OpenVPN - cipher "BF-CBC"

Currently reading
OpenVPN - cipher "BF-CBC"

71
7
NAS
DS718+
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
So, after updating the openvpn client application (2.5.0) on my win 10 laptop, I get the following error message in the openvpn:

2021-01-01 18:17:22 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

I'll be honest: I don't understand what this means. The vpn connection still worked. I tried changing "cipher AES-256-CBC" in my current openvpn config file to "data-ciphers-fallback AES-256-CBC" (I believe that is what it says to do above), but that only created another error that made my connection actually fail. Openvpn has a writeup on this change on this page (under 2.5 notes).

So, since my connection is still working, I'm more just curious. Maybe Synology updated the vpn server already to help with the cipher. Maybe this will cause my connection to fail in future updates to openvpn client apps on W10. I don't know. Just prepping. Interested to see what others know about it here.
 
So, I fixed this by adding, the below in to my config file, as suggested here (though it looks like "ncp-ciphers" is now just "data-ciphers". I'll be honest and say I don't really understand why this works, but I no longer get the error and it is the suggested work around by openvpn.
--ncp-ciphers AES-256-GCM:AES-256-CBC:BF-CBC

Seems to me that maybe the openvpn edition that synology has in our DSM is dated.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Everything else that I have asked you. This could be a cap at work. Maybe network team is controlling...
Replies
4
Views
968
My apologies to all. Recently had to rebuild my PC and reset my phone. Just deleted everything from...
Replies
10
Views
1,042
I have WireGuard running on my router and can access my local LAN and Synology from outside and browse the...
Replies
0
Views
811
  • Question
An update for the next victim after finally getting RT6600ax OpenVPN client to establish a tunnel to a...
Replies
1
Views
836
Oh I see it now. Sorry again I'm new here.
Replies
3
Views
983
Have you made sure that the Synology firewall has a rule to allow the IP range of the VPN through? ie...
Replies
20
Views
4,922
If I use ssh or webdav I connect directly to the IP address that OpenVPN provides. As for Plex, I just...
Replies
2
Views
2,228

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top