Page MenuHomeVyOS Platform
Create Task
Maniphest T5487

OPENVPN -DEPRECATED OPTION: --cipher
Confirmed, HighPublicBUG
Actions

Description

based on this post in our forum , openvpn seems to deprecate this option --cipher move to --data-ciphers

https://forum.vyos.io/t/some-openvpn-server-cipher-options-are-ignored/11878

in our config-file should add this new option :

https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst

data-ciphers AES-256-CBC

it was added 2.5 based on documentation

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202308060317
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Package upgrade

Event Timeline

fernando created this task.Aug 17 2023, 4:06 PM
pasik added a subscriber: pasik.Aug 17 2023, 4:15 PM
fernando added a comment.Aug 18 2023, 8:05 PM

I confirm this warning message , although, on Linux doesn't affect or at least with our server/client work as expected :

show log openvpn
 OpenVPN connection to vtun10...
Aug 18 19:20:38 openvpn-vtun10[1766]: DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
Aug 18 19:20:38 openvpn-vtun10[1766]: OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO] 

`

it is because 2.6 change default chiper to AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305

fernando changed the task status from Open to Confirmed.Aug 18 2023, 8:07 PM
fernando changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
fernando changed Issue type from Unspecified (please specify) to Package upgrade.
SrividyaA claimed this task.Sep 5 2023, 6:03 PM
fernando added a project: VyOS 1.3 Equuleus (1.3.5).Sep 20 2023, 2:55 PM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.6); removed VyOS 1.3 Equuleus (1.3.5).Dec 17 2023, 11:36 PM
dmbaturin triaged this task as High priority.Jan 11 2024, 11:58 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.7); removed VyOS 1.3 Equuleus (1.3.6).Feb 10 2024, 9:17 AM
dmbaturin edited projects, added Restricted Project, VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.0-epa3); removed VyOS 1.3 Equuleus (1.3.7), VyOS 1.4 Sagitta.Thu, Apr 4, 10:29 PM