OpenVPN - Cipher failure with 2.6

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

OpenVPN - Cipher failure with 2.6

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
OpenVPN - Cipher failure with 2.6
OpenVPN - Cipher failure with 2.6
2023-04-21 08:28:12
Model: OC300  
Hardware Version: V1
Firmware Version: 5.9.3.2

Hi@all!

 

Iam playing the last days with OpenVPN. I want to build a simple Client-to-Site VPN to access my home network (Printer,NAS etc.) with my smartphone and notebook.

 

ER-7206, OC300, EAP650 is my config.

 

Iam facing two "problems" and iam not able to fix it - can someone from the experts please help me?

 

1. After upgrading from OpenVPN 2.4 to 2.6  - OpenVPN was changing their config and dont support the same "data cipher CBC" which i need to connect to my ER7206.

 

Logging says "OPTIONS ERROR: failed to negotiate cipher with server. Configure --data-ciphers-fallback if you want to connect to this server."

 

 

2. When i connect my mobile via Android OpenVPN App - i will receive the IP 192.168.1.X - as configured in the VPN Server on my ER7206. How can i set up access to my internal devices which are running in my 192.168.0.X subnet. Can i config this directly on the ER7206 or is there something if i have configure in the Firewall Rules?

 

 

Thank you very much for helping me!

 

Chris

  0      
  0      
#1
Options
5 Reply
Re:OpenVPN - Cipher failure with 2.6
2023-04-21 19:31:19

  @ChrisAT 

 

First you need to understand what is routing network, then you can choose method to reach your device from 1.x (VPN) to 0.x (LAN).
There is many ways to do this, so everything is up to you if you find time and read proper manuals (not from TP-Link) ;)

+20y experience in Linux/UNIX, +12y VMware, +10y as network admin, +8y as AIX admin (professional) I really know what is going on at background, please don't try to cheat me TP-Link :)
  0  
  0  
#2
Options
Re:OpenVPN - Cipher failure with 2.6
2023-04-22 11:01:14

  @DREEMus 

 

Hi, you are absolutely right. Iam not a technican. I just have basic understanding in network config. Thats the reason why i decided to go with Omada.

 

Maybe you can help me how to config this feature in my environment? Or you could give me some keywords/hint?

 

TL-ER7206 - Gateway

OC300 - Controller

2210P - Switch with POE

6xEAP 653 Access Point.

 

Everthing is up and running.

 

The only i thing i would know is how i could make it possible to reach my internal devices with their fixed IP - 192.168.0.97-99 when iam connected with my OpenVPN on the TL-ER7206. I receive an IP Adresse like 192.168.1.X.

 

Thank you very much for any help/hint how i could make this happen!

 

THX

Chris

  1  
  1  
#3
Options
Re:OpenVPN - Cipher failure with 2.6
2023-04-22 18:26:31

  @ChrisAT 

You can trust TP-Link on implement things right, so you take care of it yourself.

If you use OpenVPN on Windows/Linux you can modify ovpn exported file from Omada (and you have to).

 

Just add below line to parameters (before certificates)

route 192.168.0.0 255.255.255.0 192.168.1.1

 

This line tell your client that 192.168.0.97 is behind 192.168.1.1 (VPN server) and then you should reach your device.

 

To check if routing is right you can perform (after VPN connection is established):
- Windows: tracert -d 192.168.0.97

- Linux: traceroute -n 192.168.0.97

 

and MOST IMPORTANT THING IS YOU CANNOT BE SOMEWHERE ELSE IN 192.168.0.0/24 NETWORK, because your clients will stay in local network (same network somewhere and your LAN in home).

 

This is why admins don't use 0.0, 1.0 networks at home, work, remote sides, etc ;)

 

Unfortunately TP-Link implement many technologies as they want (partially or even worst) without clear documentation!

+20y experience in Linux/UNIX, +12y VMware, +10y as network admin, +8y as AIX admin (professional) I really know what is going on at background, please don't try to cheat me TP-Link :)
  0  
  0  
#4
Options
Re:OpenVPN - Cipher failure with 2.6
2023-04-22 18:49:50

  @DREEMus 

 

Thank you very much!!!!

 

I will test it and tell you if it works!

 

Thx

 

Chris 

 

  0  
  0  
#5
Options
Re:OpenVPN - Cipher failure with 2.6
2023-06-20 19:44:00

  @ChrisAT

 

Take a look at https://www.reddit.com/r/PrivateInternetAccess/comments/j1iyl7/openvpn_client_no_longer_connects_cipher_not/

 

Add the data-cipher and data-cipher-fallback lines to your client confile file 

  0  
  0  
#6
Options