I've been running the SE server for many years. I used the auto-generated .ovpn file on all platforms and it always worked.
But with recent changes to OpenVPN (cipher changes) first it required me to alter the data-ciphers, and now it just hangs indefinitely.
I am referring to the problem with AES-128-CBC used by default by OpenVPN implementation in SEVPN. There are a plenty of threads ofer the past 2 years all over the place but they don't ever seem to reach any meaningful conclusion.
I started experimenting and I think at this point entirely borked the setup so that I cannot connect anymore with OpenVPN client neither from any Windows machine nor from the phones.
What should be the cypher values in
- SoftEtherVPN configuration windows under(Encryption...) settings
- in the ovpn file
For the reference, here is the log. Same log I get now regardless of OpenVPN version (2.4-2.6) and cypher in the .ovpn file (AES-128-CBC or AES-256-GCM)
Code: Select all
Wed May 03 21:51:53 2023 OpenVPN 2.4.12 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 17 2022
Wed May 03 21:51:53 2023 Windows version 6.2 (Windows 8 or greater) 64bit
Wed May 03 21:51:53 2023 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10
Wed May 03 21:51:53 2023 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed May 03 21:51:53 2023 Need hold release from management interface, waiting...
Wed May 03 21:51:54 2023 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed May 03 21:51:54 2023 MANAGEMENT: CMD 'state on'
Wed May 03 21:51:54 2023 MANAGEMENT: CMD 'log all on'
Wed May 03 21:51:54 2023 MANAGEMENT: CMD 'echo all on'
Wed May 03 21:51:54 2023 MANAGEMENT: CMD 'bytecount 5'
Wed May 03 21:51:54 2023 MANAGEMENT: CMD 'hold off'
Wed May 03 21:51:54 2023 MANAGEMENT: CMD 'hold release'
Wed May 03 21:51:56 2023 MANAGEMENT: CMD 'username "Auth" [redacted]'
Wed May 03 21:51:56 2023 MANAGEMENT: CMD 'password [redacted]'
Wed May 03 21:51:56 2023 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed May 03 21:51:56 2023 MANAGEMENT: >STATE:1683143516,RESOLVE,,,,,,
Wed May 03 21:51:56 2023 TCP/UDP: Preserving recently used remote address: [AF_INET](redacted):1194
Wed May 03 21:51:56 2023 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed May 03 21:51:56 2023 UDP link local: (not bound)
Wed May 03 21:51:56 2023 UDP link remote: [AF_INET](redacted):1194
Wed May 03 21:51:56 2023 MANAGEMENT: >STATE:1683143516,WAIT,,,,,,
Wed May 03 21:52:56 2023 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Wed May 03 21:52:56 2023 TLS Error: TLS handshake failed
Wed May 03 21:52:56 2023 SIGUSR1[soft,tls-error] received, process restarting
Wed May 03 21:52:56 2023 MANAGEMENT: >STATE:1683143576,RECONNECTING,tls-error,,,,,
Wed May 03 21:52:56 2023 Restart pause, 5 second(s)
The cycle continues then