I get this error on a Windows 10 client when trying to connect to IPFire:
INET address service: add 10.119.127.14/30
TUN: adding address failed using service: Element nicht gefunden. [status=1168 if_index=126]
IPv4 dns servers set using service
TUN: setting IPv4 mtu using service failed: Element nicht gefunden. [status=1168 if_index=126]
Block_DNS: adding block dns filters using service failed: Element nicht gefunden. [status=0x490 if_index=126]
MANAGEMENT: Client disconnected
This also seems to stop the “OpenVPN Interactive Service”.
When I edit the client’s config file and change “cipher AES-256-CBC” to “data-ciphers-fallback AES-256-CBC”, the problem is gone and the client is able to connect.
Recently switched to OpenVPN 2.6 but this also happened with 2.5 before (just didn’t investigate further). Initially, I changed “–cipher” to circumvent this warning:
# DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM).
# Future OpenVPN version will ignore --cipher for cipher negotiations.
# Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
So, I currently have no problem, but I guess others might find this useful (as I couldn’t find anything helpful). Also, maybe the defaults in IPFire should be changed - or have been changed already and my installation is still using the old default values.
Alternatively you can modify the openssl.cnf file on your windows client to allow legacy clients.
See thread OVPN Cert creation algo
This thread is covering linux but the pribiple should also work for windows, you would just need to find where the openssl.cnf file is stored and edit it in a similar way as descirbed for the Linux clients.
the “template” is the settings file for global configuration and ovpnconfig for client specifics (N2N also global).
According to your configuration update to every client, i did some test in here where it was not needed if the server uses the “–data-ciphers” directive. This is also true for OpenVPN server since version >=2.4.0 .
Can´t say if you should or should not since i do not have the topic problem. The main reason why i wrote you was to deliver an may more efficient way to solve this.
The recent IPFire installation does NOT have “–data-ciphers” or in this case NCP.
Since a test by only changing the directive in server.conf might be not a huge thing for you and can deliver results according to the problem it might be a good idea ?! but it will be overwritten if you press the “Save” button in WUI or if the WUI get´s an update which will come with the next Core release.