server, then change the cipher, then press save and then start the server again.

1 Like

A little addition to @bonnietwin post


thanks !

I did have to reboot the sever to see a scree nrefresh when you change this value

Just refresh your browser page.

yes but the server was still showing as red not started :wink:

Sorry, I misunderstood what your refresh problem was. I thought you meant the status of the client connection.

If the server is failing to start then you need to look in the logs to see what the problem is.

Go to Logs - System Logs in the WUI menu.

Then select OpenVPN in the dropdown box labelled Section: and then press the Update button.

We misunderstood each other:

  • first problem was the ‘save’ and thank you foryour help I miss it
  • second problem is when you start the server you do not have the text+light which change from red to green => in this case I have to restart the server