FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14260 questions

16894 answers

27810 comments

54588 members

0 votes
268 views 2 comments
by

I am using RUT955 FW RUT9_R_00.07.01.2 as an OPENVPN Server. From a Windows-PC as client all works finde without any problems.When I am using this opvn-configuration on my Iphone with the OPENVPN-App I get "Authentication Failed (Data channel cipher negatiation failed (no shared cipher)". I tried many ways to get additional security using a cipher to work first with the Windows-PC but all tries failed:  I enabled "Additional HMAC" authentication and used a generated ta.key - now way.  Anybody can help? Here is my initial configuration for Windows which is working fine:

Server on RUT955:

config webui 'webui'
    option _auth 'tls'
config openvpn 'OPENVPN'
    option persist_key '1'
    option port '1194'
    option keepalive '10 120'
    option verb '5'
    option _role 'server'
    option proto 'udp'
    option _name 'OPENVPN'
    option persist_tun '1'
    option type 'server'
    option ca '/etc/vuci-uploads/cbid.openvpn.OPENVPN.caca.crt'
    option cert '/etc/vuci-uploads/cbid.openvpn.OPENVPN.certserver.crt'
    option key '/etc/vuci-uploads/cbid.openvpn.OPENVPN.keyserver.key'
    option dh '/etc/vuci-uploads/cbid.openvpn.OPENVPN.dhdh2048.pem'
    option tls_server '1'
    option enable '1'
    option _auth 'tls'
    option cipher 'AES-256-GCM'
    list data_ciphers 'AES-256-GCM'
    option _tls_cipher 'all'
    option dev 'tun_s_OPENVPN'
    option client_config_dir '/etc/openvpn/ccd'
    option server_ip '10.0.0.0'
    option server_netmask '255.255.255.0'
    list push 'route 192.168.2.0 255.255.255.0'
    option auth 'sha256'
    option _tls_auth 'none'
    option upload_files '0'

---------------------------------------------------------------------------------------------------------------

Client-OVPN:

client       
remote XXX.XXX.XXX.XXX 
proto udp          
rport 1194         
lport 1194         
#comp-lzo           
dev tun          
resolv-retry infinite
persist-key        
persist-tun        
ca ca.crt       
key client.key     
cert client.crt
auth-user-pass
auth-nocache 
remote-cert-tls server
cipher AES-256-GCM

Thanks for any help.

1 Answer

0 votes
by
Hi, first you need to clarify which ciphers are supported by the application on your iphone. And then add these encryption methods to your configuration. Most likely, the application does not know how to AES-256-GCM. And also, have the key files been added to the app on your phone?

Best regards.
by
in OPVPN Client-Side (iPhone) I used the same Client Configuration in OPENVPN-App as shown above:

"cipher AES-256-GCM". In the router Server configuration I used also option cipher 'AES-256-GCM.

on the router (RUT955) as server I uploaded all these files:

option ca '/etc/vuci-uploads/cbid.openvpn.OPENVPN.caca.crt'
option cert '/etc/vuci-uploads/cbid.openvpn.OPENVPN.certserver.crt'
option key '/etc/vuci-uploads/cbid.openvpn.OPENVPN.keyserver.key'
option dh '/etc/vuci-uploads/cbid.openvpn.OPENVPN.dhdh2048.pem'

Is there an additional key necessary?

Thank you for any answer! Ralf
by

Are you using the latest version of the app from the AppStore? In the client configuration, you have specified the use of the client certificate and key.

key client.key

cert client.crt

If it is not possible to download certificates like files on the iphone, then their contents can be specified in the configuration file.

Best regards.