You are not logged in.
- Topics: Active | Unanswered
#1 2024-05-07 15:56:27
- koroki
- Member
- Registered: 2013-08-03
- Posts: 52
networkmanager-openvpn fails with some servers in the new versions
The new version, networkmanager-openvpn-1.10.4-1 (06-May-2024), has problems with some openvpn servers. I suspect that it is the same error than in the last update of the last year (networkmanager-openvpn-1.10.2-2 03-Jun-2023), that was solved 3 days after...
Offline
#2 2024-05-10 11:12:55
- Kisuke-CZE
- Member
- Registered: 2017-03-16
- Posts: 13
- Website
Re: networkmanager-openvpn fails with some servers in the new versions
I can confirm that. Downgrading back to 1.10.2 solves the issue for me as a client.
When I was on 1.10.4 this warning was only different thing I could find (comparing to working version 1.10.2):
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.Oh, just found issue with WA published:
https://gitlab.gnome.org/GNOME/NetworkM … issues/138
https://gitlab.gnome.org/GNOME/NetworkM … te_2106393
So in the end you have to manually edit connection in /etc/NetworkManager/system-connections/ and add parameter: data-ciphers= that matches cipher= parameter in the same file to mimics old version behavior.
Last edited by Kisuke-CZE (2024-05-10 11:32:38)
Offline
#3 2024-05-15 08:55:46
- TarteAuxFraises
- Member
- Registered: 2023-10-05
- Posts: 6
Re: networkmanager-openvpn fails with some servers in the new versions
Yes same trouble here with
sudo journalctl -fu NetworkManager
"OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server."
Offline
#4 2024-05-16 08:28:15
- koroki
- Member
- Registered: 2013-08-03
- Posts: 52
Re: networkmanager-openvpn fails with some servers in the new versions
I can confirm that. Downgrading back to 1.10.2 solves the issue for me as a client.
When I was on 1.10.4 this warning was only different thing I could find (comparing to working version 1.10.2):
DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.Oh, just found issue with WA published:
https://gitlab.gnome.org/GNOME/NetworkM … issues/138
https://gitlab.gnome.org/GNOME/NetworkM … te_2106393So in the end you have to manually edit connection in /etc/NetworkManager/system-connections/ and add parameter: data-ciphers= that matches cipher= parameter in the same file to mimics old version behavior.
Oh, thanks!
At least it works without any downgrade.
Offline
#5 2024-07-03 05:47:04
- hungdq
- Member
- Registered: 2022-05-28
- Posts: 2
Re: networkmanager-openvpn fails with some servers in the new versions
It seems there is no GUI option for setting the data cipher to AES-256-CBC. You can add it manually in
/etc/NetworkManager/system-connections/<name_your_vpn_network>
Add the following line:
data-ciphers=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
Your configuration should look like this:
[VPN]
...
cipher=AES-256-CBC
data-ciphers=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:AES-256-CBC
...So, all the commands you need to run are (you need to run them with root permissions):
# sudo su
# vim /etc/NetworkManager/system-connections/<name_your_vpn_network>
# systemctl restart NetworkManagerRetry your connection again
Offline