Community discussions

MikroTik App
 
tymchyshyn90
just joined
Topic Author
Posts: 4
Joined: Thu May 13, 2021 8:14 am

OpenVPN client doesn't connect - unknown cipher alg

Thu May 13, 2021 9:56 am

Hello!
RB750Gr3 Long-term 6.47.9

I want configure openvpn client and connect to Asus-Merlin router
Asus router has working openvpn server, I can connect from different devices.

But I can't connect from my MikroTik.
I have imported clients certificates and ca certificate
Set correct connection parameters in new PPP interface
And receive next error when trying to connect:
ovpn-out1: terminating... - unkown cipher alg or key size

Cipher set to AES-256-CBC on Mikrotik and on Asus

Log on ASUS:
May 13 09:46:20 ovpn-server1[21171]: TCP connection established with [AF_INET6]::ffff:194.44.36.22:33658
May 13 09:46:20 ovpn-server1[21171]: 194.44.36.22:33658 TLS: Initial packet from [AF_INET6]::ffff:194.44.36.22:33658, sid=e7ac85c4 f65982a7
May 13 09:46:21 ovpn-server1[21171]: 194.44.36.22:33658 VERIFY OK: depth=1, C=UA, ST=LV, L=Lviv, O=TYMCHYSHYN-HOME, OU=TYMCHYSHYN, CN=TYMCHYSHYN-HOME CA, name=EasyRSA, emailAddress=tymchyshyn90@gmail.com
May 13 09:46:21 ovpn-server1[21171]: 194.44.36.22:33658 VERIFY OK: depth=0, C=UA, ST=LV, L=Lviv, O=TYMCHYSHYN-HOME, OU=TYMCHYSHYN, CN=tymchyshyn-rancho, name=EasyRSA, emailAddress=tymchyshyn90@gmail.com
May 13 09:46:21 ovpn-server1[21171]: 194.44.36.22:33658 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1575', remote='link-mtu 1391'
May 13 09:46:21 ovpn-server1[21171]: 194.44.36.22:33658 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1332'
May 13 09:46:21 ovpn-server1[21171]: 194.44.36.22:33658 WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
May 13 09:46:21 ovpn-server1[21171]: 194.44.36.22:33658 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 1024 bit RSA, signature: RSA-SHA1
May 13 09:46:21 ovpn-server1[21171]: 194.44.36.22:33658 [tymchyshyn-rancho] Peer Connection Initiated with [AF_INET6]::ffff:194.44.36.22:33658
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 MULTI: no dynamic or static remote--ifconfig address is available for tymchyshyn-rancho/194.44.36.22:33658
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 Data Channel: using negotiated cipher 'AES-256-CBC'
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 Connection reset, restarting [0]
May 13 09:46:21 ovpn-server1[21171]: tymchyshyn-rancho/194.44.36.22:33658 SIGUSR1[soft,connection-reset] received, client-instance restarting

I found next WARNING: 'keysize' is used inconsistently, local='keysize 128', remote='keysize 256'
I think porblem is with it. But I don't know why. Key that I imported to MikroTik has 1024 bit (128 byte). But Asus detect 256 keysize from MikroTik.

Any ideas how do this openvpn connection?
Last edited by tymchyshyn90 on Wed May 19, 2021 10:09 pm, edited 2 times in total.
 
tymchyshyn90
just joined
Topic Author
Posts: 4
Joined: Thu May 13, 2021 8:14 am

Re: OpenVPN client doesn't connect - unknown cipher alg

Sun May 16, 2021 9:51 pm

Does anyone have a solution to this problem?
 
tymchyshyn90
just joined
Topic Author
Posts: 4
Joined: Thu May 13, 2021 8:14 am

Re: OpenVPN client doesn't connect - unknown cipher alg  [SOLVED]

Wed May 19, 2021 10:06 pm

Problem was in new version OpenVPN on ASUS
Add this to server config and it works well
data-ciphers-fallback AES-256-CBC

Who is online

Users browsing this forum: adrianmartin16, almdandi, marekm and 70 guests