Question

cipher AES-256-CBC

Posted August 19, 2021 1.2k views
UbuntuSecurityVPNUbuntu 18.04

Hello how to fix this my cipher cipher AES-256-CBC its now working on my openvpn 2.5 client.. then i tried to change into cipher AES-256-GCM then it’s the same…
note: i only change in server.conf and base.conf the cipher.

this is the result: hu Aug 19 08:29:03 2021 DEPRECATED OPTION: –cipher set to ‘AES-256-CBC’ but missing in –data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore –cipher for cipher negotiations. Add 'AES-256-CBC’ to –data-ciphers or change –cipher 'AES-256-CBC’ to –data-ciphers-fallback 'AES-256-CBC’ to silence this warning.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hello there,

If you want to change the encryption cipher in Access Server you can follow the OpenVPN official docs here:

https://openvpn.net/vpn-server-resources/change-encryption-cipher-in-access-server/

By default OpenVPN Access Server used in the past the cipher BF-CBC. As of Access Server 2.5, AES-256-CBC cipher is used on new installations, and with upgrades from an older version will still use BF-CBC

AES-256-CBC contains no known security flaws so we have made the decision to move to that key for all new installations of Access Server 2.5 or higher.

Regards,
Alex