Comment 0 for bug 1994957

I downloaded a .ovpn file from our (fairly old) VPN device to set up a connection in 22.10.

The .ovpn file has the line:

cipher AES-256-CBC

Get this error in system logs:

Oct 12 11:38:19 DXXXX nm-openvpn[14241]: OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

Advised to change this to:

data-ciphers AES-256-CBC:AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305

Which I did and recreated the connection using the edited .ovpn.

Got the same error as above. I've tried using cipher, data-ciphers-fallback: no change, same error.

I tried changing the value with the Ubuntu VPN settings (Identity -> Advanced -> Security) and changing the Cipher to AES-256-CBC using the Cipher drop down menu then clicking 'Apply'. Again, the same error message in the logs.

Oct 12 11:38:19 DXXXX nm-openvpn[14241]: OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.

I tried picking another random cipher from the list (ARIA-192-CFB) to see if the error message changed: it didn't. It seems that changes to the cipher (either via a file or manual changes) do not update the vpn settings.