Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

OpenVPN - cipher "BF-CBC"

71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
So, after updating the openvpn client application (2.5.0) on my win 10 laptop, I get the following error message in the openvpn:

2021-01-01 18:17:22 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

I'll be honest: I don't understand what this means. The vpn connection still worked. I tried changing "cipher AES-256-CBC" in my current openvpn config file to "data-ciphers-fallback AES-256-CBC" (I believe that is what it says to do above), but that only created another error that made my connection actually fail. Openvpn has a writeup on this change on this page (under 2.5 notes).

So, since my connection is still working, I'm more just curious. Maybe Synology updated the vpn server already to help with the cipher. Maybe this will cause my connection to fail in future updates to openvpn client apps on W10. I don't know. Just prepping. Interested to see what others know about it here.
 
So, I fixed this by adding, the below in to my config file, as suggested here (though it looks like "ncp-ciphers" is now just "data-ciphers". I'll be honest and say I don't really understand why this works, but I no longer get the error and it is the suggested work around by openvpn.
--ncp-ciphers AES-256-GCM:AES-256-CBC:BF-CBC

Seems to me that maybe the openvpn edition that synology has in our DSM is dated.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Similar threads

It seems that it is not compatible with DSM (at least for the moment). I have tested it on a 920S+ and it...
Replies
1
Views
829
No, but next time I go to my friends place I'll bring my config file and put it on her system and try it...
Replies
36
Views
1,161
  • Question Question
Everything else that I have asked you. This could be a cap at work. Maybe network team is controlling...
Replies
4
Views
2,251

Thread Tags

Tags Tags
None

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top