–data-ciphers is not used with OpenVPN in IPFire currently. It will come in when we release the OpenVPN-2.6 branch which introduces cipher negotiation but it is not used currently in the server.
This indicates that your client is no longer using the cipher AES-256-CBC.
The simplest thing would be to redo the roadwarrior connections using AES-256-GCM on the server. This will then be accepted by your client.
It might work but don’t add the BF-CBC cipher as that is an extremely weak and insecure cipher and really should not be specified anywhere.
When the OpenVP{N-2.6 branch of code is released in IPFire it will introduce negotiation to use the strongest cipher that both the server and client support and the sort of issue you are experiencing should no longer occur and also the insecure Blow Fish cipher should no longer get used, if users have specified it in the past.
This means stopping the server and changing to AES-CBC (256bit) to AES-CGM(256bit), right? And then creating a new client in the “roadpool” section?
Does that mean the client I have in the “Dynamic OpenVPN IP address pool” section would also need to be recreated? (TBH, it’s been so long ago I don’t remember how I got it there…)