This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision |
| linux:linux-tutorials:ovpn [2024/04/11 21:31] – removed - external edit (Unknown date) 127.0.0.1 | linux:linux-tutorials:ovpn [2024/04/17 18:38] (current) – [Cipher Error] Zyzonix |
|---|
| | ===== OpenVPN ===== |
| |
| | ==== Start OpenVPN at startup with systemd ===== |
| | |
| | - Move the ''.ovpn'' file to ''/etc/openvpn/''. Choose the ''<name-of-connection>'' carefully, the name is required to select the connection via systemd. <code bash>mv <config-file>.ovpn /etc/openvpn/<name-of-connection>.conf</code> |
| | - Reload the daemon: <code bash>systemctl daemon-reload</code> |
| | - Start the connection: <code bash>systemctl start openvpn@<name-of-connection></code> |
| | - Verify that everything worked correctly: <code bash>systemctl status openvpn@<name-of-connection></code> If it says ''running'' and no errors are displayed, everything was successful. If it says ''cipher not allowed'' check the following paragraph. |
| | - Enable it with: <code bash>systemctl enable openvpn@<name-of-connection></code> |
| | - To later disable the automatic start of the connection use: <code bash>systemctl disable openvpn@<name-of-connection></code> |
| | |
| | |
| | //Sourced from [[https://www.smarthomebeginner.com/configure-openvpn-to-autostart-linux/|smarthomebeginner.com - OpenVPN autostart]]// |
| | ==== Cipher Error ==== |
| | |
| | <callout type="info" icon="true">This issue only exists when the CLI-client is ''OpenVPN v2.6+'' while the corresponding server isn't yet on this state.</callout> |
| | |
| | - If there are the following lines in the console output of the connection: <code bash>Error: negotiated cipher not allowed - AES-256-CBC not in AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305 |
| | OPTIONS ERROR: failed to import crypto options |
| | Failed to open tun/tap interface</code> |
| | - Edit your config file. (Maybe under ''/etc/openvpn/'') It's required to change the line that contains ''cipher''. Edit ''cipher'' to ''data-ciphers''. It should then look like this:<code bash>data-ciphers AES-256-CBC</code> |
| | - Finally restart your connection. |
| | |
| | //Partially sourced from [[https://forums.openvpn.net/viewtopic.php?t=33536|forums.openvpn.net - Cipher not allowed]]// |