Fixing OpenVPN "Authenticate/Decrypt packet error: cipher final failed"

When connecting to a VPN I was constant getting the error

Mar  8 09:29:27 openvpn[1696]: Authenticate/Decrypt packet error: cipher final failed

I had imported the supplied ovpn file and had followed all the other configuration steps, so this was quite frustrating. Then I saw this in the logs:

Mar  8 09:31:07 openvpn[1790]: WARNING: 'cipher' is used inconsistently, local='cipher BF-CBC', remote='cipher AES-256-CBC'

Changing my client to use "cipher AES-256-CBC" instead of the default (which apparently was cipher BF-CBC) fixed the issue.

Comments

Alex said…
It was really helpfull, and decreased the times I have such error. But sometimes I still have "AEAD Decrypt error: cipher final failed" error on server and "Authenticate/Decrypt packet error: packet HMAC authentication failed" on client. I cannot find the root issue and don't see any dependency. The openVPN server restart helps me to fix it temporarily.
Anonymous said…
Thank you. This was posted 4 years ago, and still seems to be relevant.
I've been using an OpenVPN server on a Synology NAS for over 2 years now and suddenly, a day ago, it started failing with the same error. My client is an OSX TunnelBrick client. Adding the cipher explicitly to my client configuration seems to have solved it.
Anonymous said…
Thank you for the solution. Finally OpenVPN works on my old router (WRT54GL v1.1 using Tomato: 1.28.7636 Toastman-IPT-ND ND VPN).

Popular posts from this blog

MinHash for dummies

Authenticating via Kerberos with Keycloak and Windows 2008 Active Directory