Question

We use a RUT 200 with firmware version RUT2M_R_00.07.04.1 

We set the cipher for our openVPN connetcion to AES-256-CBC. When the RUT200 tries to connect we get following message in the troubleshoot system log:

Wed Mar 29 16:41:54 2023 daemon.warn openvpn(Wedding)[23641]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

The openVPN connection fails.

When we change the openvpn setting via uci (uci set openvpn.Wedding.data_ciphers='AES-256-CBC') the connection succeeds. 

Could there be a problem with the configuration website of the RUT200. When the openVPN settings are saved, the data-ciphers option is not updated?

Thanks!

Answer 1

Hello,

Thank you for contacting us.

To investigate further, I would like you to attach a troubleshoot file to your question. Please, replicate the issue, then access router's WebUI, go to System -> Administration -> Troubleshoot section and download troubleshoot file from there. The logs in the file might provide more insight into the issue.

Attached files are private and visible only to Teltonika Moderators.

Best regards,

Comments

troubleshoot file is uploaded

---

The issue appears to be due to a different reason. The aforementioned warning simply informs that certain options will be ignored in the future OpenVPN versions.

Would it be possible to get server configuration file?

Does it have --cipher option included? 

There is also another warning:

WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

which would be due to server not using the above option.

Best regards,