Hi community,
I have a L009UiGS-2HaxD on the RouterOs v7.14. I have set up on it an OpenVPN server and selected all available ciphers. On the another side I have OpenVPN client on Android device which seems not support CBC ciphers. Unfortunate I can't upgrade it to the newer Android version or OpenVPN. Android connects for a very short period of time to the L009 and then disconnects. During this short interval I noticed that Android receives IP configuration.
L009 logs says something like this:
terminating... - peer disconnected
Android logs:
AM client exception in transport_recv: crypto_alg: AES-256-CBC: bad cipher for data channel use

Tried following options to fix/debug the issue:
- My attempts to select only 1 cipher (tried all of them consecutively) doesn't fix the issue. All CBC types of ciphers will move L009 to propose AES-256-CBC as option.
- Android proposes GCM ciphers like AES-128GCM:AES-192-GCM:AES-256-GCM. If L009 has any of those enabled then logs are changing in following way MK says "unsupported cipher AES-256-CBC", Android says AM TCP recv EOF AM Transport Error on 'MY_PUBLIC_IP: NETWORK_EOF_ERROR
- I was able to connect from Windows 11 OpenVpn client to the MK with AES-256-CBC cipher.

Had the same problem on RouterOs v7.12. Does anyone know how can I link these two? Please note that I am quite limited to change things on Android side

I've got one more Android box and have the same errors and results. This time I have Android 12. The OpenVPN is 0.7.51 (the same as old box). I enabled debug on MK and I see this error "disconnected <unsupported cipher BF-CBC>". OpenVpn server on MK is configured to support only AES-256-GCM and the same is on android side.
On Android client I see following log line:

PM Tunnel Options:V4,dev-type tun, link-mtu 1154, tun-mtu 1500, proto UDPv4,comp-lzo,cipher BC-CBC,auth SHA256, keysize 128, key-method 2,tls-client

This line seems to be sent by MK. Any ideas how to switch the MK to the right cipher?