Menu
What's new
By:
Filters
Better Search

cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

atkinsom

Senior Member
I've just noticed this message showing up in my OpenVPN log "Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5)" and "--cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback" I looked around but I didn't see anything that could tell me why the client and server can't negotiate one of the default ciphers in the list that the router has automatically created.

See below....I'm running the latest Merlin on my AX86U Pro and generated new certs from the router but I keep getting this error in the logs. I know how to get around the issue by using the deprecated BF-CBC in the config file but why is the latest Merlin OpenVPN server generating those errors in the client log and not using the data ciphers already in the list.

Thanks for any guidance if I misunderstand the error.

Data ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
 
Last edited:
Those two messages are warnings, not errors. Just ignore them. The warnings are because for backward compatibility, the config file generated by the router uses backward compatible settings so it can run on 2.4, 2.5 or 2.6.
 
atkinsom said:
I've just noticed this message showing up in my OpenVPN log "Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5)" and "--cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback"
...
Data ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
Click to expand...

If you would like to get rid of those 2 warnings in the client log, you can make 2 simple changes in the OpenVPN Client configuration file:

1) Change "ncp-ciphers" to "data-ciphers" keyword
FROM:
Code: 
ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305
TO:
Code: 
data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:CHACHA20-POLY1305

2) Add the following line after the "data-ciphers" line:
Code: 
cipher AES-256-GCM

That's all. No changes are needed in the router's OpenVPN Server.
 
You must log in or register to reply here.

Similar threads

G
Using VPN Director to route only torrent traffic through VPN
Replies
9
Views
505
goldnet
G
D
ASUS RT-AX86U OpenVPN Server Error - Key Too Small
Replies
5
Views
1K
David2001
D
G
Cannot connect to OpenVPN Server since upgrade of OpenVPN client on W10
Replies
2
Views
3K
GSpock
G
P
R9000 with Voxel's Custom firmware Unable to connect via TUN
Replies
5
Views
430
R. Gerrits
R
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
792
nino_070
N
Similar threads
Thread starter Title Forum Replies Date
G openvpn server: can not change/select data cipher Asuswrt-Merlin 1
G Asus RT-AC87U VPN cipher AES-256-GCM Asuswrt-Merlin 10
M Solved Set samba case sensitive permanently Asuswrt-Merlin 3
wcoastsands RT-AX88U Guest Network connection issue when Access Intranet is set to Disable Asuswrt-Merlin 5
skeal Attached drive not idling down as the firmware says and is set for Asuswrt-Merlin 6
W OpenVPN Server set to LAN only allows browsing Asuswrt-Merlin 14
C How to set upstream DNS but force clients to use the router for DNS? Asuswrt-Merlin 2
I Asus Merlin VLAN performance for TV Set-Top-Box Asuswrt-Merlin 0
128bit can VPN Director be set to automatically use the wan for youtubeTV? Asuswrt-Merlin 8
B Host name not being set in client Asuswrt-Merlin 1

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 535 (members: 11, guests: 524)
Top