===== OpenVPN =====

==== Start OpenVPN at startup with systemd =====

  - Move the ''.ovpn'' file to ''/etc/openvpn/''. Choose the ''<name-of-connection>'' carefully, the name is required to select the connection via systemd. <code bash>mv <config-file>.ovpn /etc/openvpn/<name-of-connection>.conf</code>
  - Reload the daemon: <code bash>systemctl daemon-reload</code>
  - Start the connection: <code bash>systemctl start openvpn@<name-of-connection></code>
  - Verify that everything worked correctly: <code bash>systemctl status openvpn@<name-of-connection></code> If it says ''running'' and no errors are displayed, everything was successful. If it says ''cipher not allowed'' check the following paragraph.
  - Enable it with: <code bash>systemctl enable openvpn@<name-of-connection></code>
  - To later disable the automatic start of the connection use: <code bash>systemctl disable openvpn@<name-of-connection></code>


//Sourced from [[https://www.smarthomebeginner.com/configure-openvpn-to-autostart-linux/|smarthomebeginner.com - OpenVPN autostart]]//
==== Cipher Error ====

<callout type="info" icon="true">This issue only exists when the CLI-client is ''OpenVPN v2.6+'' while the corresponding server isn't yet on this state.</callout>

  - If there are the following lines in the console output of the connection: <code bash>Error: negotiated cipher not allowed - AES-256-CBC not in AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
OPTIONS ERROR: failed to import crypto options
Failed to open tun/tap interface</code>
  - Edit your config file. (Maybe under ''/etc/openvpn/'') It's required to change the line that contains ''cipher''. Edit ''cipher'' to ''data-ciphers''. It should then look like this:<code bash>data-ciphers AES-256-CBC</code>
  - Finally restart your connection.

//Partially sourced from [[https://forums.openvpn.net/viewtopic.php?t=33536|forums.openvpn.net - Cipher not allowed]]//